25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

2020 Emergency Preparedness and Security Trends in Healthcare Survey

Every year, Rave Mobile Safety conducts a nationwide survey to identify healthcare security trends and assess the state of emergency preparedness and security trends in the healthcare industry. For the 2020 Emergency Preparedness and Security Trends in Healthcare report, Rave Mobile Security is seeking insights from leaders in the healthcare industry on the efforts they have made to prepare for emergency situations. Many HIPAA Journal readers participated in last year’s survey and have provided information on the steps they have taken to improve safety in the workplace in emergency situations. That information has been used to get an overview of emergency preparedness in the United States. The 2020 survey is now being conducted and HIPAA Journal readers have been requested to take part in the study. If you so wish, you can participate completely anonymously. You can participate in the survey by clicking the following link: Click here for the Emergency Preparedness and Security Trends in Healthcare Survey. If you provide your email address, you’ll receive the anonymized survey...

Read More

UW Medicine Faces Class Action Lawsuit Over 974,000-Record Data Breach

Several lawsuits filed against healthcare organizations over data breaches in recent weeks, with University of Washington Medicine the latest to face legal action for exposing the protected health information of patients. The lawsuit has been filed over a December 2018 data breach that saw the personal information of 974,000 patients exposed over the internet as a result of a misconfigured server. The misconfigured server contained an accounting of disclosures database that included patient names, medical record numbers, a list of parties who had been provided with patient data, and the reason why that information was disclosed. Some individuals also had information exposed relating to a research study they were enrolled in, their health condition, and the name of a lab test that had been performed. For certain patients, sensitive information was exposed. According to the lawsuit, that included a patient’s HIV test-taking history and, in some cases, the patient’s HIV status. Social Security numbers, financial information, health insurance information, and medical records were not...

Read More

NRC Health Recovering from Ransomware Attack

NRC Health, a provider of patient survey services and software to more than 9,000 healthcare organizations, including 75% of the largest hospital systems in the United States and Canada, experienced a ransomware attack on February 11, 2020 that affected some of its computer systems. NRC Health immediately took steps to limit the harm caused and shut down its entire environment, including its client-facing portals. A leading computer forensic investigation firm was engaged to determine the nature and extent of the attack and the incident has been reported to the Federal Bureau of Investigation. According to the NRC Health website, the data of more than 25 million healthcare consumers in the United States and Canada is collected by NRC Health every year. Patient surveys conducted by NRC Health on behalf of its clients allow them to prove that patients are satisfied with the services they have received. That information is important for helping to improve patient care and also for determining how much Medicare reimbursement healthcare providers receive under the Affordable Care Act....

Read More

Communication Errors Result in Impermissible Disclosure of 5,300 Patients’ PHI

Two communication errors have been reported by HIPAA-covered entities in the past few days, which have resulted in the impermissible disclosure of 5,339 patients’ personal and protected health information (PHI). Mercy Health Physician Partners Southwest Discovers Impermissible Disclosure of PHI Mercy Health Physician Partners Southwest in Byron Center, MI, started sending breach notification letters to patients on February 10, 2019 informing them that a third-party vendor contracted to Mercy Health made an error with a recent mailing. Mercy Health had provided the mailing vendor with a list of 3,164 names and addresses to send letters to patients informing them about the recent departure of a physician. An error in the mailing resulted in names being mismatched with addresses and 2,487 patients were sent a letter addressed to a different patient. No other sensitive information was disclosed. During the breach investigation it was discovered that there was no business associate agreement (BAA) in place with the vendor. The provision of the patient list was therefore an impermissible...

Read More
January 2020 Healthcare Data Breach Report
Feb21

January 2020 Healthcare Data Breach Report

In January, healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights at a rate of more than one a day. As our 2019 Healthcare Data Breach Report showed, 2019 was a particularly bad year for healthcare data breaches with 510 data breaches reported by HIPAA-covered entities and their business associates. That equates to a rate of 42.5 data breaches per month. January’s figures are an improvement, with a reporting rate of 1.03 breaches per day and a 15.78% decrease in reported breaches compared to December 2019. While the number of breaches was down, the number of breached records increased by 17.71% month-over-month. 462,856 healthcare records were exposed, stolen, or impermissibly disclosed across 32 reported data breaches. As the graph below shows, the severity of data breaches has increased in recent years. Largest Healthcare Data Breaches in January 2020 Name of Covered Entity State Covered Entity Type Individuals Affected Type of Breach Location of Breached Information PIH Health CA Healthcare Provider...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist