25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

The Consequences of Non-Compliance in Healthcare
Jan13

The Consequences of Non-Compliance in Healthcare

The consequences of non-compliance in healthcare depend on the compliance obligations of the individual or entity, the nature of the non-compliant activity, the potential sanctions for the failure to comply with healthcare regulations, and how the sanctions are applied. The consequences of non-compliance in healthcare can also be influenced by the individual’s or entity’s past compliance history and their cooperation during a compliance investigation. The term “non-compliance in healthcare” is an umbrella term for the failure to comply with any applicable healthcare regulation – “applicable” being italicized to highlight that different healthcare regulations can apply to different individuals or entities at different times depending on the nature of their operations, the location of the individual or entity, and the enforcement objectives of the regulatory body. For example, it can be the case that two neighboring healthcare facilities provide the same medical services to the public, but because Clinic A does not conduct electronic healthcare transactions, it is not required to...

Read More
Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches
Jan13

Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches

Data breaches have recently been announced by Vida Y Salud-Health Systems in Crystal City, Texas, and Dublin Medical Center in Georgia. Vida Y Salud-Health Systems, Texas Vida Y Salud-Health Systems, a Crystal City, TX-based Federally Qualified Health Center, has recently reported a data breach to the Texas Attorney General involving unauthorized access to the protected health information of 34,504 Texas residents. On October 8, 2025, suspicious activity was identified within its network. The forensic investigation confirmed that an unauthorized third party gained access to its network on October 7, 2025, and exfiltrated data. The investigation and data review have recently concluded, and it was confirmed that names, addresses, dates of birth, Social Security numbers, driver’s license numbers, account numbers, and claim numbers had been stolen. Vida Y Salud-Health Systems has notified the HHS’ Office for Civil Rights; however, the data breach is not currently shown on the OCR data breach portal, so it is unclear how many individuals in total have been affected. Vida Y Salud-Health...

Read More
Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation
Jan13

Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation

A settlement has been approved to resolve class action data breach litigation against Consulting Radiologists Ltd., a physician-owned radiology practice that provides medical imaging services at more than 100 healthcare facilities in Minnesota and the surrounding areas. The Consulting Radiologists data breach was reported to the HHS’ Office for Civil Rights on June 14, 2024, as involving the protected health information of up to 583,824 individuals. A network intrusion was identified on February 12, 2024, and the investigation confirmed that the network was accessed by an unauthorized third party who may have obtained patient data such as names, addresses, dates of birth, medical information, health insurance information, along with the Social Security numbers of 19,346 individuals. The data breach was announced in April 2024, and notification letters were sent to the affected individuals. Shortly thereafter, a class action lawsuit was filed in response to the data breach, followed by a further 18 complaints. In August 2024, District Court Judge Thomas Conley issued an order to...

Read More
Patient Rights Under HIPAA
Jan13

Patient Rights Under HIPAA

Patient rights under HIPAA include the ability to access and request corrections to their health information, receive notifications about how their information is used and shared, make decisions on specific information sharing, and file complaints if they believe their rights are violated or their information is mishandled. HIPAA introduced a number of HIPAA rights relating to the portability of health coverage, the continuation of health coverage between jobs, and the coverage of employees with preexisting conditions. However, many more HIPAA rights were added in the HIPAA Privacy Rule, and the failure to comply with Privacy Rule HIPAA rights is one of the leading reasons for complaints to HHS’ Office for Civil Rights. It is important to be aware of the patient rights under HIPAA because, by exercising their rights, patients can take more responsibility for their healthcare, be alerted to inaccurate billing, and identify medical identity theft. It is well chronicled that medical identity theft can result in treatment delays, misdiagnoses, and unnecessary costs for both...

Read More

How to Report a HIPAA Violation Anonymously

There are ways you can report a HIPAA violation anonymously but, due to the risk your anonymous report may be dismissed by HHS’ Office for Civil Rights, it is a better option to include your name and contact details and request they are not revealed to the organization you are complaining about. Alternatively, you may be able to report a HIPAA violation anonymously to a different agency, or directly to the organization at which the violation occurred. When you file a health information privacy complaint or a security rule violation complaint via the Office for Civil Rights (OCR) Complaints Page, the first page asks you to complete your name and contact details. The reason for this is that, if OCR reviews your complaint and decides to investigate it, the agency may want to contact you for further information. You cannot go beyond the first page of the complaints process without entering any contact details; and, if you complete the form using fictitious contact details, OCR will be unable to contact you to obtain the information it may need to conduct an investigation. Because of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist