25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Training for Receptionists
Feb08

HIPAA Training for Receptionists

HIPAA training for receptionists is mandatory workforce training on the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and HIPAA Minimum Necessary Rule that prepares front-desk staff to safeguard protected health information during registration, scheduling, telephone calls, visitor management, payments, and routine coordination of care, with training provided during onboarding and repeated as an annual HIPAA refresher training. All workforce members must receive HIPAA training when they join the organization. HIPAA training is mandatory for workforce members who handle protected health information. Annual HIPAA training is industry best practice. Training on HIPAA rules and regulations is the first step. Internal policies and procedures follow after staff understand the regulatory requirements and baseline HIPAA administrative safeguards that apply across workflows. Receptionist Work Activities That Create HIPAA Exposure Receptionists interact with protected health information in high-traffic areas and in time-pressured exchanges. Common exposure points...

Read More
Director of Operations and HIPAA Compliance Oversight in Small Practices
Feb07

Director of Operations and HIPAA Compliance Oversight in Small Practices

Article Summary Physical safeguards and facility oversight require securing spaces where protected health information is stored or accessed. Contingency planning and business continuity depend on a tested plan for system outages and disasters. Coordinating compliance across departments aligns IT, clinical, and administrative efforts under one function. Operational elements a Director of Operations should oversee include facility walkthroughs, contingency testing, and vendor contract review. Budgeting for compliance infrastructure compares ongoing software costs against reactive spending after an incident. Multi-location compliance consistency depends on standardized policies and consolidated documentation across sites. Vendor and technology contract oversight confirms technical safeguard commitments appear in writing. Measuring compliance as an operational metric applies the same tracking discipline used for other practice metrics. Responding to operational disruptions involving a breach coordinates technical recovery with the compliance-specific breach assessment. When a Director...

Read More
DOCS Dermatology Group; Center for Neuropsychology and Learning Disclose Data Breaches
Feb06

DOCS Dermatology Group; Center for Neuropsychology and Learning Disclose Data Breaches

Central States Dermatology Services (DOCS Dermatology Group) in Ohio and The Center for Neuropsychology and Learning in Michigan have identified unauthorized access to patient data. Central States Dermatology Services, Ohio Central States Dermatology Services, LLC, doing business as DOCS Dermatology Group (DOCS), has disclosed a security incident that was identified on November 27, 2025. Suspicious activity was identified within its network, and, assisted by third-party cybersecurity experts, DOCS determined that an unauthorized third party had access to its network from November 19, 2025, to November 27, 2025. The data review is ongoing, so the number of affected individuals had yet to be confirmed; however, DOCS has determined that the data compromised in the incident includes names in combination with one or more of the following: address, email address, phone number, date of birth, Social Security number, treatment/diagnosis information, prescription/medication information, dates of service, provider name, medical record number, patient account number, Medicare/Medicaid ID...

Read More
What is Medical Practice Management Software?
Feb05

What is Medical Practice Management Software?

Medical practice management software is a clinic operations system that helps a medical practice schedule patients, manage medical billing and payments, track day to day clinical workflows, and monitor performance from one place. Practice management software sits at the center of administrative work. It supports front desk scheduling, patient registration, insurance workflows, checkout, and financial reporting, while also helping clinical and administrative teams stay organized as a practice grows. Many platforms also connect to or include EHR tools, patient messaging, and claims workflows, so teams do not have to juggle multiple disconnected systems. What Medical Practice Management Software Helps a Practice Do A strong practice management platform is built to reduce manual steps. It helps staff avoid duplicate data entry, prevents missed charges, shortens the time from visit to claim, and improves visibility into what is happening across the practice. For many practices, it also improves the patient experience through smoother booking, reminders, and payment options. Common users...

Read More
Healthcare Technology Company Discloses Ransomware Attack
Feb05

Healthcare Technology Company Discloses Ransomware Attack

Cyberattacks and data breaches have recently been announced by the healthcare technology company Insightin Health and the Colorado-based medical billing and practice management company, Clinic Service Corporation. Insightin Health, Maryland Insightin Health, a Baltimore, MD-based healthcare technology company that offers an AI-driven digital health platform to health insurers and payers, has experienced a cyberattack involving unauthorized access to patient data. Suspicious network activity was identified in September 2025, and the forensic investigation confirmed unauthorized access to its network between September 17, 2025, and September 23, 2025. The data review revealed the exposed files included protected health information associated with its clients, such as names, dates of birth, contract numbers, health insurance providers’ non-unique identifiers, Medicare Beneficiary Identifiers, and information associated with attributed providers. The substitute data breach notice includes steps that the affected individuals can take to protect themselves against misuse of their...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist