25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Data Encryption Advisable but not Mandatory Under HIPAA
Feb01

Data Encryption Advisable but not Mandatory Under HIPAA

Healthcare organizations must take steps to prevent confidential patient health data from being viewed, accessed or used by unauthorized individuals, although current HIPAA regulations do not require healthcare organizations – or their business associates – to encrypt PHI data. However, according to the Director of the Office for Civil Rights, Leon Rodriguez, it is strongly advisable. The HIPAA data breach rule requires healthcare organizations to report any loss of laptop or mobile device containing patient data as a HIPAA breach since the introduction of the HITECH Act (2009); however the loss is not reportable if the data on the device has been encrypted (provided the data encryption is in accordance with the guidance issued by the National Institute of Standards and Technology). According to Rodriguez, in all cases of laptop or computer theft reported to date, financial penalties would have been avoided if the data contained on the lost/stolen devices had been encrypted. Following a data breach, HIPAA covered entities are required to notify all individuals affected by the...

Read More
HIPAA Omnibus Rule Final Release Issued
Jan25

HIPAA Omnibus Rule Final Release Issued

The HIPAA Omnibus Rule (Health Insurance Portability and Accountability Act of 1996 Omnibus Rule) was drafted in July 2010; however the final release has been delayed until this month in order to address some of the concerns raised by stakeholders about the latest HIPAA amendment. The final rule has been held by the Office of Management and Budget since March last year although the final release has now been issued. All HIPAA-covered entities – and their business associates – must read the new rule and make changes to existing policies and procedures and factor in the new amendments. Healthcare organizations have 180 days in order to effect the changes as the Final Rule will not be enforced until Sept 22, 2013. The new rule has been issued to bring HIPAA in line with HITECH, and was introduced by the U.S. Department of Health and Human Services’ Office of Civil Rights to cover the use of Health Information Technology (HIT) and ensure that patient health information is properly protected. The final rule represents a major change to the legislation and is the most extensive...

Read More
Penalties for Data Breaches Increased Under HIPAA Omnibus Rule
Jan23

Penalties for Data Breaches Increased Under HIPAA Omnibus Rule

Financial penalties for healthcare organizations found in violation of HIPAA regulations are to be increased substantially as part of the HIPAA Omnibus Rule, which will also be applied to business associates and their subcontractors. The original fine structure was established by the American Recovery and Reinvestment Act of 2009 (ARRA), although no further increases have been made in the following four years. The new tiered financial penalties have been introduced in line with the Health Information Technology for Economic and Clinical Health Act (HITECH) and increase the maximum penalties for each non-compliance offense, in addition to increasing the maximum penalty for repeat violations. Healthcare organizations committing a one-time violation will still receive a maximum penalty of $50,000; however, repeat violations can now see fines of up to $1.5 million issued, with the maximum penalty now applying to all HIPAA violation categories. While willful neglect carries a $50,000 penalty for each violation, a lack of knowledge of HIPAA and its subsequent amendments is not a...

Read More

Stolen Laptop Exposes 57K Patients Records in HIPAA Security Breach

Healthcare organizations can take the necessary measures to protect their computer networks from targeted attacks by hackers; however one of the biggest risks to data security comes from mobile devices such as laptop computers, Smartphones and portable storage devices such as external hard drives and memory sticks. Laptops and other mobile devices have become as essential in the healthcare industry as they have become to modern life. Physicians and healthcare professionals can improve the service provided to patients and they allow doctors access to full patient medical histories, where ever the doctor needs to perform the consultation. As useful as they are, great care must be taken to keep the devices secure. Data encryption is the obvious solution along with training the staff on HIPAA regulations and the importance of securing the contained on the portable electronic devices. Failure to secure PHI data is a HIPAA violation and thefts of laptops containing unencrypted data is reportable to the Office of Civil Rights and is likely to result in substantial financial penalties...

Read More

Omnicell HIPAA Breach More Extensive than First Feared

The theft of an electronic device from an Omnicell employee’s car was announced on 21st December by the University of Michigan Health System (UMHS) to have caused a HIPAA breach affecting 4000 patients of three of its hospitals. Omnicell has now revealed that the breach also affected approximately 56,000 patients at Sentara Health and the records of 8,500 patients of South Jersey Healthcare were also stored on the stolen device. Sentara Healthcare data related to patients who had visited one of its outpatients clinics or hospitals, although it has now been confirmed that the data is limited to patients of the Sentara CarePlex, Sentara Leigh Hospital, Sentara Norfolk General Hospital, Sentara Obici Hospital, Sentara Princess Anne Hospital, Sentara Virginia Beach General Hospital, Sentara Williamsburg Regional Medical Center, Sentara BelleHarbour, Sentara Independence and Sentara Port Warwick. The records on the device related to visits between Oct 18 and Nov 9, 2012. Sentara Healthcare issued breach notifications to all affected patients advising them that their clinical and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist