25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

FMC Services Agrees to $2.15M Settlement to End Data Breach Lawsuit
Jun17

FMC Services Agrees to $2.15M Settlement to End Data Breach Lawsuit

FMC Services LLC, the operator of a network of primary care clinics in Amarillo and Canyon, Texas, experienced a cyberattack and data breach in 2022. The class action lawsuit that followed has recently been settled for $2.15 million. The cyberattack was detected on July 26, 2022, and the forensic investigation confirmed that files had been exposed containing names, addresses, dates of birth, Social Security numbers, and health information. The FMC Services data breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 233,948 individuals. Notification letters were mailed to 266,540 individuals. Four individuals filed class action lawsuits in response to the exposure of their personal and protected health information. The lawsuits made similar claims and were consolidated into a single action – Sharber, et al. v. FMC Services, LLC – in the District Court of Potter County, Texas. The consolidated lawsuit claimed that FMC Services had a duty to maintain reasonable and appropriate cybersecurity measures and breached that duty,...

Read More
Clinical Registry Solutions; Jason R Egbert OD PC; VNC Health Announce Data Breaches
Jun16

Clinical Registry Solutions; Jason R Egbert OD PC; VNC Health Announce Data Breaches

Data breaches have been announced by Clinical Registry Solutions in New York, First Sight Family Vision in Washington, and VHC Health in Virginia. Clinical Registry Solutions, New York Clinical Registry Solutions, a Brooklyn, New York-based provider of clinical data abstraction and registry support services to healthcare providers, is notifying 8,545 patients of Dignity Health’s St. Mary’s Medical Center that some of their protected health information has potentially been compromised in an April 2026 cybersecurity incident. Suspicious activity was identified within its computer network on April 9, 2026. The forensic investigation identified unauthorized access to its computer network, and evidence was found indicating that files containing patient data were copied by the attackers. The data review determined that patient names, procedure dates, and medical record numbers were involved; however, Social Security numbers and diagnosis and treatment information were not involved. Company data was also stolen in the attack. Clinical Registry Solutions has not identified any misuse of...

Read More
HIPAA Training Requirements
Jun16

HIPAA Training Requirements

The HIPAA training requirements are that “a covered entity must train all members of its workforce on policies and procedures […] as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity” (§164.530(b)(1) of the HIPAA Privacy Rule). A covered entity or business associate must “implement a security awareness and training program for all members of its workforce including management”. (§164.308(a)(5) of the HIPAA Security Rule). Table of Contents What are the HIPAA Training Requirements? How Often is HIPAA Training Required? What Should be Included in a HIPAA Training Course? Additional HIPAA Training Required for New Technologies Best Practices for HIPAA Compliance Training Additional State Medical Privacy Law Training Targeted HIPAA Training HIPAA Training for Employees HIPAA Training for Business Associate Staff HIPAA Compliance Training for Students HIPAA Training for IT Professionals HIPAA Training for Small Medical Practice Employees HIPAA Training for Medical Office Staff HIPAA Refresher Training HIPAA Training...

Read More
Business Associates Face Increased Regulatory Scrutiny as Vendor Breaches Soar
Jun15

Business Associates Face Increased Regulatory Scrutiny as Vendor Breaches Soar

The healthcare industry has the highest rate of third-party data breaches out of any sector, according to the Verizon Data Breach Investigations Report (DBIR), and third-party data breaches are increasing. The HHS’ Office for Civil Rights (OCR) publishes information on data breaches impacting 500 or more individuals on its data breach portal. Currently, the breach portal shows that in the 9 years from 2009 to 2017, an average of 20% of healthcare data breaches had business associate involvement. For the following 9 years, from 2018 to 2026, an average of 34% data breaches had business associate involvement. In the first 6 months of 2026, that percentage rose to 43%. Modern healthcare relies heavily on third-party vendors to perform a huge range of functions. Vendors are used for revenue cycle management, transcription, medical supplies, telemedicine, IT services, cybersecurity, and provide a huge range of software solutions, SaaS platforms, AI tools, and electronic medical records. A typical U.S. health system could have anywhere from 500 to 2,000 active vendors and a massive...

Read More
How to Become HIPAA Compliant
Jun15

How to Become HIPAA Compliant

One of the simplest ways how to become HIPAA compliant is to adapt HHS’ “The Seven Fundamentals of an Effective Compliance Program” to address compliance challenges identified in a HIPAA risk assessment. It can also be beneficial to take advantage of HIPAA compliance software that is built around  The Seven Fundamentals in order to maintain a compliant workplace. 7 Steps for HIPAA Compliance In 2011, HHS published “The Seven Fundamental Elements Of An Effective Compliance Program”. We have slightly amended it to be more relevant to HIPAA compliance in 2026. Here is a summary of the elements, which we outline in more detail in this guide. Develop policies and procedures so that day-to-day activities comply with the HIPAA Privacy Rule. Designate a privacy officer and a security officer. Implement effective training programs. Ensure channels of communication exist to report violations and breaches. Monitor compliance at floor level so poor compliance practices can be nipped in the bud. Enforce sanctions policies fairly and equally. Respond promptly to identified or...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist