25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Compliance: A Year on from the Omnibus Rule

It has been a little over a year since the Omnibus Rule brought HIPAA legislation in line with HITECH, and it has now been six months since adoption of all aspects of the rule became mandatory, and HIPAA compliance has been enforceable. The Omnibus Rule may not have introduced any major legislation changes, although it did contain a huge number of amendments to HIPAA to fine tune the bill and tighten up the language, as well as bring Business Associates into the fold and increase the financial penalties for non-compliance. The Department of Health and Human Services’ Office for Civil Rights will need to assess for compliance with the Omnibus Rule and is expected to do so in the next round of audits scheduled to commence in the fall of this year. While covered organizations have a few months before the auditors come knocking. However when they do, they will be looking for evidence of measures that have been implemented to comply with HIPAA Privacy and Security Regulations; now is therefore no time for rest. It’s time to get prepared. There are also many government agencies looking...

Read More

Unencrypted Data on Laptop Results in Huge HIPAA Settlement

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has just received a joint settlement of $1,975,220 for the potential HIPAA violations caused by the theft of a laptop containing unencrypted ePHI data. The large settlement resulted from a failure to adhere to the HIPAA Privacy and Security Rules and take adequate precautions to secure patient data on mobile devices. The OCR emphasized the importance of securing data held on mobile devices and pointed out that it is the responsibility of healthcare organizations and their business associates to protect any data kept on patients. OCR Deputy Director of Health Information Privacy, Susan McAndrew, believes organizations can do more to increase cybersecurity: “Our message to these organizations is simple: encryption is your best defense against these incidents.” Following the report of the theft of a laptop from the Springfield Missouri Physical Therapy Center, Concentra Health Services (Concentra) was subjected to an investigation by the OCR. Documentation was uncovered which clearly showed that mobile...

Read More
Security Metrics Wins State Award for HIPAA Compliance Services
Apr17

Security Metrics Wins State Award for HIPAA Compliance Services

SecurityMetrics’s Guided HIPAA Compliance has earned the company a Best of State Award for HIPAA Compliance Services and makes it a tally of two recognition awards collected by the firm this year for its program. The “Best of State” Award is Utah’s most respected recognition and awards program. The awards aim to recognize the efforts made by companies in the state that have shown excellence in their field. Each nomination is assessed by a panel of expert judges who decide on the winners based on the usefulness of the product or service, how it benefits state residents and the level of innovation in its development. SecurityMetric was nominated in the Business Category for its Guided HIPAA Compliance program; a simplified risk-based approach that can help healthcare organizations improve security and comply with HIPAA regulations. The program is aimed at smaller organizations, which typically find it harder to achieve compliance. The program of pilot compliance audits conducted by the Office for Civil Rights in 2011/2012 showed that smaller healthcare providers struggled...

Read More

First Anniversary of the HIPAA Omnibus Rule

Just over 12 months ago the HIPAA Omnibus Rule was introduced to plug a number of gaps in the legislation and bring Business Associates more comprehensively under HIPAA Rules. The new Rule also brought financial penalties in line with the HITECH Act. The amendment to HIPAA has been effective for a year now and it has been enforceable for 6 months. Not long is left before the Department of Health and Human Services’ Office for Civil Rights (OCR) starts conducting compliance audits again. It is currently preparing the second round of HIPAA compliance audits, in addition to investigating organizations reporting breaches of Protected Health Information (PHI) The anniversary of the introduction of the rule will probably not feel like something worth celebrating for many organizations, especially those that have struggled under the new requirements. For those that have made the necessary updates to policies and procedures already, standards must not be allowed to slip. Now is a good time to take stock and assess compliance before the audits commence. HIPAA Compliance Audits are Coming...

Read More

OCR Sheds Light on Phase 2 HIPAA Audits

The Office for Civil Rights (OCR) has announced that it is to recommence its HIPAA compliance audit program this fall. Phase 2 will consist of 350 compliance audits which will be conducted on healthcare providers, healthcare clearing houses and health plans, along with 50 further audits which, in accordance with the HIPAA Omnibus Rule, will be conducted on business associates. The OCR conducted a round of pilot audits in 2011/2012 which looked closely at a wide range of areas of compliance in order to allow it to ascertain the level of compliance across different sectors of the healthcare industry. The pilot round involved 115 covered entities, which were subjected to a full compliance audit including a site inspection. The audits uncovered numerous areas in which healthcare organizations were violating HIPAA regulations. The majority of organizations that were audited were to have found to have violated HIPAA with only 11% of covered entities found to be fully compliant. 80% of healthcare providers found to have violated HIPAA did so by failing to conduct a full risk analysis,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist