25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA and Privacy Act Training
Jan06

HIPAA and Privacy Act Training

When a federal agency provides healthcare services, there may be circumstances in which members of the federal agency’s workforce and onsite contractors are required to be provided with both HIPAA and Privacy Act training. In addition, as an increasing number of states enact their own privacy laws, there may also be occasions when employees of state agencies require HIPAA and Privacy Act training, and state law training. The Privacy Act of 1974 governs the collection, use, storage, and sharing of personally identifiable information maintained by federal agencies. Under the Act, U.S. citizens have the right to request a copy any data held about them and request that any errors are corrected, federal agencies must only collect data “relevant and necessary” to accomplish the purpose for which it is being collected, and sharing data between agencies is restricted and allowed only under certain conditions. People acquainted with the Health Insurance Portability and Accountability Act will find these privacy provisions familiar as they closely resemble Patients’ Rights under...

Read More
Denton County MHMR Center Data Breach Affects 109,000 Patients
Jan06

Denton County MHMR Center Data Breach Affects 109,000 Patients

Denton County MHMR Center, a community behavioral health clinic in Denton, Texas, recently reported a major data breach to the Department of Health and Human Services’ Office for Civil Rights (OCR) that involved unauthorized access to the protected health information of 108,967 current and former patients. Unusual activity was identified within its computer network on or around December 24, 2024, with the investigation confirming that an unauthorized third party had access to its network from December 24 to December 25, 2024. Denton County MHMR Center uploaded a substitute breach notice to its website on February 21, 2025, alerting patients about the incident, although at the time, the investigation and data review were ongoing, and it had yet to be determined how many individuals had been affected and the exact data types involved. On October 10, 2025, Denton County MHMR Center confirmed that the information potentially compromised in the incident included patient names, addresses, patients’ identification numbers, dates of birth, diagnosis, medical history information, medical...

Read More
Continuum Health Alliance Settles Class Action Data Breach Lawsuit
Jan06

Continuum Health Alliance Settles Class Action Data Breach Lawsuit

Marlton, NJ-based Continuum Health Alliance, a provider of health management and patient services, has agreed to a settlement to resolve a consolidated class action lawsuit stemming from an October 2023 data breach that affected more than 377,000 patients of its client, Evesham, NJ-based Consensus Medical Group. Unusual activity was identified within Continuum’s computer network on October 19, 2023. The investigation confirmed unauthorized access between October 18 and October 19, 2023, and the acquisition of files containing patient information, including names and Social Security numbers. The affected individuals were notified about the data breach in April 2024. The first class action lawsuit was filed on May 3, 2024, by plaintiff Jason Corner, followed by several other complaints. The lawsuits had overlapping claims and were consolidated in a single complaint – In re Continuum Health Data Security Incident Litigation – which was filed on March 14, 2025, in the Superior Court of New Jersey Law Division, Burlington County. The consolidated class action lawsuit asserted...

Read More

HIPAA Security Officer

All covered entities and business associates are required by 45 CFR 164.308 – the Administrative Safeguards of the HIPAA Security Rule – to identify a HIPAA Security Officer who is responsible for the development and implementation of policies and procedures to ensure the integrity of electronic Protected Health Information (ePHI). The role of HIPAA Security Officer is often designated to an IT Manager due to the perception that the integrity of ePHI is an IT issue. However, this is not necessarily the case. Although the Technical Safeguards of the HIPAA Security Rule relate to restricting access to systems on which ePHI is maintained and transmission security, only about 30% of a HIPAA Security Officer’s responsibilities are IT-related. The remainder of his or her responsibilities relate to training, auditing, incident management, and overseeing business associate compliance. A HIPAA Security Officer is also responsible for facility security and the preparation of a Disaster Recovery Plan. The Responsibilities of a HIPAA Security Officer The HIPAA Security Rule...

Read More
How Should You Respond To An Accidental HIPAA Violation?
Jan05

How Should You Respond To An Accidental HIPAA Violation?

How you should respond to an accidental HIPAA violation depends on the nature of the accidental violation and the potential consequences. Examples of accidental HIPAA violations that would require different responses because of their nature and/or potential consequences include: Sending a single email containing PHI to the wrong recipient. Sending 1,000 emails containing PHI to the wrong recipients. Unknowing use of shadow IT for storing PHI without a BAA. Unknowing use of shadow IT for storing PHI insecurely. Failing to obtain an authorization before disclosing SUD records. Disclosing more than the minimum necessary PHI for a permitted use. Allowing a colleague to use login credentials under supervision. Sharing login credentials with multiple colleagues with no supervision. In this article, we outline what exactly to do when there is an accidental HIPAA violation. You can also use the article in conjunction with our free HIPAA Violations Checklist to understand what is required to ensure full HIPAA compliance. Use any form on this page to arrange for your copy of the checklist....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist