25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Sutherland Healthcare Solutions Suffers HIPAA Data Breach
Mar06

Sutherland Healthcare Solutions Suffers HIPAA Data Breach

Los Angeles County Department of Health Services has announced that the break-in and theft of computer equipment at the Torrance office of Sutherland Healthcare Solutions has resulted in as many as 168,500 patient records being exposed. The theft has been reported to the authorities and a criminal investigation has commenced, although the missing equipment has not been recovered to date. The patient information stored on the eight stolen computers is understood to include Social Security numbers and medical and billing information, in addition to patient names and contact information. Some protected medical records are also believed to have been stored on the computers which include past diagnoses. Sutherland Healthcare Solutions handles billing and collections for the Los Angeles County Department of Health Services and suffered the break-in on February 5, 2014; however it took two weeks to determine exactly how many patients were affected by the breach. Notification letters were sent out on 27th February to all individuals potentially at risk. Data privacy and security is treated...

Read More

Study Shows Healthcare IT Security is in a Shocking State

Two recent studies confirm that the healthcare industry has not invested sufficiently in IT and the general state of healthcare cybersecurity is dire. There has been a marked rise in reported data breaches in recent years and while the increase has been, in part, attributed to increased reporting of security breaches – as required by HIPAA and HITECH – there are two areas of healthcare IT security that must be immediately addressed; certainly if HIPAA violations and penalties are to be avoided. The first is training. Data breaches have many causes, although a substantial percentage result from carelessness. Doctors and nurses unaware of the rules covering the disclosure of PHI are also inadvertently causing HIPAA breaches. Hospital administrators are improperly disposing of paper records and failing to securely delete electronic health records. Physicians are still leaving laptops containing unencrypted PHI in plain sight in unattended vehicles. Tackling these issues will prevent the majority of data breaches reported to the OCR each year. The Future of Healthcare Data Security...

Read More
HIPAA Breach Report: December 2013
Mar03

HIPAA Breach Report: December 2013

December 2013 HIPAA Breach Summary: The Breach Notification Rule of HIPAA places a requirement on covered entities and their Business Associates via their covered entity, to notify the Office for Civil Rights of the Department of Health and Human Services of data breaches affecting more than 500 individuals. The time limit for doing so is 60 days from discovery of the breach. This report contains a summary of the breaches which have been reported to the OCR during the month of December, 2013 Major HIPAA Breaches in December 2013 The total number of breach victims fell for the second month running, although major breaches were reported at the Methodist Dallas Medical Center (TX) where 44,000 patient records were potentially viewed or accessed as a result of the data being transmitted or stored on an insecure Internet-based email service. The L.A. Gay & Lesbian Center (CA) issued a notice to patients advising them that 59,000 had potentially been compromised in a hacking incident that potentially exposed credit card numbers, Social Security numbers and personal identifiers. The...

Read More

OCR to Commence Round 2 HIPAA Compliance Audits

The Office for Civil Rights of the Department of Health and Human Services is a step closer to commencing the second round of HIPAA compliance audits issuing a notice in the Federal Register announcing its intention to start a series 1,200 pre-audit surveys. The OCR is authorized to conduct compliance audits under Section 13411 of the HITECH Act and intends to assess compliance with HIPAA Privacy, Security, and Breach Notification Rules. The notice states that the OCR intends to survey 800 healthcare providers, clearing houses and health plans in addition to 400 of their business associates as part of the next round of compliance audits. Since the introduction of the Omnibus Rule, Business Associates can be held liable for HIPAA non-compliance issues and data breaches and the OCR wants to ensure that the new legislation is being followed. OCR Deputy Director, Susan McAndrew, announced at the 2014 HIMSS Annual Conference on February 24 that the aim of the survey is to assess suitability for audit. Since the sample was taken at random, the OCR must first weed out organizations in its...

Read More

Pre-Audit HIPAA Compliance Survey Finalized by OCR

The Office for Civil Rights has set the wheels in motion for its upcoming HIPAA compliance auditing program by filing an information collection request in the Federal Register, which post-Omnibus Rule now includes Business Associates as well as entities previously covered by HIPAA. No schedule for the audits has been announced, nor was an announcement expected. The collection request is just the first step in the process and the audits are not expected to take place until the fall of this year. The request is to allow it to conduct a pre-screening survey which will permit it to contact up to 1,200 covered entities and Business Associates, in part to gain an understanding of each organization’s readiness for audit and also to “assess the size, complexity, and fitness of a respondent for an audit.” The information the OCR plans to collect relates to recent activities in relation to HIPAA regulations laid down by the Omnibus Rule and Privacy Rule in particular. It will require information to be provided on the use of electronic patient health records which are to be the major...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist