25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Omnibus Final Rule Improves Patient Rights

Healthcare organizations and their business associates are facing fines for non-compliance following the introduction of new regulations which protect the privacy of patients and the security of their data. The Omnibus Final Rule came into effect this year and covered organizations were required to update procedures and policies and comply with the new regulations by September 23, 2013. The new changes have been criticized by some members of the healthcare community; however the changes expand patient rights and allow them to have much greater autonomy and make decisions about how and what is communicated to them and the channels that can be used. If a patient is comfortable receiving information via E-mail, they are allowed to continue to use that medium to communicate with their healthcare providers or care team and information can be sent by healthcare professions to patients provided that they have been made aware of the risks. If it is explained that the medium is not totally secure and there is a chance that their data could be viewed by other people and they accept the...

Read More

Google to Sign BAA to Make its Apps HIPAA Compliant

Many healthcare organizations were unwilling to use Google Apps because under the new HIPAA regulations, Google would be required to sign a Business Associate agreement; something the internet giant has so far failed to do. Google has now agreed to remove this barrier and sign a BAA for the very first time, ensuring its Apps are fully HIPAA-compliant. This is expected to see more healthcare organizations take advantage of the services it offers. The Health Insurance Portability and Accountability Act of 1996 requires healthcare organizations to restrict access to electronic health records and identifiable information. Healthcare organizations are accountable for any data breaches, accidental or deliberate, and the disclosure of individually identifiable health information (IIHI) and protected health information (PHI) to any unauthorized individual. Protected information includes the names and contact details of patients, their health information, financial details relating to services received and medical insurance information. Under HIPAA regulations, if any of this data needs to...

Read More
HHS Publishes Guidance on how the HIPAA Privacy Rule Applies to Refill Reminders
Sep30

HHS Publishes Guidance on how the HIPAA Privacy Rule Applies to Refill Reminders

The HIPAA Privacy Rule gives individuals greater control over how their medical data can be used and disclosed to third parties. The Rule prohibits the disclosure or use of patient PHI for the purposes of marketing. Before health information can be used to market products, services or pharmaceuticals to a patient, a written authorization must be provided stating that the patient opted in for this service. The purpose of the Privacy Rule is to offer patients better protection; however, the legislation should not interfere with patients receiving the care they need. Oftentimes, communications must be sent to patients advising them of medical matters, services, and even products. While there may be some overlap between marketing and general communications, provisions have been included in the legislation to take these into account. The HHS has now published further clarification on how the Privacy Rule applies to sending refill reminders and other communications that involve the provision of products and services, and explanations have been provided on exceptions to the Privacy Rule....

Read More

Omnibus Final Rule Now Enforceable

The HIPAA Omnibus Rule came into force in March this year, although the OCR gave covered entities a grace period in which to bring their organizations policies and procedures up to date with the new regulations. The Omnibus Rule expanded HIPAA to cover Business Associates of covered entities – and their subcontractors – with the 6 month grace period intended to give these newly covered organizations time to become compliant. That grace period expired today and the Omnibus Rule is now enforceable, with the OCR able to issue fines for any non-compliance issues it now discovers. The Omnibus Rule adds a number of security measures to ensure that private medical records are properly protected, including new restrictions on who is able to access those records. Breach Notification Rules have been updated and now presume that any unauthorized access of PHI is a reportable breach, and not just those which pose a significant risk of harm. Potential victims – as well as the OCR – must be notified of the breach within 60 days of its discovery. Any security breach must be now assessed to...

Read More

HHS Makes Final Updates to HIPAA Privacy and Security Rules

The HIPAA Omnibus Rule becomes enforceable this coming Monday, although the Department of Health and Human Services’ Office for Civil Rights has just announced that there will be a an enforcement delay for certain covered entities to give them more time to update their Notices of Privacy Practices. The introduction of the Omnibus Rule requires laboratories covered under HIPAA to update NPPs, although entities certified or exempt under the Clinical Laboratory Improvement Amendments (CLIA) will be given more time to update their NPPs, in addition to those organizations which have been relieved from the HIPAA Privacy Rule requirement to provide patients with access to their laboratory test results. The delay will not apply to laboratories which are part of larger healthcare organizations that do not have their own laboratory-specific NPPs. The delay was deemed necessary due to the requirement to update NPPs as part of the Omnibus Rule and CLIA, because of the proximity of the two rules. The Omnibus Ruling comes into force today, September 23, and CLIA, which amends § 164.524 of the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist