25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

California Business Associate Reports Potential Breach of Upwards of 70,000 Records

Stephan C Dean, the co-owner of the California record storage firm Surefile, reported a hacking/IT incident to the HHS’ Office for Civil Rights (OCR) on March 4, 2020 as impacting upwards of 70,000 individuals. Stephan Dean and his wife have been engaged in a long running legal dispute with Kaiser Permanente over the return and deletion of electronic files containing patient information. Kaiser Permanente has been trying to get the files permanently deleted; however, Stephan Dean insists that Kaiser Permanente owes him money for services rendered. The on-and-off legal action was eventually dropped, but the emails were never returned or deleted. Surefile worked with Kaiser Permanente and was provided with paper copies of medical records in 2008. When the agreement between Surefile and Kaiser Permanente ended, Stephan Dean returned the paper copies of the medical records to Kaiser Permanente; however, emails containing patient information that were sent to Stephan Dean by Kaiser Permanente remained on his computer. Stephan Dean filed a complaint with OCR over alleged HIPAA violations...

Read More

Hackers Target WHO, HHS, and COVID-19 Research Firm

The World Health Organization (WHO) and its partners have been targeted by a sophisticated group of hackers who attempted to steal login credentials to gain access to its network by impersonating WHO’s internal email system. Spear phishing emails were sent to several WHO staffers that included links to a malicious website hosting a phishing kit. The attack was detected on March 13 by cybersecurity expert, Alexander Urbelis, an attorney with New York-based Blackstone Law Group. The malicious website used to host the fake WHO login page had previously been used in other attacks on WHO employees. It is unclear who was responsible for the campaign, but it is believed to be a South Korea-based threat group called DarkHotel. The aims of the attackers are not known, although Urbelis suggests the highly targeted nature of the attack, suggests the attackers were looking for specific credentials. DarkHotel has previously conducted several attacks in East Asia for espionage purposes. It is possible that the hackers were trying to gain access to information about possible treatments, potential...

Read More

OCR Issues Guidance on Allowable Disclosures of PHI to First Responders During the COVID-19 Crisis

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued further guidance on HIPAA and COVID-19, the disease caused by the 2019 Novel Coronavirus, SARS-CoV-2. The new guidance document provides examples of allowable disclosures of protected health information (PHI) by covered entities under the HIPAA Privacy Rule to help make sure first responders and others receive PHI about individuals exposed to SARS-CoV-2 or displaying symptoms of COVID-19. The new guidance document is in Q&A form and explains when covered entities are permitted to disclose PHI such as names and other identifying information to first responders, law enforcement officers, paramedics, and public health authorities without first obtaining a HIPAA authorization. The document confirms that under the HIPAA Privacy Rule, disclosures of PHI are permitted when the information is required to provide treatment, when a disclosure is required by law, when first responders such as paramedics are at risk of contracting COVID-19 and need information to prevent infection, and when a...

Read More
Hawaii Pacific Health Discovers 5-Year Insider Data Breach
Mar25

Hawaii Pacific Health Discovers 5-Year Insider Data Breach

Hawaii Pacific Health has discovered an employee of Straub Medical Center in Honolulu has been snooping on the medical records of patients over a period of more than 5 years. Hawaii Pacific Health discovered the unauthorized access on January 17, 2020 and launched an investigation. An analysis of access logs revealed the employee first started viewing patient records in November 2014 and continued to do so undetected until January 2020. During that time, the employee viewed the medical records of 3,772 patients. After concluding the investigation, the employee was terminated. Affected patients had received treatment at Straub Medical Center, Kapiolani Medical Center for Women & Children, Pali Momi Medical Center, or Wilcox Medical Center. The types of information that the employee could have viewed included patients’ first and last names, telephone numbers, addresses, email addresses, dates of birth, race/ethnicity, religion, medical record numbers, primary care provider information, dates of service, appointment types and related notes, hospital account numbers, department...

Read More

Telehealth Services Expanded and HIPAA Enforcement Relaxed During Coronavirus Public Health Emergency

In an effort to prevent the spread of the 2019 novel coronavirus, patients suspected of being exposed to the virus and individuals with symptoms of COVID-19 have been told to self-isolate at home. It is essential for contact to be maintained with people at risk, especially seniors and people with disabilities. Telehealth services, including video calls, can help healthcare professionals assess and treat patients remotely to reduce the risk of transmission of the coronavirus. Telehealth services can also be used to maintain contact with patients who choose not to visit medical facilities due to the risk of exposure to the virus. On Monday, March 16, 2020, the Trump Administration announced that telehealth services for Medicare beneficiaries have been expanded. Prior to the announcement, doctors were only able to claim payment for telehealth services provided to people living in rural areas and no access to local medical facilities and for patients with established relationships with billing providers. “We are doing a dramatic expansion of what’s known as telehealth for our 62...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist