25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

OSHA Launches Initiatives to Help Employers Develop and Implement Effective Health & Safety Programs
Mar23

OSHA Launches Initiatives to Help Employers Develop and Implement Effective Health & Safety Programs

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has announced new initiatives to help employers develop and implement effective health and safety programs and meet federal workplace safety requirements. The Safety Champions Program The Safety Champions Program has been launched to help employers develop and implement effective workplace safety and health programs to improve safety and health and prevent workplace injuries, illnesses, and deaths. While any employer can sign up to become a safety champion, the program is especially beneficial for small businesses seeking to develop a more effective safety and health program. The program provides a comprehensive framework of policies, guidance, and requirements to help employees enhance their safety and health management program. The program incorporates the seven core elements of OSHA’s Safety and Health Program Recommended Practices – management leadership, worker participation, hazard identification & assessment, hazard prevention & control, education & training, program evaluation...

Read More
Balance Autism Settles Class Action Data Breach Lawsuit
Mar23

Balance Autism Settles Class Action Data Breach Lawsuit

Balance Autism has agreed to settle a class action lawsuit stemming from a security incident that exposed patient information. Altoona, Iowa-based Balance Autism identified a cybersecurity incident on or around March 17, 2025, that resulted in a data breach. Hackers had access to its network from March 11, 2025, to March 17, 2025, and obtained access to data such as names, dates of birth, Social Security numbers, health insurance information, and Medicaid numbers. The data breach was reported to the HHS’ Office for Civil Rights as involving unauthorized access to the protected health information of 1,281 individuals. A class action lawsuit – Bennett v. Balance Autism – was filed in the Iowa District Court for Polk County by plaintiff Andrea Bennett, individually and on behalf of other similarly affected individuals. The lawsuit alleged that the cybersecurity incident resulted from the defendant’s negligence in failing to implement reasonable and appropriate cybersecurity measures to protect sensitive data on its network. The lawsuit asserted claims for negligence,...

Read More
Akeela Data Breach Settlement Gets First Nod from the Court
Mar23

Akeela Data Breach Settlement Gets First Nod from the Court

In June of last year, we reported that a settlement had been agreed to resolve a class action lawsuit against Akeela, Inc., over a June 2023 cybersecurity incident and data breach. The case was stayed until July 18, 2025, and ahead of that date, the plaintiff was required to move for preliminary approval of class certification. Ahead of that date, the plaintiff, Jessica McRorie, dismissed her complaint without prejudice and immediately joined a separate complaint, Batin et al. v. Akeela, Inc., which made substantially similar allegations. The Batin case, filed in the Superior Court for Anchorage, Alaska, has recently been settled, and the settlement has received preliminary approval from the court. The Batin case lists Jessica McRorie, Elynnie Batin, Jane Doe, Rocky Hawley, Andrew Metcalf, Thomas Maxim, and Kathleet Yarr (Personal Representative for the Estate of Ian Christiansen) as plaintiffs, who allege that their names, Social Security numbers, dates of birth, and medical diagnosis and treatment information were exposed to cybercriminals as a result of the negligence of Akeela....

Read More
Navia Benefit Solutions Discloses Data Breach Affecting 2.7 Million Individuals
Mar20

Navia Benefit Solutions Discloses Data Breach Affecting 2.7 Million Individuals

Over a three-week period between December 2025 and January 2026, hackers had access to the network of a Washington-based employee benefits administrator and potentially acquired the data of almost 2.7 million* current and former participants and their dependents. Renton, WA-based Navia Benefit Solutions, Inc., provides employee benefits administration services, including Health Care Flexible Spending Accounts and COBRA benefits. The company works with employers to manage tax-advantaged healthcare and dependent care accounts, and as such, maintains large amounts of employee data. The company has more than 10,000 clients nationwide and more than 1 million participants. The intrusion was identified on or around January 15, 2026, and the forensic investigation confirmed that its computer environment was subject to unauthorized access from December 22, 2025, to January 15, 2026. According to the breach notice provided to the Maine Attorney General, 2,697,540 individuals have been affected. Navia Benefit Solutions uploaded a substitute breach notice to its website on March 13, 2026, and...

Read More
Essen Medical Associates Agree to $4 Million Settlement to Resolve Class Action Data Breach Lawsuit
Mar20

Essen Medical Associates Agree to $4 Million Settlement to Resolve Class Action Data Breach Lawsuit

Essen Medical Associates has agreed to pay $4,000,000 to resolve class action litigation over a March 2023 cyberattack and data breach that affected 904,672 current and former patients. Essen Medical, a New York-based healthcare provider, experienced a cyberattack that saw hackers access its network between March 14, 2023, and March 22, 2023. Data exposed in the incident included personally identifiable information and protected health information such as names, driver’s license numbers/state identification numbers, U.S. alien registration numbers, non-U.S. identification numbers, passport numbers, financial account information, dates of birth, Social Security numbers, medical treatment information, and health insurance information. The data breach sparked several class action lawsuits, which were consolidated – Rivera, et al. v. Essen Medical Associates, P.C – in the Supreme Court of the State of New York, County of Bronx. The consolidated lawsuit alleged that the cyberattack was preventable and was the result of the defendant’s failure to implement adequate and appropriate...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist