Health Information Compliance Alert

Industry Notes:

Get Ready for New York's SHIELD Act

If you attend to New York residents and you’re struggling with HIPAA compliance, you’ll have more to worry about in a couple of weeks.

New York Governor Andrew Cuomo made the Stop Hack and Improve Electronic Data Security Act (SHIELD Act) a law at the end of July. It extends the definition of what constitutes “private information” and suggests that businesses who “own” or “maintain” New York residents’ data — whether or not they practice in the state— are still privy to the regulations of SHIELD, indicates the law. 

Plus: HIPAA covered entities (CEs) must now also report breaches to the New York attorney general, even if the lost data isn’t considered private information or electronic protected health information (ePHI).

The breach notification requirements begin on Oct. 23; however, businesses have until March 21, 2020 to get ready for SHIELD Act data requirements.

See the SHIELD Act at  www.nysenate.gov/legislation/bills/2019/s5575

Other Articles in this issue of

Health Information Compliance Alert

View All