25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Mystic Valley Elder Services Agrees to Settle Class Action Data Breach Lawsuit for $520,000
Jan14

Mystic Valley Elder Services Agrees to Settle Class Action Data Breach Lawsuit for $520,000

The Malden, Massachusetts-based Mystic Valley Elder Services has agreed to pay $520,000 to settle a consolidated class action lawsuit stemming from an April 5, 2024, data breach. Unauthorized individuals gained access to the network of Mystic Valley Elder Services and potentially obtained the names, dates of birth, passport numbers, financial account numbers, payment card numbers, online credentials, taxpayer identification numbers, Social Security numbers, driver’s license numbers, health insurance information, and medical information of more than 89,600 individuals. Five class action complaints were filed in response to the data breach, which were consolidated in the Middlesex County Superior Court in Massachusetts. The consolidated class action lawsuit – In re Mystic Valley Elder Services Inc. – alleged that the data breach occurred as a result of cybersecurity failures, Mystic Valley Elder Services failed to detect the unauthorized activity in a timely manner, and did not send timely notifications to the affected individuals, who did not learn about the data breach until 6...

Read More
HIPAA Compliance for Nurses
Jan14

HIPAA Compliance for Nurses

HIPAA compliance for nurses is considered to mean adhering to policies and procedures developed by an organization’s HIPAA Privacy Officer and applying the best practices of security awareness training provided by an organization’s HIPAA Security Officer. However, sometimes it is necessary to do more than provide basic training to help nurses work compliantly. Under the Administrative Requirements of the HIPAA Privacy Rule, covered entities are required to implement policies and procedures with respect to Protected Health Information that are designed to meet the requirements, standards, and implementation specifications of the HIPAA Privacy and Breach Notification Rules. Covered entities are required to train all members of the workforce on the policies and procedures “as necessary and appropriate for the members of the workforce to carry out their functions with the Covered Entity”. The training should include details of the sanctions that apply when a nurse violates any HIPAA standard. Under the Administrative Safeguards of the HIPAA Security Rule, all members of the...

Read More
HIPAA Training for Students
Jan13

HIPAA Training for Students

HIPAA training for healthcare students ensures that they understand and adhere to HIPAA guidelines regarding the handling and protection of Protected Health Information (PHI), preparing them for responsible and compliant professional practices in their future healthcare careers. Because most undergraduate medical education is hospital-based, and because medical students in hospital environments have access to PHI, HIPAA training for students is important to ensure PHI is not disclosed due to a lack of knowledge. HIPAA training for students is not just a preventative measure, it is a requirement of the HIPAA Privacy Rule. This is because, although medical students might not be paid members of a Covered Entity’s workforce, §160.103 of the Privacy Rule defines a covered entity’s workforce as: “Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity or business associate, is under the direct control of such covered entity or business associate, whether or not they are paid by the covered entity or business...

Read More
Is Gmail HIPAA Compliant?
Jan13

Is Gmail HIPAA Compliant?

Gmail is HIPAA compliant, and can be used to receive, store, or send Protected Health Information (PHI) when Google’s email service is used as part of an Enterprise Workspace Plan supported by a Business Associate Addendum to the Workspace Terms of Service. To ensure Gmail is used compliantly, it is necessary to configure Workspace controls correctly, apply user policies, and train members of the workforce on how to use Gmail in compliance with HIPAA. In small medical practices without a dedicated HIPAA compliance officer to determine the appropriate procedures for using Gmail and an IT manager to configure Gmail in a HIPAA compliant way, the best option is to use a HIPAA-compliant email provider like Paubox. Gmail is the most popular personal email service in the world; and, because most employees are accustomed to how Gmail works, Google’s email service is widely used in business behind customized domain names (i.e., [email protected], rather than [email protected]). Although several methods exist to operate a Gmail account behind a customized domain name, the simplest method for...

Read More
Is ChatGPT HIPAA Compliant?
Jan13

Is ChatGPT HIPAA Compliant?

Generic ChatGPT services are not HIPAA compliant and cannot be used in a HIPAA-compliant manner because they do not offer the safeguards and Business Associate Agreements required under the HIPAA Security and Privacy Rules to protect PHI. However, OpenAI now offers ChatGPT for Healthcare that can support HIPAA compliance under specific conditions. Artificial intelligence tools have rapidly entered clinical, administrative, and patient‑facing workflows. Among them, ChatGPT has become one of the most widely recognized. But as healthcare organizations explore how to use AI responsibly in compliance with HIPAA and state laws governing the use of AI in healthcare, a central question emerges: Is ChatGPT HIPAA compliant? In most cases the answer is no. Most ChatGPT-based services cannot be configured to prevent unauthorized access, use, or disclosure of PHI, nor support HIPAA-standard access controls, activity logs, or audit trails. Furthermore, consumer ChatGPT services may use user inputs to improve the accuracy of outputs unless the user opts out or subscribes to a paid service level...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist