25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Privacy Risks Found on Almost All Websites Offering COVID-19 Information

A recent study published in JAMA found almost all websites offering information on COVID-19 have third-party tracking code that poses a privacy risk. Many web pages include tracking code that collects information about website visitors and transfers the data to third parties. Code is loaded on websites that initiates a data transfer that often includes details of the URLs that have been visited and the user’s IP address.  Other information may also be collected, and that information allows detailed profiles to be built up on people’s browsing habits and interests. Since IP addresses are collected, that information can easily be tied to a specific individual. Researchers at the University of Pennsylvania Perelman School of Medicine and Carnegie Mellon University’s School of Computer Science had previously conducted a study of 1 million web pages, including health-related websites, and found that 91% of those websites included a third party data request and 70% had third-party cookies. The researchers turned their attention to websites offering information on COVID-19, such sites...

Read More

Privacy Lawsuit Against UChicago and Google Dismissed by Federal Judge

A potential class action lawsuit filed against the University of Chicago, UChicago Medicine, and Google over an alleged privacy and HIPAA breach has been dismissed by a Federal judge. The lawsuit was filed in June 2019 in response to an alleged violation of HIPAA Rules related to a data sharing partnership between the University of Chicago Medicine and Google. In 2017, the University of Chicago Medicine sent the de-identified data of patients to Google as part of an initiative to use medical records to improve predictive analysis of hospitalizations, and by doing so, improve the quality of patient care. The aim of the partnership was to use machine learning techniques to identify when a patient’s health is declining, to allow timely interventions to prevent hospitalization. The University of Chicago Medicine sent hundreds of thousands of patient records dating from 2009 to 2016 to Google. The data shared with Google was deidentified but contained physicians’ notes and time stamps of dates of service. The lawsuit was filed by Edelson PC on behalf of lead plaintiff, Matt Dinerstein,...

Read More

Up to 308,000 Patients Potentially Affected by Baton Rouge Clinic Ransomware Attack

The Baton Rouge Clinic in Louisiana experienced a cyberattack in early July that took its email and phone system out of action and limited its lab and radiology services. The cyberattack, which involved ransomware, took certain systems out of action for several weeks. It is now two months after the attack and the external email system is still not working. The clinic’s medical record system was not breached, so the data potentially viewed and/or obtained were limited. The attack was performed by an overseas adversary, according to a statement issued by the clinic. It is unclear whether the ransom was paid. The clinic said, “We followed the recommendations our cybersecurity firm made to us in consultation with the FBI.” The investigation into the breach confirmed that the attackers potentially accessed the protected health information of 85 patients, all of whom have now been notified. The types of information involved were EMR data downloaded in order to send claims to insurance companies. Separate breach notification letters were also sent to 308,000 patients. Those individuals...

Read More

Poll Shows Consumers Unaware of the Extent Health Insurers Gather and Use Consumer-Generated Data

Health insurers are collecting online data about consumers and using the information to predict an individual’s likely healthcare costs. Consumer-generated data are collected and used to create profiles, which could be used to determine appropriate premiums. Consumer-generated data is distinct from protected health information (PHI) and relates to an individual’s lifestyle, interests and behavior and come from many different public and private sources. Health insurers may scour online sources for information or obtain data from data brokers. Some data brokers are actively marketing their data to insurers and claim the information includes social determinants of health, such as online shopping habits, memberships to organizations, TV streaming habits, and information posted to social media networks. Data are amalgamated and algorithms can be used to predict the likely cost of providing insurance. The collection and analysis of consumer-generated data by health insurers and their business associates was highlighted by ProPublica in 2018, but the public is largely unaware of the...

Read More
Resources to Help Healthcare Organizations Improve Resilience Against Insider Threats
Sep08

Resources to Help Healthcare Organizations Improve Resilience Against Insider Threats

September 2020 is the second annual National Insider Threat Awareness Month (NITAM). Throughout the month, resources are being made available to emphasize the importance of detecting, deterring, and reporting insider threats. NITAM is a collaborative effort between several U.S. government agencies including the National Counterintelligence and Security Center (NCSC), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), National Insider Threat Task Force (NITTF), Department of Homeland Security (DHS), and the Defense Counterintelligence and Security Agency (DCSA). NITAM was devised last year to raise awareness of the risks posed by insiders and to encourage organizations to take action to manage those risks. Security teams often concentrate on protecting their networks, data, and resources from hackers and other external threat actors, but it is also important to protect against insider threats. An insider is an individual within an organization who has been granted access to hardware, software, data, or knowledge about an organization. Insiders include...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist