25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

What is HIPAA Certification?
Jun13

What is HIPAA Certification?

HIPAA certification for individuals is certified HIPAA training combined with testing to verify awareness of HIPAA compliance requirements, typically conducted on an annual basis. Successful trainees receive a HIPAA compliance certificate. HIPAA Certification Requirements for Healthcare Professionals and Administrators Certifying that an organization’s workforce is HIPAA compliant can have similar benefits to those discussed above inasmuch as a compliant workforce is less likely to violate HIPAA or make mistakes that could result in data breaches. Achieving HIPAA certification demonstrates a reasonable amount of care to abide by the HIPAA Rules in the event of an OCR investigation or audit. For individual members of the workforce, HIPAA certification can help foster patient trust, support applications for promotion, and increase prospects in the job market. However, it is what workforce members learn during a certification program that can have the biggest impact on their professional lives, as this can help prevent unintentional violations that can have significant...

Read More
CISA Instructs Federal Agencies to Adopt Risk-Based Approach for Vulnerability Remediation
Jun12

CISA Instructs Federal Agencies to Adopt Risk-Based Approach for Vulnerability Remediation

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive (BOD  26-04) establishing new deadlines for vulnerability remediation for federal civilian agencies. Defenders have long been struggling to keep on top of patching due to the frequency with which new vulnerabilities are identified, the pace of which has increased dramatically due to artificial intelligence. According to the Verizon 2025 Data Breach Investigations Report, organizations were only able to fully remediate around 38% of vulnerabilities in CISA’s Known Exploited Vulnerability (KEV) Catalog in 2024. The 2026 DBIR report shows that the percentage of fully remediated vulnerabilities in 2025 fell to 26%, with a median resolution time of 43 days. Artificial intelligence has massively increased the pace of vulnerability discovery, defenders are becoming overwhelmed, and critical vulnerabilities are remaining unpatched for longer periods, increasing the window of opportunity for exploitation. CISA’s solution is to patch smarter, not harder. CISA has released a new...

Read More
Labcorp Agrees to $35M Settlement to Resolve AMCA Data Breach Litigation
Jun12

Labcorp Agrees to $35M Settlement to Resolve AMCA Data Breach Litigation

A $35,000,000 settlement has been agreed to resolve a long-running class action lawsuit against Labcorp over a 2018 cybersecurity incident at American Medical Collection Agency. Laboratory Corporation of America Holdings (Labcorp), a provider of diagnostic testing services, had contracted with a company called Retrieval-Masters Creditor’s Bureau, Inc., which does business as American Medical Collection Agency (AMCA), to collect outstanding payments for Labcorp’s services. On May 14, 2019, AMCA notified Labcorp about a cybersecurity incident that resulted in unauthorized access to Labcorp patients’ protected health information. Hackers had access to AMCA’s systems between August 2018 and March 2019, and potentially viewed or obtained some of their protected health information. The data breach affected multiple AMCA clients and resulted in the exposure of the protected health information of more than 25 million individuals, including the data of 10,251,784 Labcorp patients. Multiple class action lawsuits were filed in response to the data breach, which were consolidated into a single...

Read More
HIPAA Training Buyer’s Guide
Jun12

HIPAA Training Buyer’s Guide

Choosing HIPAA training for employees should be about compliance outcomes, not simply checking the box for mandatory training. However, it can be difficult to select HIPAA training courses that build real HIPAA compliance knowledge, reduce common errors, and prepare employees to apply HIPAA correctly from day one. This 5-part guide to choosing HIPAA training for employees helps buyers avoid checkbox training and invest in learning that enhances employee compliance performance, ultimately reducing HIPAA violations and data breaches, while improving organizational profitability and patient outcomes. Part 1 – The Basics Who has produced the training? When was the training last updated? What is the employee learning experience? What is the trainer and program oversight experience? How does the training manage documentation and audit readiness? HIPAA Training for Employees Our training provides employees with a clear and practical understanding of what to do and why in real-world HIPAA scenarios. View Training The Gold Standard in HIPAA Training by The HIPAA Journal Team HIPAA...

Read More
PHI Compromised in Cyber Incidents at Medenet; United Medical Doctors; Stewart Home & School
Jun11

PHI Compromised in Cyber Incidents at Medenet; United Medical Doctors; Stewart Home & School

Cybersecurity incidents involving unauthorized access to protected health information have been announced by the revenue cycle management company Medenet, the California medical group United Medical Doctors, and the Kentucky residential school, Stewart Home & School. Medenet Inc. Medenet Inc., a Florida-based medical billing, EMR software, and revenue cycle management service provider to physician practices, has started issuing notifications about a cyberattack identified on December 26, 2025. Assisted by third party cybersecurity experts, Medenet determined that personal and protected health information was likely compromised in the incident, including medical records and Social Security numbers. Medenet said it is unaware of any misuse of the impacted data; however, as a precaution against data misuse, the affected individuals have been offered complimentary single-bureau credit monitoring, credit report, and credit score services. The data breach has yet to be added to the HHS’ Office for Civil Rights website, so it is currently unclear how many individuals have been...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist