25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

March 1st Deadline for 2013 HIPAA Breach Reports

The U.S Department of Health and Human Services requires all HIPAA covered entities to submit annual reports of HIPAA breaches, and the deadline for submitting 2013 breaches is fast approaching. While there is a requirement under the Breach Notification Rule for healthcare institutions and their business associates to notify the HHS of any breaches involving more than 500 individuals without delay, smaller breaches affecting fewer than 500 individuals only need to be included in an annual report. HIPAA-covered entities now only have a few weeks to submit the reports, which must be received by the HSS no later than March 1st, 2014. A PHI breach involving less than 500 individuals must be reported to the HHS within 60 days of the end of the calendar year during which the breach was discovered. Therefore any data breaches identified during 2013 must now be included in the report to the HHS. In many security breaches it is not immediately clear how many individuals have been affected. If an investigation is still ongoing, the entity in question should provide an estimate of the number...

Read More

Healthcare Organizations Concerned about HIPAA Security and Compliance

A recent survey conducted by eFax aimed to discover some of the main issues faced by HIPAA-covered entities when it comes to the transmission of Protected Health Information (PHI). The survey was conducted to allow the company to explore healthcare communications and to identify some of the key issues which need to be addressed to help IT administrators become, and stay, compliant with HIPAA. The survey was sent to the company’s corporate healthcare customers, which included large healthcare providers and hospitals, physician, group practices and medical suppliers. HIPAA Compliance is the Major Concern 54.1% of respondents said that HIPAA compliance was their biggest area of concern for dealing with the increase in paperwork that comes with healthcare exchanges and the Affordable Care Act. It is now 6 months on from the issuing of the Omnibus Rule and compliance is still clearly a major problem, as are the huge financial penalties that can be issued for HIPAA violations. 37.1% of respondents said that their biggest security concern about PHI and sensitive data was financial...

Read More
AV-Comparatives Rates FortiGuard Top Security Product with Full Marks for Anti-Phishing and Malware Removal
Jan27

AV-Comparatives Rates FortiGuard Top Security Product with Full Marks for Anti-Phishing and Malware Removal

AV-Comparatives has given Fortinet’s FortiGuard full marks in its recent December Summary Report 2013. The Fortinet Advanced Threat Protection (APT) technology was given top marks (3 stars) for anti-phishing, proactive catch rate, file detection, malware removal, and its real-world test. For the report, AV-Comparatives assessed FortiGuard along with 21 other antivirus products for their ability to block malicious software without preventing legitimate content from being accessed. The assessments took place over the course of the year. AV-Comparatives publishes the findings of its research in its annual report and highlights the products that have performed the best and achieved the highest scores across all of the test areas. The reports help businesses choose the most effective anti-virus products. All of the 21 products under test achieved reasonable and acceptable scores in all test areas, although some products provided outstanding protection. Those products were recognized and give awards. AV-Comparatives CEO and Founder Andreas Clementi explained that not all of the products...

Read More
Windows XP No Longer HIPAA Compliant
Jan15

Windows XP No Longer HIPAA Compliant

If your organization has not yet upgraded your IT operating systems and is still using Windows XP on some or all workstations, it has only until April 8, 2014 to migrate to a new OS as Windows XP will no longer be HIPAA or meaningful use compliant in six weeks. Any organization found to be using the outdated software will be in violation of The Security Rule of the Health Insurance Portability and Accountability Act of 1996. Windows XP is now old and out of date with the software first introduced in 2001. Microsoft has now made the decision to stop issuing patches and security updates for XP, rendering it obsolete. Since software updates are a requirement under the Security Rule, companies will be forced to upgrade computer software. The cost of upgrading computer systems can be considerable, but the financial penalties organizations now face for HIPAA non-compliance are likely to be substantially higher. Since the deadline for upgrading software is just 12 weeks away, it does not give institutions very long to effect the appropriate changes. Healthcare organizations, government...

Read More
HITRUST Common Security Framework to Include New Privacy Controls
Jan09

HITRUST Common Security Framework to Include New Privacy Controls

This week, the Health Information Trust Alliance (HITRUST) announced that version seven of the HITRUST Common Security Framework (CSF) – due to be released later this month – will incorporate a number of new privacy controls. HITRUST was formed in 2007 with the aim of assisting the healthcare industry with the move over to electronic health information systems. The alliance has worked with the public and private sector to develop tools to assist healthcare organizations in protecting electronic health information systems and safeguarding the Protected Health Information (PHI) they contain. Numerous programs have been supported over the course of the past 15 years, with the development of its Compliance Management Framework (CSF) the most widely known. It has been adopted by over 84% of health plans and hospitals and is currently the most widely used security framework in the United States healthcare industry. The HITRUST Privacy Working Group has been working on a number of new privacy controls for the last 18 months to help HIPAA-covered entities better organize their privacy and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist