25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Hacking Incidents Reported by Illinois Gastroenterology Group & the Mental Health Center of Greater Manchester

Illinois Gastroenterology Group has recently announced that unauthorized individuals gained access to its computer environment and potentially accessed and exfiltrated sensitive patient data. The cyberattack was detected on October 22, 2021, when suspicious activity was identified within its computer network. Third-party cybersecurity specialists were engaged to investigate the attack and determine the nature and scope of the incident. On November 18, 2021, Illinois Gastroenterology learned that the parts of its systems that were accessed by unauthorized individuals contained patient information such as names, addresses, birth dates, Social Security numbers, driver’s license numbers, passport numbers, financial account information, payment card information, employer-assigned identification numbers, medical information, and biometric data. Illinois Gastroenterology said it was not possible to rule out unauthorized viewing or theft of files containing patient data, but at the time of issuing notification letters, no reports had been received to suggest any fraudulent misuse of the...

Read More

Email Security Incidents Reported by HealthPlex and Optima Dermatology

Healthplex Inc., one of the largest providers of dental insurance in New York State, has announced that the email account of an employee was compromised in a phishing attack on November 24, 2021. Upon discovery of the breach, the email account was immediately secured to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the breach. On April 5, 2021, Healthplex confirmed that the email account contained the personal and protected health information of 89,955 individuals who had previously enrolled in its dental plans. The exposed information varied from individual to individual and may have included first and last names in combination with one or more of the following data types: Address, group name and number, member ID number, plan affiliation, date of birth, date of service, provider name, ADA codes and their description, billed/paid amounts, prescription drug names, Social Security number, banking information, credit card number, username and password for the member portal, email address, phone number, and driver’s license...

Read More
Connecticut Passes Comprehensive Data Privacy Law
May06

Connecticut Passes Comprehensive Data Privacy Law

Connecticut has joined California, Colorado, Utah, and Virginia in passing a comprehensive new data privacy law that establishes responsibilities for businesses that collect and process the personal data of state residents and gives consumers new rights. The Connecticut Data Privacy Act (Senate Bill 6) was passed 35-0 by the Senate and 144-5 in the House of Representatives and awaits the signature of the state Governor, Ned Lamont. The new privacy law comes into effect on July 1, 2023. The new law establishes a framework for controlling and processing the personal data of state residents, sets privacy protection standards for data controllers and data processors, and gives state residents rights over the collection and use of their personal data. Consumers will be given the right to access their personal data held by a company, obtain a copy of that information, and correct any errors. Consumers will also have the right to be forgotten and have their personal data deleted. Consumers can also choose to opt out of the processing of their personal data for targeted advertising,...

Read More
New Framework for Assessing the Privacy, Security, and Safety of Digital Health Technologies
May06

New Framework for Assessing the Privacy, Security, and Safety of Digital Health Technologies

The American College of Physicians (ACP), American Telemedicine Association (ATA), and the Organization for the Review of Care and Health Applications (ORCHA) have collaborated to produce a new framework for assessing the digital health technologies used by healthcare professionals and patients. Currently, more than 86 million Americans use a health or fitness app. These digital health technologies, which include more than 365,000 individual products, can collect, store, process, and transmit personal and health information that would be classed as protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA); however, the majority of these technologies are not covered by HIPAA and fall outside of other regulations, federal laws, and government guidance. The lack of guidance in this area is hindering the adoption of digital health technologies, which have tremendous potential for improving condition management, clinical risk assessment, and decision support. The developers of digital health technologies often share user data collected by...

Read More
NIST Publishes Updated Cybersecurity Supply Chain Risk Management Guidance
May06

NIST Publishes Updated Cybersecurity Supply Chain Risk Management Guidance

On Thursday, the National Institute of Standards and Technology (NIST) published updated cybersecurity supply chain risk management (C-SCRM) guidance to help organizations develop an effective program for identifying, assessing, and responding to cybersecurity risks throughout the supply chain. Cyber threat actors are increasingly targeting the supply chain. A successful attack on a single supplier can allow the threat actor to compromise the networks of all companies that use the product or service, as was the case with the REvil ransomware attack on Kaseya in 2021. The threat actors exploited a vulnerability in Kaseya VSA software and the attack affected up to 1,500 businesses. The publication, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1), is the result of a multiyear process that included the release of two draft versions of the guidance. The updated guidance can be used to identify, assess, and respond to cybersecurity risks throughout the supply chain at all levels of an organization. While...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist