25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Massachusetts Dermatology Clinic Settles for $150K over HIPAA Breach

The Office for Civil Rights has issued a statement confirming that an agreement has been reached with Adult & Pediatric Dermatology, P.C., of Concord, Massachusetts following the accidental disclosure of approximately 2,200 patients after a memory stick was stolen from the car of one of the center’s employees. The stolen thumb drive contained patient data and was not encrypted, meaning anyone in possession of the storage device has full access to the data it contained. The missing thumb drive has so far not been located. Although the HIPAA breach involved a relatively small number of patients, the OCR has fined the dermatology clinic $150,000 for violating HIPAA regulations and failing to ensure the PHI of its patients was properly secured. The OCR has also ordered the clinic to conduct a full risk analysis to identify any remaining privacy and security issues and to develop a risk management plan to deal with any future security breaches. The investigation conducted by the OCR highlighted a number of HIPAA privacy and security problems which should have been identified and...

Read More

Cottage Health System BA Responsible for 32,500-Patient HIPAA Breach

A HIPAA breach which resulted in the Protected Health Information of 32,500 patients of the Cottage Health System being exposed has been attributed to an error made by one of the healthcare provider’s Business Associates (BA). A third party vendor, Insync, is alleged to have inadvertently removed some electronic security protections which resulted in the health data and personal information of Cottage Health patients being accessible via the search engines. The file containing PHI was accessible via Goggle for a period of 14 months. The server was made secure on Dec 2, 2013 as soon as the security breach was discovered, and a request was sent to Google to de-index the file. An investigation revealed the security protection was removed by Insync on Oct 8, 2012. The HIPAA breach was identified by Cottage Health after it received a voicemail message “informing it that a file containing personal health information of certain patients may be available on Google,” according to a letter sent by the healthcare provider’s attorney to California Attorney General, Kamala D. Harris. The...

Read More
Practical Guidance Issued to Ensure Healthcare Mobile Devices are HIPAA
Dec16

Practical Guidance Issued to Ensure Healthcare Mobile Devices are HIPAA

The use of mobile devices has become commonplace in healthcare, with doctors now using mobile phones to communicate with members of care teams and send updates on the status of their patients. iPads and other tablets are also often used by doctors in hospitals when conducting their rounds and physicians and other healthcare professionals use laptop computers and Smartphones when visiting patients to provide homecare services. The rapid growth of portable devices in healthcare has undoubtedly improved the care that patients receive, yet the extensive use of mobile devices increases the risk of ePHI being accessed by unauthorized personal or being stolen by cybercriminals. Mobile devices are now a major problem area and many healthcare organizations are struggling to implement procedures and policies to ensure all their devices are made HIPAA compliant. Fortunately, healthcare organizations have been given some help in this regard, with both the Office for Civil Rights and the Office of the National Coordinator having provided guidelines and tips which healthcare professionals can...

Read More

HIPAA Breach: 11K Dental Patients’ PHI Uploaded to File Sharing Website

Lanap & Dental Implants of Pennsylvania has inadvertently violated the HIPAA Rules for dentists following the posting of approximately 11,000 dental records on a torrent site used for Peer-to-peer (P2P) file sharing. P2P file-sharing sites allow users to upload data, software and all manner of digital content and share this with a select group of individuals, or make the data available to anyone who visits the site. When “torrents” are created, they are listed on any number file file-sharing websites simultaneously. Anyone searching for specific files – or types of files – can download the files. Quite a large number of people appear to have done just that. The data is listed on at least 18 file-sharing websites, and to date it has been downloaded over 9,000 times from one website alone. That number could be similar on each of the other websites, or higher. 4-year Breach of PHI and Social Security Numbers A recent report on WNEP News revealed not only had this information been uploaded to the website, but the information had been available for four years. The data appeared to...

Read More

2014 Likely to See Surge in HIPAA Data Breaches

A new report released by the Experian credit bureau predicts that 2014 is likely to be a major year for data breaches, with a surge in numbers expected over the course of the year. The report also predicts the healthcare industry will be hit hard. The report says that the reason healthcare is so susceptible to attack is the sheer size of the industry. There is what the report calls an “expanded attack surface for breaches,” due to new EHRs and Health Insurance Exchanges (HIEs), while the value and volume of data held hakes healthcare providers attractive targets for cyber criminals. Experian offers credit monitoring services, but also assists customers to recover from data breaches. The company indicated that 46% of data breaches that it dealt with last year were from the healthcare industry. The report cites a number of reasons why data breaches are expected to rise, and indicates it is mainly due to the huge organizational infrastructure changes that are required under the Affordable Care Act, HIPAA, HITECH and other legislation together with general unpreparedness, a huge number...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist