25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Cloud Service Providers Must Become HIPAA Compliant

On 26th March, 2013 the Omnibus Final Rule of the Health Insurance Portability and Accountability Act came into effect, after a long period of amendments and adjustments. The main purpose of the new legislation is to adjust the HIPAA Privacy and Security Rules and breach notification rules, with this major amendment often referred to as “The HIPAA Mega Rule”. The new rules apply to all HIPAA covered entities and the Department of Health and Human Services will be enforcing the rules; its Office for Civil Rights is due to commence a serious of random audits to check for compliance later this year. The new rules apply not only to healthcare organizations but also their business associates. Under the final rule the definition of business associate has also been changed, and now includes any provider of a service that has contact with electronic protected health information (ePHI). Specifically this means any entity that “creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity”, and they must now agree to abide by the HIPAA Omnibus...

Read More

Programming Error Responsible for Major Indiana HIPAA Breach

A business associate of an Indiana healthcare organization has caused one of the largest HIPAA data breaches to data. The security breach has exposed the ePHI of 187,533 patients of the Indiana Family and Social Services Administration. Not only is this one of the largest data breaches to occur this year, it involves the disclosure of incredibly detailed personal, medical and financial information. Following an investigation into the incident, the Indiana Family and Social Services Administration was able to determine that 3,926 patient Social Security numbers had been disclosed and the patients affected have been notified separately. In addition to names, addresses and other contact information, the records included demographic data, the benefits that clients received, total monthly benefit totals, monthly income and expenses, employment details, bank balances and details of other assets owned. Medical conditions were listed along with health insurance providers and some data relating to members of the patient’s household. Programming Error Responsible for PHI Disclosure The data...

Read More
Los Angeles Times Article Results in $275000 HIPAA Privacy Rule Fine
Jun13

Los Angeles Times Article Results in $275000 HIPAA Privacy Rule Fine

An article published in the L.A Times started a sequence of events that has now resulted in Shasta Regional Medical Center (SRMC) agreeing to a settlement of $275,000 for its violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The HIPAA Privacy Rule forbids covered entities – and their employees and business associates – from disclosing health information of patients to unauthorized persons. Whenever there is suspicion that regulations are not being followed the HHS Office for Civil Rights (OCR) conducts an investigation and compliance review. The U.S. Department of Health and Human Services (HHS) was tipped off to potential Privacy Rule violations after two senior SRMC leaders met with the media and provided details of medical procedures performed on a specific patient. This unauthorized disclosure of the patient’s protected health information to the media was a direct violation of the Privacy Rule. Patient consent must be obtained in writing before any PHI can be disclosed to a third party and this was not the case at SRMC. The...

Read More

Stanford University Suffers 5th Large HIPAA Security Breach

Stanford University has now suffered its 5th large data breach in four years following the theft of a laptop from the Lucile Packard Children’s Hospital. The latest breach may not be the largest to date – or even the largest to affect the University – but it could potentially see the University having to pay a large settlement to the OCR for failing to secure its patients’ PHI. The latest security breach involved close to 13,000 patients, with the data that was exposed containing personal identifiers including patient’s names and contact information. The data stored on the stolen laptop also included medical diagnoses, medical record numbers, surgical procedures performed and the names of the treating physicians. No Social Security numbers were present in the data set, although the hospital is still required to notify each of the 13,000 patients affected. Victims of data breaches must be alerted to the possibility that their PHI may be used to enable them to take action to mitigate any damage or losses caused. The laptop was stolen from a private area of the hospital...

Read More

Healthcare BYOD Schemes Here to Stay Says Ovum

IT Research firm, Ovum, has released details of a study conducted on full time IT workers’ participation in Bring Your Own Device (BYOD) schemes, and for the second year running participation has remained steady at around 60%. Healthcare professionals are using Smartphones and mobile devices at home, and they the preferred mode of communication for many physicians. They offer speed, convenience, practicality and they are familiar; as well as allowing the user to be in touch around the clock. However, being made to leave the devices at home or in lockers when coming to work, and instead being forced to use outdated modes of communication – such as pagers – is not something that all workers agree with. Many ignore company policies and bring their own devices to work anyway, even when BOYD schemes are not in place. The study showed that 15.4% of employees who owned their own Smartphone took it to work and used it and did not report use of the device to their IT department, while 20.4% said their employers were anti-BYOD yet they still took their devices to work and used them. If a...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist