25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

NIST Releases Draft Guidance for Ransomware Risk Management
Jun22

NIST Releases Draft Guidance for Ransomware Risk Management

The National Institute of Standards and Technology (NIST) has released a draft Cybersecurity Framework Profile for Ransomware Risk Management to help organizations prevent, respond and recover from ransomware attacks. The Ransomware Profile is intended to be used by organizations that have adopted the NIST Cybersecurity Framework and want to improve their risk postures or any organization that has not yet adopted the Framework but wants to implement a risk management framework to meet ransomware threats. The Ransomware Profile can be used to identify and prioritize opportunities for improving their ransomware resistance. The Ransomware Profile includes a series of steps that should be taken to prevent ransomware attacks and effectively manage ransomware risk. It should be used in conjunction with the NIST Cybersecurity Framework, other NIST guidance, and guidance issued by the Federal Bureau of Investigation and Department of Homeland Security. The Ransomware Profile outlines basic measures that can be implemented to improve defenses against ransomware attacks. These include the...

Read More

South Texas Health System and Atricure Report Email Incidents

South Texas Health System has notified 6,761 individuals about an accidental disclosure of some of their protected health information. South Texas Health System provides discharge instructions after patients receive medical care in its hospitals. Part of that process involves an employee generating and emailing a monthly report that identifies patients that have been discharged from its hospital emergency departments. South Texas Health System discovered on April 8, 2021 that an email with an attached November 2020 report was sent to an incorrect email address on April 7. Steps were taken to try to identify the recipient and get the email deleted, but that individual remains unknown and it is unclear whether the email has been opened, viewed, or deleted. The email attachment contained a list of patients discharged from its hospital emergency departments in November 2020, which included names, internal hospital visit numbers, date and time of discharge, whether discharge instructions were provided, and information about where the patients were discharged. The nature of the data in...

Read More
May 2021 Healthcare Data Breach Report
Jun18

May 2021 Healthcare Data Breach Report

May was the worst month of 2021 to date for healthcare data breaches. There were 63 breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights in May. For the past three months, breaches have been reported at a rate of more than 2 per day. The average number of healthcare data breaches per month has now risen to 54.67. May was also the worst month of the year in terms of the severity of breaches. 6,535,130 healthcare records were breached across those 63 incidents. The average number of breached healthcare records each month has now risen to 3,323,116. 17,733,372 healthcare records have now been exposed or impermissibly disclosed so far in 2021 and almost 40 million records (39.87M) have been breached in the past 12 months. Largest Healthcare Data Breaches Reported in April 2021 As was the case in April, there were 19 healthcare data breaches involving 10,000 or more records and 7 of those breaches involved 100,000 or more records. All but one of those breaches was a hacking incident or involved It systems being compromised by...

Read More

NorthWest Congenital Heart Care Reports Theft of Device Containing PHI of 1,166 Patients

Washington-based NorthWest Congenital Heart Care is alerting 1,166 patients that some of their protected health information has been acquired by an unauthorized individual. On May 7, 2021, an unauthorized third party entered the office of a single NWCHC physician and stole an external hard drive that was used for data backups. The theft was reported to law enforcement, but the hard drive has not been recovered. A review of the data backups revealed they contained patient information such as names, dates of birth, ages, medical and treatment information, dates of service, location of service, physician names, services requested, procedures performed, diagnosis codes, diagnosis and treatment descriptions, medical record numbers and, for one individual, health insurance information. To reduce the risk of future data breaches, NorthWest Congenital Heart Care will be eliminating the use of external hard drives for data backups. Superior HealthPlan Members Affected by Accellion Data Breach 2,781 members of Superior HealthPlan in Texas have been notified that some of their protected...

Read More
Connecticut Legislature Enhances Data Breach Notification Law
Jun17

Connecticut Legislature Enhances Data Breach Notification Law

The Connecticut legislature has enhanced its data breach notification law, expanding the definition of personal information and shortening the maximum time frame for issuing breach notifications. The new law brings the data breach notification requirements in the state of Connecticut in line with those of other states that have recently updated their own privacy and security laws. The new data breach notification law was unanimously passed by the House of Representatives and the Senate and now awaits state Governor Ned Lamont’s signature. “Connecticut has led the nation in data privacy for over a decade, and this legislation ensures that we will continue to do so. Since we passed one of our nation’s first laws protecting consumers from online data breaches, technology and risks have evolved,” said Attorney General William Tong. “This legislation ensures that our laws reflect those evolving risks and continue to offer strong, comprehensive protection for Connecticut residents,” Previously, notification letters were only required for breaches of an individual’s first name or initial...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist