25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

How HIPAA Applies to Text messages and Emails Sent by Healthcare Professionals

It was not long ago that doctors were required to carry pagers and call in when their pockets started to bleep. Today, pagers have been replaced by Smartphones with communications and notifications sent via text messages, Email or telephone calls. A number of healthcare centers and doctors have discovered that sending a quick text message can cause a HIPAA violation. If text messages or Emails are to be used, the appropriate technical safeguards must be put in place to protect the PHI of patients. When data is sent over the internet or mobile phone networks, it must be encrypted. A failure to implement these safeguards can result in huge fines being issued by the OCR. When HIPAA regulations were first drafted the internet was still in its infancy and mobile phones, tablets and multimedia SMS messages did not exist. However, over the years, the use of electronic communication has become commonplace. Back in 2001, 258.2 million text messages were being sent every month according to data from CTIA, while just 3 years ago, that number had risen to 193.1 billion per month in the U.S...

Read More
Rensselaer County Jail Implicated in Teen Girl HIPAA Violation
Mar02

Rensselaer County Jail Implicated in Teen Girl HIPAA Violation

Protected Health Information of patients must be stored securely and unauthorized access to that data must prevented, although in the case of one Melrose family this was not the case. The family was recently alerted about the unauthorized disclosure of their teenage daughter’s medical information. The HIPAA breach allegedly occurred when employees from Rensselaer County jail gained access to the medical records of their 11-year old daughter. The father of the girl, Dominic Pasinella, was notified when he received a letter from Northeast Health which manages the Samaritan Hospital on behalf of St. Peter’s Health Partners. The letter stated that there had been a potential HIPAA breach at the hospital where his 11 year old daughter was sent for treatment following a dog bite. The incident was described as “private” by Mr. Pasinella, yet it has now become a public matter and the issue is now subject to a criminal investigation which he discovered had been ongoing for a number of months. Mr. Pasinella received the breach notification – a requirement under HIPAA regulations – which...

Read More
Triple S Salud Hit with Record $6.8 Million Fine for HIPAA Breach
Feb19

Triple S Salud Hit with Record $6.8 Million Fine for HIPAA Breach

Violations of the Health Insurance Portability and Accountability Act (HIPAA) can carry heavy financial penalties and the U.S. Department of Health and Human Services’ Office for Civil Rights has already issued fines of up to $1.9 million dollars for security breaches and HIPAA non-compliance issues. However, Puerto Rican Insurer Triple S Salud revealed yesterday that it has been hit with a record breaking $6.8 million fine for breaching HIPAA regulations and exposing the data of thousands of beneficiaries of its Dual Eligible Medicare plan. The Puerto Rico Health Insurance Administration submitted an 8-K filing after the discovery of the security breach, with Triple S Salud being notified of its intentions to apply a financial penalty for the HIPAA violation earlier this month. New sanctions will also be imposed which require the insurer to notify all individuals potentially affected by the breach and also advise them of their right to leave the program. It must also suspend new enrollments to the Dual Eligible Medicare plan. HIPAA violations investigated by the OCR have resulted...

Read More
HIPAA Breach at Froedtert Health Exposes 43,000 Patient Records
Feb14

HIPAA Breach at Froedtert Health Exposes 43,000 Patient Records

Milwaukee based healthcare provider, Froedtert Health, has announced that it has suffered a data breach that could potentially have affected up to 43,000 patients as a result of a computer virus which had infected an employee’s PC. Froedtert Health operates a three-hospital system comprising of the Froedtert Hospital in Milwaukee, St. Joseph’s Hospital in West Bend and Community Memorial Hospital in Menomonee Falls. Patients from all three hospitals have been affected and breach notification letters were sent earlier this week. The virus was discovered on December 14, 2013 and it is understood that it could potentially have allowed hackers to gain access to the Protected Health Information – and personal identifiers – stored in the employee’s work computer account. In a statement announcing the breach, Froedtert Health explained that it enlisted the help of a computer forensics company to conduct an investigation to determine the extent of the infection and whether it constituted a HIPAA breach. The forensics company was unable to establish whether hackers had actually...

Read More

HIPAA Compliance: A Model for all Businesses

The Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 in order to set minimum standards for healthcare insurance, with the legislation also covering the safe storage of electronic healthcare data of patients. All entities covered under HIPAA, as well as their business associates, must take appropriate measures to ensure that the Protected Health Information of patients cannot be accessed by unauthorized individuals. In order for a healthcare organization to be HIPAA compliant, a number of policies and procedures must be introduced. All systems and servers must be assessed for security risks, data must be stored securely, backed up and a disaster recovery plan should be documented so that in the event that data is lost, corrupted or stolen it can be easily recovered. A standard contingency plan must be devised and a number of documents created to confirm that HIPAA regulations have been addressed. The documentation must cover the back up of data, include a detailed disaster recovery plan and there must also be procedures documented for operating in...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist