25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Dent Neurologic Clerk Violates HIPAA by Emailing PHI to Patients
May14

Dent Neurologic Clerk Violates HIPAA by Emailing PHI to Patients

The theft of mobile devices may be one of the leading causes of HIPAA breaches, although human error can easily lead to patient health data being disclosed, with Dent Neurologic the latest healthcare organization to suffer a major HIPAA breach as a result of the actions of an employee. Dent Neurologic, a neurologic institute serving Buffalo and West New York, accidentally distributed a spreadsheet containing PHI to 200 patients in a routine email. The spreadsheet contained data relating to 10,200 patients and was attached by accident to an email by a clerk in the DNI administration office. The data did not contain information relating to treatment and diagnoses, nor Social Security numbers or dates of birth. However, patient names, email and home addresses, last appointment dates and the name of the treating doctor were all detailed in the spreadsheet. Dent Neurologic CEO, Joseph V. Fritz, issued a news release explaining the error, which has been attributed to a mistake made by the clerk. Fritz stated that “We are very sorry this happened, and we deeply apologize to all of our...

Read More

Hospital X-Ray Scam Provides Thieves with PHI of 17K Patients

When the Raleigh Orthopedic Clinic arranged for its X-ray films to be modernized and transferred to digital media, the healthcare organization naturally sought external assistance. A third party vendor was located that could offer the service and the X-ray films were sent for conversion. The contract was arranged in January of this year and the films were dispatched; however when the clinic failed to receive the electronic copies of the data suspicions were aroused. An investigation was conducted into the matter in the first week of March and it was determined that the clinic had been involved in a scam. In contrast to other security breaches where thieves deliberately set out to steal ePHI to commit fraud, in this case the thieves wanted the x-ray film for the silver it contained. Raleigh Ortho discovered that its X-rays had been sold on to a recycling company based in Ohio which offers a service to recycle X-ray films. It is understood that the unspecified company used by the hospital obtained the X-rays fraudulently with a view to selling the silver. X-ray films contain...

Read More

HIPAA Omnibus Rule Places Further Restrictions on Marketing

The introduction of the Omnibus Final Rule, also known as the HIPAA Mega Rule due to the extent of that it alters the current legislation, tightens up many loose ends that existed from the HIPAA Privacy Rule with regards to marketing. The use of Protected Health Information (PHI) for marketing purposes was restricted by the Privacy Rule, which required patients to provide written consent allowing the use of their health information for marketing purposes. Further restrictions were placed on the use of PHI data with the introduction of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. This last piece of legislative change prevented further marketing practices that could previously be performed without prior consent being obtained. The introduction of the Omnibus Final Rule in January this year completed the changes concerning marketing, and all organizations are now required to abide by the new rules, with the final date for full adoption being October 23, 2013; the date the Final Rule will be enforced. Marketing has long been a target for the...

Read More
Photocopier Error Costs $1.2 Million in HIPAA Breach Fines
Apr25

Photocopier Error Costs $1.2 Million in HIPAA Breach Fines

Protected Health Information can easily be disclosed to unauthorized personnel if a document is left in a photocopier after copies have been made; however digital photocopiers have potential to expose the personal health data of hundreds of thousands of individuals. When copies of files are made on a digital photocopier the files remain on the machine until they are deleted. Many organizations and individuals forget or do not realize that this is the case and do not delete the data before scrapping the machine. Potentially, every file and document copied on the machine will be available to anyone who accesses the hard drive on the machine. All digital photocopiers sold since 2002 have included hard drive. Under HIPAA regulations, it is mandatory for HIPAA covered organizations to erase all ePHI stored on hard drives before they are scrapped, decommissioned or returned to a leasing company. HIPAA-compliant healthcare organizations must ensure that their PCs, laptops and mobile devices have their data securely erased before they are decommissioned, in addition to photocopiers and all...

Read More

Next Gen Secure Enterprise Messaging App Great News for HIPAA Covered Entities

A next generation secure enterprise messaging app has recently been released, offering HIPAA-covered entities a fast, convenient and secure method of communicating. The real time messaging app has all of the required security features to ensure HIPAA-compliant text messages can be sent quickly, easily, and 100% securely. Communication Problems in the Healthcare Industry   Hackers, malicious insiders, and thieves are trying to obtain healthcare data from HIPAA-Covered entities (CEs); and many are succeeding. The use of Smartphones and other mobile devices has caused concern, as the units are difficult to effectively secure. HIPAA places a number of demands on healthcare providers and other CEs to ensure Protected Health Information (PHI) is kept secure and confidential. There are mandatory data security requirements detailed in the HIPAA Security Rule, and many addressable areas, which ensure that healthcare providers achieve an acceptable standard of data security. Under HIPAA Rules, PHI cannot be sent via insecure networks unless it has been encrypted or deidentified. SMS,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist