Lexology October 23, 2024
Norton Rose Fulbright

On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will take effect in one year, on October 2, 2025, the requirement that covered hospitals provide notice to DOH within 72 hours of a “Cybersecurity incident” (which can include third party incidents) went into effect upon publication. The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation.

Similar to HIPAA, the new regulation includes unsuccessful attempts to gain unauthorized access as a “cybersecurity event,” but reporting...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, Provider, States, Technology
How 3 hospitals are reimagining behavioral crisis care
How Health Systems Can Collaborate on AI Tools
Critical access hospitals face uphill battle: 6 things to know
AdventHealth's plans for new Florida hospital move forward
OSU Wexner CEO's blueprint for improving care in 2025

Share This Article