25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Are You Ready for a Surprise HIPAA Compliance Audit?

Surprise! You have been selected from a list of hundreds of thousands and are the proud winner of a full HIPAA compliance audit. Are you prepared for a full document check and can you provide evidence of HIPAA in action at your organization? The thought of a surprise compliance audit sends shivers down the spines’ of many a Security Officer, although ONC Chief Privacy Officer, Joy Pritts, recently provided some tips to help ease the stress of a surprise HIPAA audit and some actions to take to get compliant. HIPAA Omnibus Rule compliance is expected to form the basis of random HIPAA audits in the near future, and many organizations are unprepared to deal with a government agency scrutinizing the minutiae of each and every document, process and procedure. Speaking at HIMSS 2014 last month, Pritts offered help with a number of pointers to assist covered organizations focus on the most important areas of HIPAA compliance: Those which are most likely to result in an OCR fine. Risk Assessments The Risk assessment is the most important element of the Security Rule, and if a comprehensive...

Read More

$4.1M Settlement for 2010 Stanford University Hospital HIPAA Breach

According to a recent report in the San Jose Mercury News, Stanford Hospital & Clinics and one of its former contractors – Multi-Specialty Collection Services LLC – have agreed to pay a settlement of $4.125 million for a large scale data breach that occurred in 2010. The breach exposed the PHI of 20,000 of its emergency room patients who had used the emergency room between March and August, 2009. The data was viewable to unauthorized individuals after being made available via a third-party student homework website with the data potentially accessible for almost 12 months. While no credit card details or Social Security numbers were included in the data, personal identifiers were present and the information included diagnoses, treatments prescribed, billing charges, hospital account numbers and admission/discharge dates. One man from Santa Clara also had his psychiatric diagnosis included in the data that was available through the website. There was no indication that the information was viewed, accessed or used for illegal purposes, although the possibility existed...

Read More
Service Coordination Inc Reports 9.7K HIPAA Data Hack
Mar17

Service Coordination Inc Reports 9.7K HIPAA Data Hack

A not-for-profit provider of healthcare services to the developmentally disabled has recently reported that it has been targeted by a hacker who was able to infiltrate its computer systems and steal the healthcare data of approximately 9,700 patients. Frederick-based Service Coordination Inc., a provider of case management services to people with disabilities and other groups in Maryland, discovered the breach in late October of 2013, yet in an violation of the HIPAA Breach Notification Rule, it delayed the issuing of breach notification letters to affected individuals for a period of almost 5 months at the apparent request of the U.S. Justice Department. The Justice Department required time to allow time for an investigation into the hack to be conducted. Under HIPAA, covered entities are required to notify the victims of a data breach within 60 days of the discovery that their data has been compromised. The delay in announcing the breach may have proved important in this instance, as the company claims to have identified the individual responsible and law enforcement officers...

Read More
HIPAA Breaches Cost Healthcare Industry $5.6 Billion a Year
Mar13

HIPAA Breaches Cost Healthcare Industry $5.6 Billion a Year

A recent report from the Ponemon Institute has highlighted the seriousness of the threat from cyberattacks and should serve as a warning to healthcare providers that they must improve data security. The cost to the industry is considerable. Data breaches are estimated to cost the healthcare industry $5.6 billion a year, and that money could be put to much better use in improving healthcare facilities and conducting research. While the report indicates there has been a small reduction in the number of data breaches reported last year, the volume of patient records compromised is considerable and the number of cyber attacks on healthcare providers – and other covered entities – has grown at a tremendous rate with the number of hacking-related incidents have increased 100% since 2010. While targeted hacks on Insurers and healthcare providers is clearly on the increase, many data breaches are caused by ignorance of data security rules and simple carelessness by physicians and hospital staff. It may not be possible to prevent data breaches from occurring in all cases – hackers are using...

Read More

$2 Million Budget Increase for OCR to Police HIPAA

The Fiscal Year 2015 Budget in Brief has been prepared by the Obama administration and there is some bad news for the Department of Health and Human Services’ Office for Civil Rights. The Privacy and Security Budget for 2015 has been increased to $41 million for the coming year, but this only represents an increase of $2 million year on year. The Office for Civil Rights has many roles: It is required to ensure equal, nondiscriminatory access to HHS services and to make sure they are received; it must ensure health information is properly protected; that patient privacy is protected; and it must also police HIPAA Rules and conduct compliance audits. Its budget is stretched and has to go a long way, and this year the OCR has a number of costly tasks ahead of it, in particular the upcoming second round of compliance audits. It is going to need every cent of that money. The increase will be welcomed, even though it may not be enough. The money is intended to “support OCR’s centralized case management operations and online complaint system. Further, the budget supports continued HIPAA...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist