25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Fertility App Provider Sued for Sharing User Data with Chinese Firms Without Consent
Feb03

Fertility App Provider Sued for Sharing User Data with Chinese Firms Without Consent

A lawsuit has been filed against Burr Ridge, IL-based Easy Healthcare Corp. over the alleged sharing of sensitive user data with third-party firms based in China without user consent. Easy Healthcare Corp is the developer of Premom, a popular smartphone fertility app for tracking users’ ovulation cycles to identify their most fertile days. The lawsuit alleges a range of sensitive user data has been shared with at least three Chinese companies without obtaining users’ consent. Since the data is stored on servers in China, the lawsuit alleges sensitive information could potentially be accessed or seized by the Chinese government. The data transmitted to the Chinese companies includes sensitive healthcare information, geolocation data, user and advertiser IDs, device activity data, and device hardware identifiers. Since the identifiers do not change, combining them with information where it was observed would allow data collectors to reconstruct app users’ activities. Identifiers shared with the Chinese firms include Wi-Fi media access controls or MAC addresses, which are unique...

Read More
OIG: Two VA Employees Concealed Privacy and Security Risks of a Big Data Project
Feb02

OIG: Two VA Employees Concealed Privacy and Security Risks of a Big Data Project

Two members of the Department of Veteran Affairs’ (VA) information technology staff are alleged to have made false representations about the privacy and security risks of a big data AI project between the VA and a private company that would have seen the private and confidential health data of tens of millions of veterans fed into the AI system. An administrative investigation was conducted by the VA Office of Inspector General (OIG) into a potential conflict of interest related to a cooperative research and development agreement (CRADA) between the VA and a private company in 2016. The purpose of the collaboration was to improve the health and wellness of veterans using AI and deep learning technology developed by Flow Health. The project aimed to identify common elements that make people susceptible to disease, identify potential treatments and possible side effects to inform care decisions and to improve the accuracy of diagnoses. The CRADA would have resulted in the private and confidential health data, including genomic data, of all veterans who had received medical treatment...

Read More

Montefiore Medical Center and Bethesda Hospital Fire Employees for HIPAA Breaches

Baptist Health’s Bethesda Hospital in Boynton Beach, FL has fired an employee for impermissibly accessing a patient’s protected health information and altering a home health order which was used to provide a patient with home care services. The HIPAA breach was identified on December 1, 2020, prompting an internal investigation. The employee has now been terminated and the incident reported to law enforcement. The investigation revealed other patient records may also have been accessed by the former employee between June 1, 2019 and December 2, 2020. The types of information potentially viewed included names, dates of birth, addresses, health insurance information, Social Security numbers, and clinical documentation. All affected individuals have been notified and offered complimentary identity theft protection and credit monitoring services and Baptist Health is exploring ways to further safeguard patients’ protected health information and prevent similar breaches in the future. The incident has yet to be listed on the HHS’ Office for Civil Rights’ website so it is currently...

Read More

Failure to Patch Results in 7-Year Breach of Florida Medicaid Applicants’ PHI and Exposure of 3.5 Million Records

The Tallahassee, FL-based Medicaid health plan, Florida Healthy Kids Corporation, has discovered its web hosting provider failed to patch vulnerabilities which were exploited by cybercriminals to gain access to its website and the HIPAA protected health information of applicants for benefits for the past 7 years. The breach is listed on the HHS’ Office for Civil Rights breach portal as affecting 3.5 million individuals, making this one of the largest healthcare data breaches of all time. Florida Healthy Kids used Jelly Bean Communications Design, LLC. for hosting its website. The website included an online application that recorded information about individuals when they applied for Florida KidCare benefits or renewed their health or dental coverage online. On December 9, 2020, Jelly Bean Communications notified Florida Healthy Kids that unauthorized individuals had gained access to the website and tampered with the addresses of several thousand applicants. Florida Healthy Kids engaged cybersecurity experts to conduct an investigation to determine the scope and severity of...

Read More

Philadelphia Department of Public Health Terminates Vaccine Distribution Contract Over Alleged Privacy Violations

Philly Fighting COVID, a company tasked with distributing COVID-19 vaccinations to the city of Philadelphia, has had its contract with the Philadelphia Department of Public Health terminated after allegations were made that the company’s privacy policies may have allowed the sale of individuals’ data to third parties. Philly Fighting COVID started out as a nonprofit that was initially focused on coronavirus testing before pivoting to administering COVID-19 vaccinations. The startup won the contract to run Philadelphia’s first community vaccine clinic, which was launched by the Department for Public Health on January 8, 2021. Philly Fighting COVID created a website where Philadelphians were encouraged to pre-register for the vaccines and were required to provide information such as names, contact information, date of birth, zip code, and other data, with the data intended to be provided to the Health Department and used to improve vaccination efforts, such as identifying the best locations to open further vaccine clinics. More than 60,000 individuals used the website and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist