25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

McLaren Health Care Pays $14 Million to Settle Litigation Over Ransomware Attacks
Feb10

McLaren Health Care Pays $14 Million to Settle Litigation Over Ransomware Attacks

McLaren Health Care has agreed to pay $14 million to settle class action litigation stemming from two ransomware attacks in 2023 and 2024 that affected more than 2.8 million patients and employees. McLaren Health Care is a Grand Rapids, Michigan-based integrated healthcare delivery system that operates 12 hospitals and many healthcare facilities in Michigan, Indiana, and Ohio, and also a health plan. Over the space of a year, McLaren Health Care experienced two ransomware attacks. The first attack was conducted by the ALPHV/BlackCat ransomware group, which had access to its computer network from July 28, 2023, to August 23, 2023. The second attack was conducted by the Inc Ransom ransomware group, which accessed its network between July 17, 2024, and August 3, 2024. The ALPHV/BlackCat ransomware attack affected 2,103,881 individuals, and the Inc Ransom ransomware attack affected 743,131 individuals. Data compromised in the attacks included names, Social Security numbers, information about past, present, or future physical, mental, or behavioral health or conditions, the provision of...

Read More
Jefferson-Blount-St. Clair Mental Health Authority Data Breach Affects 30,000 Patients
Feb09

Jefferson-Blount-St. Clair Mental Health Authority Data Breach Affects 30,000 Patients

Jefferson-Blount-St. Clair Mental Health Authority in Alabama, Cottage Hospital in New Hampshire, WindRose Health Network in Indiana, and Iroquois Memorial Hospital in Illinois have announced that patient data has been exposed in hacking incidents. Jefferson-Blount-St. Clair Mental Health Authority, Alabama Jefferson-Blount-St. Clair (JBS) Mental Health Authority in Alabama has notified more than 30,000 individuals that some of their personal and protected health information was exposed and potentially acquired in a ransomware attack. Suspicious activity was identified within its computer network on or around November 25, 2026. The investigation confirmed that hackers gained access to its network on November 25, 2026, and potentially viewed or acquired information relating to individuals who were patients or employees between 2011 and 2025. The file review has recently concluded and confirmed that the exposed data included names, Social Security numbers, health insurance information, dates of birth, and medical information, which may have included diagnoses, physician information,...

Read More
HIPAA Compliant Email: Best Practice To Avoid Violations & Breaches
Feb09

HIPAA Compliant Email: Best Practice To Avoid Violations & Breaches

This practical guide to HIPAA compliant email services explains how to achieve best practice compliance by avoiding the common misunderstandings and implementation errors that cause the preventable email violations that lead to breaches and fines. It has become increasingly clear that many aspects of HIPAA compliant email are either not understood or badly implemented, leaving a large number of healthcare organizations of all sizes wrongly believing their email is both secure and HIPAA compliant. Unfortunately, many easily preventable issues only come to light after it is too late and a breach has taken place. The Office for Civil Rights receives around 60,000 notifications of data breaches each year, of which many are wrongful disclosures of Protected Health Information (PHI) attributable to email violations. What Is Required For HIPAA Email Compliance? From an organizational perspective, when looking into HIPAA email compliance services there are three areas that should be considered, each of which is covered in more detail below: 1. HIPAA Compliance: What is required for...

Read More
Failure to Provide a Medical Screening Examination Results in HHS-OIG Penalty
Feb09

Failure to Provide a Medical Screening Examination Results in HHS-OIG Penalty

Two hospitals have entered into settlement agreements with the Department of Health and Human Services (HHS) Office of Inspector General (OIG) to resolve alleged violations of the Emergency Medical Treatment and Labor Act (EMTALA). EMTALA requires Medicare-participating hospitals with emergency departments to provide a medical screening examination and stabilizing treatment for any patient, regardless of the patient’s ability to pay. Patients must not be transferred unless they have first been provided with stabilizing treatment, unless the patient requests a transfer in writing, the benefits outweigh the risks, and if the receiving hospital agrees to accept the patient. Transfers are also permitted if the hospital does not have the capabilities to stabilize the patient, in which case, the patient can be transferred to a hospital with specialized capabilities. Cordell Memorial Hospital in Oklahoma was investigated by HHS-OIG after an alleged failure to provide a medical screening examination to a pregnant patient in active labor, who presented at the hospital on January 27,...

Read More
HIPAA Training for Physical Therapists
Feb08

HIPAA Training for Physical Therapists

Physical therapists must receive documented HIPAA training that covers the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule, is provided during onboarding and refreshed annually as an industry best practice, and is reinforced through security awareness training so protected health information is used, disclosed, safeguarded, and reported in a manner consistent with HIPAA requirements and organizational policies. Physical therapy services routinely involve protected health information in evaluations, plan of care documentation, progress notes, referrals, prior authorizations, billing records, and communications with physicians, payers, and care coordinators. Training must account for these routine touchpoints where privacy, security, and incident reporting obligations arise. HIPAA training should be provided to physical therapists during onboarding within a reasonable period after the start of work or access authorization and aligned with the point at which access to systems and records is granted. Training completion should be tracked before independent...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist