Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn https://www.linkedin.com/in/ryancoyne/ and follow on Twitter https://twitter.com/ryancoyne
23andMe based in San Francisco has proposed an agreement to resolve a class action lawsuit that was submitted because of a breach of consumer information in 2023. The breach happened in October 2023 and the attacker stole the data of around 6.9 million people, about...
A class action lawsuit was filed against Pruitt Health over a ransomware attack in 2023 that resulted in the compromise of the protected health information (PHI) of 56,405 individuals. Pruitt Health manages 180 care centers in Georgia, Florida, North and South...
A substitute breach notice has been published on the Change Healthcare website regarding its February 2024 cyberattack and mentioned the start of sending notification letters to the impacted persons on July 20, 2024. Change Healthcare stated that the data analysis is...
Palomar Health Medical Group has informed its patients that an April 2024 cyberattack may have affected their data. The company is a primary and specialty care provider to North San Diego County locals. Patients’ protected health information (PHI) may have been...
Mass General Brigham based in Boston, MA, reported the termination of two employees because of a privacy breach discovered on April 4, 2024. According to the investigation of the health system, the two employees permitted a third person, who wasn’t working at...
The healthcare and public health (HPH) sector has been cautioned about the Qilin ransomware group that has been attacking healthcare providers because of their dependence on uptime and the sensitive data they maintain. About 7% of ransomware attacks were conducted on...
California Attorney General Rob Bonta has reported reaching a settlement with Adventist Health Hanford concerning alleged violations of California’s Confidentiality of Medical Information Act (CMIA), the Health Insurance Portability and Accountability Act (HIPAA), the...
Native American Health Center (NAHC) is a nonprofit government-qualified health center that provides services to the local community (American Indians and Alaska Natives) in the California Bay Area. The health center encountered a cybersecurity attack on November 19,...
The cyberattack on Ascension has led to the shutdown of some hospitals’ critical systems for over three weeks. Although Ascension has downtime procedures in place, doctors are under pressure because of the burden of using pen and paper for recording, and many...
Cencora, Inc. (earlier known as AmerisourceBergen), and its Lash Group affiliate, were impacted by a cyberattack. Cencora reported the incident in a Securities and Exchange Commission (SEC) filing in February 2024. During that time, the scope of the data breach is not...
The American Privacy Rights Act (APRA), the replacement of the American Data Privacy and Protection Act (ADPPA), has been questioned by 15 State Attorneys General who are asking Congress not to move forward with the recommended government data privacy legislation in...
All healthcare and public health (HPH) sector {organizations|providers} received {an alert|a warning} to {apply|employ} mitigations against Black Basta ransomware attacks, {because|since} the ransomware-as-a-service (RaaS) group is attacking the HPH sector. In 2023,...
The Occupational Safety and Health Administration (OSHA) has recommended penalizing a home healthcare company with $163,627 for allegedly failing to safeguard workers against serious dangers of work violence. OSHA cited New England Home Care Inc., and Jordan Health...
UnitedHealth Group (UHG) CEO Andrew Witty recently gave a testimony at a House subcommittee hearing. The Senators confronted Witty concerning the Change Healthcare ransomware attack and because one-of-three Americans might be impacted. Witty apologized for the...
Kaiser Permanente Health Plan Inc. is informing 13.4 million people about disclosing some of their personal information to third parties including X (Twitter), Microsoft (Bing), and Google due to the use of tracking codes on its web pages and applications. This is the...
American Healthcare Systems and Rutgers Robert Wood Johnson Medical School have spotted email incidents due to the unauthorized access/disclosure of patient information, while Cherry Health Services suffered a ransomware attack. Email Security Incident at Randolph...
Medicare Data Compromised in Boston Consulting Agency Data Breach A data breach at Boston consulting agency, Greylock McKinnon Associates, Inc., (GMA) affected 341,650 persons. Based on the GMA breach notification, the agency discovered a security incident on May 30,...
The HHS Office for Civil Rights issued one more financial penalty for a HIPAA Right of Access violation. Essex Residential Care, LLC, also known as Hackensack Meridian Health, West Caldwell Care Center in New Jersey, was directed to pay a $100,000 civil monetary...
Avem Health Partners Pays $1.45 Million to Settle Class Action Data Breach Lawsuit Avem Health Partners agreed to pay a $1.45 million settlement to settle claims associated with a 2022 data breach affecting the protected health information (PHI) of 271,303 persons....
Each regular U.S. hospital has 10 to 15 medical devices, so this means a 1,000-bed hospital can have about 15,000 medical devices, which considerably increases the attack surface. Medical devices may include clinical IoT devices, imaging devices, and surgery devices....
Financial Assistance Program Offered by UnitedHealth Group On March 8, 2024, about 2 weeks after the ransomware attack on Change Healthcare, UnitedHealth Group presented a schedule on when it is trying to have its systems and services available. UnitedHealth Group...
87,000 Patients Impacted by Cogdell Memorial Hospital Cyberattack On October 10, 2023, Cogdell Memorial Hospital based in Snyder, TX, found abnormal activity in its computer network. After securing its network, a third-party cybersecurity agency looked into the...
Inaction in HIPAA compliance can have several costs and consequences for healthcare organizations. Here are some of the key consequences: Data Breaches and Financial Costs A breach of patient data can lead to high financial costs. Expenses related to notifying...
Ransomware Attack on Green Ridge Behavioral Health Results in HIPAA Penalty The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled an alleged Health Insurance Portability and Accountability Act (HIPAA) violations with a behavioral...
OCR Wants Opinions to Develop HIPAA Audit Program The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is having a HIPAA Audit Review Survey and is looking for comments from entities that need to undertake HIPAA compliance audits to get data...
Good PHI examples include most aspects of a patient’s healthcare, including their comprehensive medical history, which encompasses past and current medical conditions, surgeries, allergies, and ongoing treatments, along with laboratory test results like blood...
Yes, HIPAA training is typically required annually for all staff members who have access to protected health information (PHI), and it is considered a best practice to conduct annual training sessions to ensure that employees stay up-to-date with the latest...
A key to success for HIPAA compliance is having a full HIPAA compliance program that includes comprehensive training. HIPAA training is an key element of HIPAA compliance because it ensures that all employees and relevant personnel understand the regulations, their...
Employee HIPAA training records should be retained for a minimum of six years from the date of their creation or the date when they were last in effect, as per the U.S. Department of Health and Human Services (HHS) guidance, to ensure documentation of compliance...
St. Joseph’s Medical Center in Yonkers, NY, has agreed to settle alleged Privacy Rule violations for $80,000 and must comply with a corrective action plan to address the cause of the alleged violations – namely that members of the workforce impermissibly allowed a...
The lack of HIPAA cybersecurity training at a NY-based home health company has contributed to the company being fined $350,000 by the NY State Attorney General as part of a wide-ranging settlement agreement that includes a thorough overhaul of the company’s security...
HIPAA stands for the Health Insurance Portability and Accountability Act, a comprehensive federal law enacted in the United States in 1996, which is designed to safeguard the privacy and security of individuals’ protected health information (PHI) while also...
The maximum penalty for a HIPAA violation can range from $100 to $50,000 per violation, with a maximum annual penalty of $1.5 million for repeated violations of the same provision, and in cases involving willful neglect, the penalties can reach up to $1.5 million per...
The purpose of HIPAA certification for healthcare professionals is to demonstrate a level of competency and understanding of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA certification can be beneficial because it establishes a standardized...
The HB-300 training requirements encompass comprehensive education and awareness programs designed to educate employees within Texas healthcare organizations about the intricacies of patient privacy laws, data security measures, proper handling of protected health...
Employees who violate HIPAA may face severe consequences, including disciplinary actions, termination of employment, legal penalties, fines, and even imprisonment, as their actions can compromise the privacy and security of patient information and breach the trust...
HIPAA training is important because it equips healthcare professionals and staff with the necessary knowledge and skills to ensure the protection of patients’ sensitive health information, comply with legal and regulatory requirements, mitigate the risk of data...