25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Indiana AG Sues WellPoint over HIPAA Breach
Nov09

Indiana AG Sues WellPoint over HIPAA Breach

Greg Zoeller, the Indiana Attorney General has taken action against a violator of HIPAA laws and has filed a lawsuit against WellPoint for breach notification failures following the 32,000-record data breach it discovered on March 8, of this year. Even with the very best security systems, data breaches still occur. In this case however, the breach was the result of human error. The lawsuit has been filed not for the disclosure of Protected Health Information, but the tardy breach response. HIPAA and Two Indiana State Laws Violated The lawsuit has been filed under state laws, with the suit claiming Wellpoint violated two separate breach notification laws in Indiana by failing to notify the Attorney General and patients that their information had potentially been compromised in a reasonable time frame. Under state laws the Attorney General’s office can fine organizations that fail to comply with data protection laws, with each of the two violations WellPoint committed carrying a maximum penalty of $150,000. A fine of £300,000 could therefore be issued. In July 2009, the state passed...

Read More

HIPAA Reportedly Stopping Drunk Driver Convictions

According to data collected and analyzed from a California healthcare provider, DUI convictions for drivers injured in road traffic accidents is relatively low, at just 59%. In these cases the drivers were over the legal alcohol limit, were in a hospital where blood tests were performed – the most reliable way to determine blood alcohol content – and yet 41% escaped without a conviction. A study was performed by Dr. James F. Holmes from Sacramento’s UC Davis School of Medicine. Data was collected from 241 cases where driver’s had been tested in the hospital and were found to have blood alcohol levels in excess of 80 mm/dl, which is the legal allowable limit for driving in California. The data suggested that the more severe the injury, the less likely it was that the driver would be convicted of driving under the influence, as was the case with individuals found to have alcohol levels under 200mm/dl in their blood. In spite of the police supposedly being able to easily identify drivers that had drunk too much, the study showed that their observations were not as accurate as...

Read More

Flash Drive Lost by KPMG Employee Potentially Exposes 3,630 Patient Health Records

An employee of one of the big four accountancy firms, KPMG LLP, is reported to have lost a flash drive containing the protected healthcare data of 3,630 patients. A flash drive was lost on or around May 10, 2010 and contained unencrypted data including the names of patients and a limited amount of healthcare information. No addresses, dates of birth, Social Security numbers, financial information, personal identification numbers or other identifiable information were stored on the drive and the risk of identity theft or medical fraud is considered to be low. KPMG’s accountancy services are used by a number of hospitals affiliated to the Saint Barnabas Health Care System including Newark Beth Israel Medical Center. The data of 956 of its patients were stored on the drive according to the breach notification it issued to the Department of Health and Human Services. Data breach notification rules require healthcare providers to issue breach notifications to patients, even if the breach is caused by a Business Associate. The Saint Barnabas Health Care System will therefore be...

Read More
Oakwood Healthcare Worker Fired for HIPAA-Violating Facebook Comments
Aug03

Oakwood Healthcare Worker Fired for HIPAA-Violating Facebook Comments

Michigan healthcare provider, Oakwood Healthcare, Inc., has confirmed that a member of staff at Oakwood Hospital & Medical Center in Dearborn has had her employment contract terminated after posting disparaging comments about a patient on her Facebook page. WJBK Fox 2 reported that the hospital worker, Cheryl James, posted two comments on her Facebook page about a patient. One comment was deemed unrepeatable by WJBK, although Cheryl was reported to have said that she “came face to face with a cop killer” and that she hoped he “rots in hell”. When Cheryl’s bosses learned of her Facebook posts they advised Cheryl that they would have to investigate the matter and Cheryl promptly removed the posts. She expected disciplinary action would be limited to a reprimand or even a suspension, but the hospital terminated her employment for violating HIPAA data privacy rules. According to a statement released by Oakwood Hospital, “We all have a legal and ethical responsibility to put our personal opinions aside and provide the care required for any patient who has entrusted us with...

Read More
Connecticut Attorney General First to Take Action for HIPAA Violations
Jul07

Connecticut Attorney General First to Take Action for HIPAA Violations

The Connecticut Attorney General, Richard Blumenthal, has announced that a settlement has been reached with healthcare provider, Health Net, over violations of the Health Insurance Portability and Accountability Act (HIPAAA). The Connecticut AG is the first to exercise the right to enforce HIPAA since the power to do so was given to AGs following amendments to HIPAA brought about by the introduction of the Health Information Technology for Economic and Clinical Health Act (HITECH). Health Net was fined £250,000 for failing to implement adequate controls to protect the health data of its patients and for violations of Breach Notification Rules. Legal action was taken against Health Net following the loss of an unencrypted disc drive in May 2009 which exposed the data of 1.5 million Americans, 446,000 of which were Connecticut residents. The incident exposed Social Security Numbers, financial information and personal identifiers, with the subsequent investigation concluding that the drive was most likely stolen. In addition to the fine, Health Net has been ordered to provide two...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist