25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Broward Health Notifies Over 1.3 Million Individuals About October 2021 Data Breach
Jan04

Broward Health Notifies Over 1.3 Million Individuals About October 2021 Data Breach

A major data breach has been announced by Florida’s Broward Health involving the personal and protected health information of more than 1.35 million individuals. The data breach occurred on October 15, 2021, when a hacker gained access to the Broward Health network through the office of a third-party medical provider that had been granted access to the Broward Health network for providing healthcare services. Broward Health discovered and blocked the intrusion on October 19, 2021, and a password reset was performed for all employees to prevent further unauthorized access. Assisted by a third-party cybersecurity company, Broward Health conducted a comprehensive investigation to determine the nature and scope of the HIPAA compliance breach. The investigation confirmed the attacker had access to parts of the network where employee and patient information were stored, including sensitive data such as names, dates of birth, addresses, email addresses, phone numbers, Social Security numbers, financial/bank account information, health insurance information, medical histories, health...

Read More
2020-2021 HIPAA Violation Cases and Penalties
Jan04

2020-2021 HIPAA Violation Cases and Penalties

The Department of Health and Human Services’ Office for Civil Rights (OCR) settled 19 HIPAA compliance violation cases in 2020. More financial penalties were issued in 2020 than in any other year since the Department of Health and Human Services was given the authority to enforce HIPAA compliance. $13,554,900 was paid to OCR to settle the HIPAA violation cases. 2021 saw a slight reduction in the number of settlements and fines for HIPAA violations, with 14 enforcement actions announced by OCR. Even so, 2021 had the second-highest number of HIPAA fines of any year since OCR started enforcing compliance with the HIPAA Rules. While the number of penalties was still high in 2021, there was a sizeable reduction in penalty amounts which totaled $5,982,150 for the year, and $5,100,000 of that total came from just one enforcement action. The reason for this is that most of the penalties were for violations of the HIPAA Right of Access, and were in response to investigations of complaints filed by patients who had not been provided with timely access to their medical records, rather than...

Read More

Saltzer Health Alerts Patients About PHI Exposure in Email Account Breach

Nampa, Idaho-based Saltzer Health has started notifying certain patients that some of their protected health information (PHI) has been exposed in an email account breach that was detected on June 1, 2021. The investigation revealed an unauthorized individual had access to an employee’s email account between May 25, 2021, and June 1, 2021. Saltzer Health was unable to find evidence indicating the attacker viewed or exfiltrated emails from the account, but it was not possible to rule the possibility of unauthorized PHI access and data theft. The investigation confirmed the breach was confined to a single email account and no other systems were affected. Assisted by third-party specialists, Saltzer Health conducted a comprehensive review of the email account to determine which patients had been affected. The review was completed on September 21, 2021, and revealed the following types of patient data were stored in the account: Names, contact information, state identification numbers, driver’s license numbers, medical record numbers, medical histories, diagnoses, treatment...

Read More

92% of IT Leaders Guilty of Password Reuse

A recent survey has revealed password reuse is rife, even amongst IT leaders who should know better. 92% of IT leaders admitted to reusing passwords for multiple accounts, even though this is a significant security risk. Password best practices include setting a strong, unique password for each account. If passwords are reused across multiple accounts, all it takes is for one of those accounts to be compromised for all other accounts that use that password to be accessed. Password reuse is exploited in credential stuffing attacks, where threat actors use lists of passwords obtained in previous data breaches to try to gain access to other accounts. These attacks are automated, often using multiple IPs to try small numbers of passwords to avoid being locked out of accounts. The survey was conducted by the password manager provider Bitwarden, which also found that other poor password practices were common. 53% of respondents stored passwords in documents on their computers, and 29% wrote their passwords down to make sure they did not forget them. 53% of IT decision-makers said they...

Read More
Avalon Healthcare Settles HIPAA Case with Oregon and Utah State AGs and Pays $200,000 Penalty
Jan01

Avalon Healthcare Settles HIPAA Case with Oregon and Utah State AGs and Pays $200,000 Penalty

Avalon Healthcare has agreed to settle alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) and state laws with the Oregon and Utah Attorneys General that were uncovered during an investigation of a 2019 breach of the personal and protected health information of 14,500 of its employees and patients. Avalon Healthcare is part of the Avalon Health Care Group and provides skilled nursing, therapy, senior living, assisted living, and other medical services throughout Oregon, Utah, California, Nevada, Washington, and Hawaii. In July 2019, an employee responded to a phishing email and disclosed credentials that allowed an email account to be accessed by unauthorized individuals. The account contained sensitive information such as names, addresses, Social Security numbers, dates of birth, driver’s license numbers, medical treatment information, and some financial information. It took 10 months from the date of the breach for the incident to be reported to the HHS and state attorneys general, and for affected individuals to be notified. Oregon Attorney...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist