25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

441-Patient HIPAA Breach Results in 50K Penalty

Under Health Insurance Portability and Accountability Act (HIPAA) regulations, healthcare organizations are required to report data breaches involving more than 500 individuals to the Office of Civil Rights and financial penalties apply for HIPAA violations; however security breaches involving fewer individuals can still result in fines being issued. In 2010, a laptop computer was stolen from a community non-profit hospice in Hayden, North Idaho. The laptop contained the PHI of 441 patients including Social Security numbers, medical test results, diagnoses, medications issued and other protected patient information. The laptop was issued to a nurse from the he Hospice of North Idaho who took the device home with her at the weekend and left it in her car where it was subsequently stolen. When data breaches involve more than 500 patients the incident must be reported to the OCR promptly; however since this incident involved just 441 patients, the report of the theft and data breach was not provided to the OCR until the year end; as required under HIPAA breach notification rules. Upon...

Read More

University of Michigan Health System Reports 4000-Patient HIPAA Breach

The University of Michigan Health System (UMHS) has announced that the records of 4000 patients may have been exposed by Omnicell, its supply management system vendor. The data breach affected the patients of three hospitals operated by the University of Michigan Health System, all of whom had visited for consultations between October 24th, 2012 and November 13, 2012. The unencrypted data was stored on an unnamed device that was stolen from a car belonging to an Omnicell employee. This is a violation of the data privacy and security policies in place at UMHS. The lost data was limited to medications prescribed, demographics, and some other health information; although UMHS confirmed that no Social Security numbers or credit card details were compromised in the incident. Names were included but no addresses or phone numbers were present in the data. Pursuant to the Health Insurance Portability and Accountability Act, UMHS is in the process of notifying all individuals affected by the breach in writing to alert them to the possibility that their personal health information could be...

Read More
Massachusetts Healthcare Provider to pay $1.5M HIPAA Settlement to HHS
Dec17

Massachusetts Healthcare Provider to pay $1.5M HIPAA Settlement to HHS

The theft of a laptop computer from a healthcare center belonging to Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (MEEI) has resulted in a settlement of $1.5 million with the HHS Office for Civil Rights for HIPAA violations. The U.S. Department of Health and Human Services is enforcing Health Insurance Portability and Accountability Act compliance, and MEEI was deemed to have violated the Security Rule by failing to take adequate precautions to protect the health information of its patients and research subjects. The laptop contained unencrypted data which could be accessed by the person in possession of the laptop. The data includes patient prescription details, clinical information and other protected data that could potentially be used to commit medical and identity fraud. Under the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule, the HHS must be notified of security breaches involving the exposure of PHI of patients. When MEEI issued the notification it triggered the OCR investigation....

Read More

Healthcare Data Breaches Exceed 500

In September 2009, following the incorporation of the requirements of the HITECH Act into HIPAA legislation, the Department of Health and Human Services started monitoring healthcare data breaches. Since that date all data breaches affecting over 500 individuals must be reported within 60 days of the breach being discovered. Over 21.2 million individuals have been affected by healthcare data breaches since records started being kept, and the tally of data braches has now exceeded the 500 milestone. The Health Insurance Portability and Accountability Act was introduced with a number of aims, one of which was to ensure Protected Health Information is safeguarded and protected from unauthorized access, disclosure, hacking, loss and theft. The legislation also covers patient privacy and restricts the information that can be disclosed without authorization. HIPAA is supposed to ensure that all covered entities implement administrative, technical and physical safeguards to protect PHI and meet a minimum national standard of data security. The problem is that covered entities are not...

Read More

Pediatricians Risking HIPAA Violations Sending SMS Messages

The pager has served doctors and medical professionals well since the 1940s and an estimated 90% of hospitals are still using the devices for communication between members of the care team. However an increasing number of medical professionals are turning to Smartphones to communicate, according to a recent survey conducted by the University of Kansas School of Medicine in Wichita. The data even suggests that phone text messaging is about to take over as the primary mode of communication in U.S hospitals. Smartphones allow doctors to communicate quickly with other members of the healthcare team, but while modern mobile devices offer convenience, the use of SMS in hospitals could result in HIPAA Privacy and Security Rule violations. Text messages are not secure, and any unencrypted PHI sent via the SMS network could potentially be read by any number of people. Uptake of Smartphones has not been quick in healthcare due to the cost of purchasing the units and making them secure. However, since the majority of medical professionals have a personal phone, Bring Your Own Device (BOYD)...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist