25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Compliance for Practice Managers
Mar11

HIPAA Compliance for Practice Managers

Article Summary Building and maintaining the HIPAA compliance program requires a designated Privacy Officer and Security Officer with documentation supporting each role. Developing policies that reflect practice operations means written procedures matching the real workflows staff follow. Scheduling and documenting workforce training covers onboarding, refresher training, and a current Security Risk Analysis with a tracked remediation plan. Day-to-day HIPAA compliance across practice operations spans access control, patient rights requests, system security, vendor agreements, and breach assessment. HIPAA software and training tools for practice managers centralize policy generation, risk analysis tracking, and training completion records. Practices Managers Running HIPAA Compliance Programs Practice managers occupy one of the most compliance-exposed positions in a healthcare organization because they are responsible for both the structural integrity of the HIPAA program and the accuracy of its daily execution across every function the practice performs. The HIPAA Privacy Rule,...

Read More
Texas Governor Instructs State Agencies to Audit Chinese Medical Devices
Mar10

Texas Governor Instructs State Agencies to Audit Chinese Medical Devices

Texas Governor Greg Abbot has ordered all state agencies and state-owned medical facilities to conduct an audit of patient monitoring devices to ensure that they do not have unresolved vulnerabilities that could be exploited to gain access to Texans’ sensitive health information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the United States Food and Drug Administration (FDA) have issued warnings about vulnerabilities in patient monitoring devices manufactured in China. Devices have been found to contain a backdoor that can be used by a remote attacker to gain access to sensitive patient data. There has been a proliferation of Chinese-manufactured medical devices within the U.S. healthcare system. The concern is that these devices have backdoors that can be exploited by state-sponsored hacking groups to obtain the private medical information of Americans. Governor Abbot wants to make sure that the private medical data of Texans cannot be obtained by China. “I will not let Communist China spy on Texans. State-owned medical facilities must ensure there are...

Read More
Trump Administration Announces Aggressive Cyber Strategy
Mar10

Trump Administration Announces Aggressive Cyber Strategy

The Trump administration has announced its long-awaited cybersecurity strategy. While light on detail, the Trump administration has committed to deploying the full suite of defensive and offensive cyber operations available to the U.S. government and will aggressively target transnational cybercrime groups to protect Americans. For many years, cybercriminals have targeted the United States more than any other country, and cyberattacks have been growing in volume and sophistication. Financially motivated cybercriminals and state-sponsored hacking groups continue to target the U.S. government and private sector firms, with Russia, China, Iran, and North Korea posing the greatest threat to critical infrastructure and national security. In contrast to published strategies from past administrations, none of these countries is named in the policy document. The document – President Trump’s CYBER STRATEGY for America – announces six policy pillars that underpin the strategy. Each of the six policy pillars is vital for national security; however, the document lacks detail on how the...

Read More
February 2025 Cyberattack Affected More Than 230K Bell Ambulance Patients
Mar10

February 2025 Cyberattack Affected More Than 230K Bell Ambulance Patients

Bell Ambulance has confirmed that the protected health information of more than 230,000 patients was compromised in a February 2025 cyberattack. Data breaches have also been reported by Northwest Medical Homes in Oregon, and the New York Plastic surgeon, Alexes Hazen, MD. Bell Ambulance, Wisconsin Bell Ambulance, a Milwaukee, Wisconsin-based ambulance service, has notified the Maine Attorney General that a hacking incident identified in February 2025 has affected 237,830 individuals. Bell Ambulance detected unauthorized activity within its network on February 13, 2025. Third party cybersecurity experts were engaged to investigate the data breach, and confirmed that the protected health information of 114,000 individuals had been compromised in the incident. Notification letters were sent to those individuals on April 18, 2025; however, the data review had not yet concluded. It has taken a year to review all data potentially compromised in the incident. On January 15, 2026, additional individuals were notified that they had been affected, and the data review concluded on February...

Read More
Alabama Hospital Recently Informed About 2024 Data Breach
Mar09

Alabama Hospital Recently Informed About 2024 Data Breach

Jackson Hospital and Clinic in Montgomery, Alabama, has notified 14,485 individuals about a July 2024 data breach at one of its former vendors, the debt collection agency Nationwide Recovery Services. Nationwide Recovery Services first identified suspicious activity within its computer network in July 2024. The forensic investigation confirmed that an unauthorized third party accessed its network between July 5, 2024, and July 15, 2024. Nationwide Recovery Services notified the affected HIPAA-regulated entity clients between February 2025 and March 2025; however, Jackson Hospital and Clinic said it was not informed that it was one of the affected clients until January 27, 2026. Notification letters started to be mailed to the affected individuals on February 27, 2026, more than 19 months after the data breach occurred. Jackson Hospital and Clinic said the incident involved data provided to Nationwide Recovery Services to allow the company to perform its contracted duties. None of Jackson Hospital and Clinic’s information technology systems were affected. Data potentially...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist