Lexology October 23, 2024
Norton Rose Fulbright

On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will take effect in one year, on October 2, 2025, the requirement that covered hospitals provide notice to DOH within 72 hours of a “Cybersecurity incident” (which can include third party incidents) went into effect upon publication. The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation.

Similar to HIPAA, the new regulation includes unsuccessful attempts to gain unauthorized access as a “cybersecurity event,” but reporting...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, Provider, States, Technology
Related Articles:
Pennsylvania hospitals' maternal health 'action plan'
New directions and trends in interventional cardiology
7 major hospital deals in 2025
What can hospitals do about Medicare Advantage tensions?
Oracle Health is 'all about execution' in 2025 with next-gen EHR, says Dr. David Feinberg

Share This Article