25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

OCR Warns of the Impact of HIPAA Changes on Electronic Health Records
Mar30

OCR Warns of the Impact of HIPAA Changes on Electronic Health Records

The Department of Health and Human Services’ Office for Civil Rights is preparing for the largest update of HIPAA regulations since HIPAA’s introduction in 1996. The new changes are expected to have a major impact on electronic health records; how they are stored and who is allowed to access to them. The DHHS has now sent its “Omnibus” Final Rule to the Office of Management and Budget for review, which should be completed over the course of the next three months. Once the review is complete it will be officially released and healthcare organizations will get the chance to see the extent of what has been referred to as the “HIPAA Mega Rule” due to the substantial changes being introduced. At this week’s 20th National HIPAA Summit in Washington, D.C, Deputy Director for Health Information Privacy at OCR, Susan McAndrew, called the update “one big mother of a final regulation” and indicated there are extensive legislative changes on the way. Once the new rule comes into force, the OCR is expected to start policing compliance more rigorously. According to OCR Director, Leon...

Read More
Blue Cross HIPAA Violation Costs $18.5 Million
Mar16

Blue Cross HIPAA Violation Costs $18.5 Million

A fine of $1.5 million from the Office for Civil Rights is far from insubstantial; however the total cost of correcting HIPAA issues and addressing all security issues can be considerable higher than the cost of the fine, as Blue Cross Blue Shield of Tennessee recently discovered. The insurer was the industry’s first company to receive a fine for violating the Health Insurance Portability and Accountability Act (1996) and was issued the maximum penalty of $1.5M for the colossal data breach that exposed the Protected Health Information of over a million of its policy holders in 2009. The breach occurred when 57 hard drives were stolen from its facilities in one of the largest ever HIPAA data breaches reported to date. The fine was issued for breaching the Privacy and Security Rules; however it only formed a small part of the total bill the insurer received for addressing all of the issued identified by the OCR during its investigation. The cost of bringing the company’s procedures, policies, hardware and software up to date with HIPAA and the Privacy and Security Rules has been...

Read More

Blue Cross Blue Shield to Pay HHS $1.5M for HIPAA Breach

The Office for Civil Rights has made its first enforcement action stemming from the HITECH Breach Notification Rule and has fined Blue Cross Blue Shield of Tennessee (BCBST) for violating the Privacy and Security Rules of the Health Insurance Portability and Accountability Act (1996). BCBST has now negotiated a settlement with the HHS and will pay $1.5 million for the security breach for its potential HIPAA violations. The data breach was one of the largest ever reported, involving the PHI of over 1 million individuals. Substantial patient information was exposed including Social Security numbers, dates of birth, health plan numbers, contact information and medical diagnosis codes. The data was stored on 57 unencrypted hard drives which were stolen from its facilities in Tennessee. Under the HIPAA Security Rule, healthcare organizations must ensure that the appropriate physical, technical and administrative safeguards are put in place to protect ePHI of patients. When the OCR conducted its investigation it determined that BCBST had not taken sufficient precautions to protect...

Read More

Hacking Becomes the Main Cause of Data Breaches

A recent study conducted by the Identity Theft Resource Center (ITRC) indicates that it is not the loss of devices that is the main cause of data breaches, but hackers breaking into networks to steal the valuable data that is held. The company assessed the 419 reported data breaches from 2011 to determine the most common causes of data exposure and loss. The results of the survey should help HIPAA-covered entities divert resources to deal with the biggest threats to data security. All of the known details of the 419 security breaches were assessed when compiling the report, with the main methods used by criminals across all industries being card-skimming attacks, which were at an all-time high. 26% of all data breaches were attributed to this method of attack, but the majority of attacks took place on non-financial businesses such as retailers, accounting for the high proportion of attacks using this method. However, also a major cause was the transportation or transmission of data. When data is on the move, it is easier for criminals to access. 18% of data breaches occurred when...

Read More
Audax Launches First HIPAA-Compliant Social Network
Jan05

Audax Launches First HIPAA-Compliant Social Network

A new social network – Careverge – has been launched today which allows users to share highly personal information about their health and fitness, yet do so totally anonymously. Accounts are created under pseudonyms allowing personal information to be shared without revealing the identity of the user. Grant Verstandig, CEO of Audax claims “Careverge is the first social network to receive HIPAA compliance, indicating a high level of security for users’ personal health data.” Privacy is assured as personal identifiers are not provided to any other member or third party on the network. The idea behind the scheme is to develop an online community allowing members to interact with others and motivate each other to achieve health and fitness goals. Online goals can be set up and progress towards them tracked. Audax Health is the name behind the new network. The startup was financed by investors who managed to raise $16 million in funding to develop and launch the project, with former Apple CEO John Sculley, IAA-CREF CEO Roger Ferguson and former Aetna CEO Jack Rowe among the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist