25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Virginia HIPAA Breach Exposed Patient Data for 4 Years

A new HIPAA security breach has been uncovered in Virginia involving 919 patients from the Riverside Health System which operates five hospitals in Southeast Virginia. The data breach did not involve tens of thousands of patients although the security breach is one of the longest recorded to date, with ePHI data being accessible since September 2009 until the security breach was discovered on November 1 last year. The data was not accessed by outside entities as with other recent breaches, instead a single practice nurse employed at one of the hospitals accessed the records of nearly 1000 patients. The breach was uncovered in a random audit of the hospital’s IT systems. The nurse in question allegedly accessed the records of 919 patients, which included Social Security numbers and medical histories, although the reason for accessing the data was not provided. The nurse has since had her employment contract terminated and there is no ongoing security risk. Riverside Health System is currently taking all reasonable steps to contact patients and mitigate any damage or loss caused. An...

Read More
Office of Civil Rights Responds to OIG HIPAA Enforcement Criticisms
Dec31

Office of Civil Rights Responds to OIG HIPAA Enforcement Criticisms

The Office of the Inspector General of the Department of Health and Human Services has recently issued a report stating that the Office for Civil Rights failed to meet all the federal requirements that it was set and specifically criticized it for not having overseen and enforced the HIPAA Security Rule to the required degree. According to the OIG, there were two key requirements under the Security Rule that the OCR had not met: OCR had not assessed the risks, established priorities, or implemented controls for its HITECH requirement to provide for periodic audits of covered entities to ensure their compliance with Security Rule requirements. OCR’s Security Rule investigation files did not contain required documentation supporting key decisions because its staff did not consistently follow OCR investigation procedures by sufficiently reviewing investigation case documentation. The OIG recommended immediate action is taken to address these failures including conducting periodic audits of covered entities to ensure that the amendments to HIPAA due to the HITECH Act are assessed. It...

Read More

Barry University Foot and Ankle Institute Suffers Potential HIPAA Breach

A laptop malware infection is believed to have exposed the data of an unspecified number of patients of the Barry University Foot and Ankle Institute in Florida according to an announcement made on Monday night by the healthcare provider. In the statement the university did not disclose the number of patients that were believed to have been affected, although the data only related to individuals who had received treatment at the Miami Shores School. All affected patients have been notified that a malware infection on a laptop belonging to the Miami Shores School contained a complex malware infection that potentially allowed access to be gained to the medical and personal information of a number of its patients. The malware was discovered on the laptop computer on May 14, 2013 and an expert IT forensics team was brought in to assess the exact nature of the infection and the extent of data that potentially could have been accessed. The malware has now been removed and the infected files have been restored and the hospital believes no further threat of exposure exists. The data...

Read More

How to Reduce Human Error and Prevent HIPAA Breaches

This year has seen a number of large data breaches which have exposed the Protected Health Information of millions of Americans, placing them at an increased risk of becoming victims of identity theft and medical fraud. While some deliberate attacks have infiltrated computer networks, in many cases it is human error that exposes patient data to unauthorized third parties. Misplaced or unguarded portable devices have resulted in massive data breaches and many simple errors and oversights have resulted in patient details being exposed. Healthcare organizations are now required to store an increasing volume of data in electronic format. While data security used to mean locked filing cabinets and a small security presence, the increased risks faced by today’s healthcare providers requires an increasingly technical array of security measures to be employed to keep patient data secure. Even when legislation is followed to the letter and all of the appropriate technical, physical and administrative safeguards are put in place, a simple mistake by a member of staff can easily cause a data...

Read More

Massachusetts Dermatology Clinic Settles for $150K over HIPAA Breach

The Office for Civil Rights has issued a statement confirming that an agreement has been reached with Adult & Pediatric Dermatology, P.C., of Concord, Massachusetts following the accidental disclosure of approximately 2,200 patients after a memory stick was stolen from the car of one of the center’s employees. The stolen thumb drive contained patient data and was not encrypted, meaning anyone in possession of the storage device has full access to the data it contained. The missing thumb drive has so far not been located. Although the HIPAA breach involved a relatively small number of patients, the OCR has fined the dermatology clinic $150,000 for violating HIPAA regulations and failing to ensure the PHI of its patients was properly secured. The OCR has also ordered the clinic to conduct a full risk analysis to identify any remaining privacy and security issues and to develop a risk management plan to deal with any future security breaches. The investigation conducted by the OCR highlighted a number of HIPAA privacy and security problems which should have been identified and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist