25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Kettering Health Ransomware Attack: 1.7 Million Individuals Affected
Apr14

Kettering Health Ransomware Attack: 1.7 Million Individuals Affected

In May 2025, the Ohio health system Kettering Adventist Healthcare (Kettering Health) experienced a ransomware attack. The attack was detected on May 20, 2025, and the investigation determined that a ransomware group first accessed its network on April 9, 2025, and retained access until May 20, 2025. The Interlock ransomware group claimed responsibility for the attack and added Kettering Health to its dark web data leak site. Interlock claimed to have exfiltrated 941 GB of data and proceeded to leak the stolen data when the ransom was not paid. The HHS’ Office for Civil Rights was informed on July 21, 2025, that protected health information had been compromised in the attack. OCR was provided with a placeholder estimate of at least 501 individuals, as it had yet to be determined how many individuals had been affected. It took until October 2025 for Kettering Health to confirm the types of patient data compromised in the attack, although the file review was still ongoing at the time. The HIPAA Journal has been monitoring the OCR data breach portal for any update on the number...

Read More
OSHA Updates Heat-Related Hazards National Emphasis Program
Apr13

OSHA Updates Heat-Related Hazards National Emphasis Program

On April 10, 2026, two days after the Occupational Safety and Health Administration’s (OSHA) Heat National Emphasis Program (NEP) expired, OSHA announced an update to the NEP. The updated NEP is effective immediately and will remain in place for five years after the effective date, unless superseded by an updated directive; however, there are no indications that OSHA’s proposed national heat illness and injury prevention rule will progress to a final rule any time soon. The NEP – Outdoor and Indoor Heat-Related Hazards was originally issued on April 8, 2022, and was due to expire on April 8, 2025; however, it was extended for a further year in January 2025 by the Biden Administration, shortly before the administration change. The one-year extension was based on OSHA enforcement data. Between April 2022 and December 2024, OSHA conducted approximately 7,000 heat-related inspections, issued 60 citations for violations of the OSH Act related to heat hazards, issued almost 1,400 hazard alerts, and removed around 1,400 employees from hazardous heat conditions. After analyzing OSHA...

Read More
CMS Launches First Wave of Health Tech Ecosystem Health Information Sharing and Access Tools
Apr13

CMS Launches First Wave of Health Tech Ecosystem Health Information Sharing and Access Tools

The Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) has launched the first wave of Health Tech Ecosystem tools as part of its initiative to improve interoperability and patient access to their own health information. The CMS launched its Health Technology Ecosystem initiative in July 2025 to boost health data sharing through partnerships with major healthcare and technology firms, including Google, Amazon, Epic, and UnitedHealth Group. The initiative focuses on encouraging the adoption of the CMS Interoperability Framework, which allows patients to access their own healthcare data on any network using the digital health apps of their choice, and to increase the availability of digital health tools for care navigation and chronic disease management. At launch, more than 60 health tech firms had pledged to participate in the initiative. One of the key aims of the initiative is to allow patients to access all of their healthcare data quickly and easily, including medical records, prior authorizations, explanation of benefits, and claims,...

Read More
DermCare Management Data Breach Affects 1.4 Million Individuals
Apr13

DermCare Management Data Breach Affects 1.4 Million Individuals

Data breaches have recently been announced by DermCare Management in Florida, Option Care Health in New York, and Aetna in Connecticut. DermCare Management Discloses 2025 Hacking Incident DermCare Management, a Florida-based provider of practice management services to dermatology practices in Florida, Texas, California, and Virginia, has identified unauthorized access to its computer systems. Suspicious activity was identified within its computer network on February 26, 2025, and, assisted by third-party digital forensics specialists, DermCare Management determined on March 3, 2025, that there had been unauthorized network access between February 14, 2025, and February 26, 2025. During that time, patient information was either accessed or acquired. DermCare Management engaged data review specialists to determine the individuals affected and the types of data involved. Due to the complexity of the data, it took until March 2, 2026, to identify the individuals affected, the types of data involved, and obtain sufficient information to issue individual notification letters. DermCare...

Read More
HIPAA for Solo Practitioners
Apr13

HIPAA for Solo Practitioners

Article Summary HIPAA compliance matters beyond regulation because documentation, not intent, determines the outcome of an OCR investigation. The basics of what HIPAA requires cover the Privacy Rule, Security Rule, Breach Notification Rule, and Administrative Simplification Standards. Building a one-person HIPAA compliance program follows three steps covering PHI mapping, risk assessment, and safeguard implementation. Supporting elements of a one-person HIPAA program include documentation, training, vendor management, and periodic review. Day-to-day compliance in a one-person practice covers PHI workflows, patient rights requests, system security, and incident handling. Reducing the administrative burden depends on centralized documentation a solo practitioner can produce on request. Solo Practioner as HIPAA-Covered Entity A solo practitioner operating as a HIPAA-covered entity carries every compliance obligation that applies to a large group practice, with no administrative staff, compliance officer, or IT team to distribute the work. The HIPAA Privacy Rule, HIPAA Security Rule,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist