25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

L. A. County to Increase Data Encryption as 3.5K More HIPAA Breach Victims are Identified
May28

L. A. County to Increase Data Encryption as 3.5K More HIPAA Breach Victims are Identified

L.A County has recently announced that the Sutherland Healthcare HIPAA breach has also affected patients who had previously received Medi-Cal services. This is the second time the number of potential victims has been increased since the February 5th data breach at Sutherland Healthcare’s Torrance facilities was first reported. In March this year, Los Angeles County announced that the theft of 8 computers resulted in the exposure of medical records and personal information of 168,500 patients. Less than a month later the number of potential victims doubled, then the forensic investigation determined that the medical records of a further 170,200 patients were stored on the computers. The latest announcement adds a further 3,497 patient records bringing the total number of potential victims to 342,197; making it one of the largest HIPAA data breaches to occur this year. The data breach was reported to the Office for Civil Rights of the Department of Health and Human Services which will be conducting an investigation into the data breach to determine whether it could have been...

Read More

Beware of HIPAA Complaint Cloud Services

Gartner, Inc., a Connecticut-based information technology research and advisory firm, has predicted that cloud spending will increase to $150 billion by the end of the year, and that with the increasing costs faced by the healthcare industry, 30% of healthcare organizations will look to the cloud as a way of reducing operating costs and improving efficiency. Under HIPAA regulations, healthcare providers and their Business Associates are permitted to use cloud services, even for activities that require contact with Protected Health Information. Data can be backed up in the cloud, housed in the cloud, and cloud-based software and applications can be developed. Provided of course, that Privacy and Security Rules are adhered to. Care should be taken when choosing “HIPAA Compliant” cloud services, as while products can be compliant with federal regulations, there is no guarantee that this will be the case with any product or service. Regulations do not just cover the service or platform offered, but include administrative requirements, rules on how data is uploaded, downloaded and...

Read More
HIPAA Breach Report: February 2014
May08

HIPAA Breach Report: February 2014

February 2014 HIPAA Breach Summary: HIPAA Regulations require all covered entities to submit a report of any breach affecting more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights. Covered entities only have 60 days in order to make the report, or they face a breach notification penalty. This report contains a summary of the breaches which have been reported to the OCR during the month of February, 2014. Major HIPAA Breaches in February 2014 Had it not have been for a huge HIPAA breach at St. Joseph Health System (TX), in which 405,000 patient records were exposed after a network server was hacked, February would have been a relatively good month for the healthcare industry. There were 23 HIPAA breaches reported during the course of the month, but St. Joseph’s aside, only 92,492 records were exposed. StayWell Health Management, LLC made 4 separate breach reports involving a total of 16,841 individuals, all of which involved the unauthorized disclosure of records as a result of a network server incident. 16,446 electronic medical records...

Read More

HIPAA Violation and Data Breach Results in 4.8M Fine

This month has seen the Office for Civil Rights (OCR) of the HHS issue the largest ever financial penalty for violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The data breach was caused when a computer server firewall was deactivated by a physician at Columbia University leaving electronic PHI exposed and accessible via search engines. The data breach was identified when an individual discovered ePHI of a deceased partner when searching on the internet. The data was held on a server operating within a shared network used by both New York and Presbyterian Hospital (NYP) and Columbia University (CU), under the protection of a shared network firewall. When a personally owned computer server was deactivated by a physician – who had developed applications for the healthcare organization – the data became accessible via the search engines. An investigation was conducted on NYP and CU by the OCR after a data breach notice was issued jointly by the two healthcare institutions. The incident exposed the ePHI of 6,800...

Read More
Boston Business Associate Fired Over 15K HIPAA Breach
May01

Boston Business Associate Fired Over 15K HIPAA Breach

A Business Associate of Boston Medical Center, MDF Transcription Services, has been fired after a HIPAA breach that exposed the confidential data of approximately 15,000 individuals when their information was posted on an insecure transcription website. The HIPAA breach was not discovered by the hospital, but by another healthcare provider who noticed that information had been incorrectly posted on the website. Boston Medical Center was alerted to the error on March 4, 2014 according to a statement provided to Security Media Group. Once the error was discovered the medical center acted quickly and contacted its Business Associate to secure the data. According to the statement, BMC “Immediately informed MDF and its subcontractors of this error and the website was removed from the Internet on the same day. We take our responsibility to maintain our patients’ privacy very seriously and have notified all individuals who were affected by this vendor error.” It is not clear at this stage how long the data was posted on the website before it was removed, so it is not clear the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist