Lexology October 23, 2024
Norton Rose Fulbright

On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will take effect in one year, on October 2, 2025, the requirement that covered hospitals provide notice to DOH within 72 hours of a “Cybersecurity incident” (which can include third party incidents) went into effect upon publication. The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation.

Similar to HIPAA, the new regulation includes unsuccessful attempts to gain unauthorized access as a “cybersecurity event,” but reporting...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health System / Hospital, Provider, States, Technology
Related Articles:
Chinese health players begin integrating DeepSek
UPMC CEO on deadly Pennsylvania hospital shooting: ‘Our hearts are heavy’
Chinese medical devices are in health systems across U.S., and the government and hospitals are worried
HISAC Finds Ransomware & Third-Party Breaches Dominate 2025 Threats
The Winning Edge: Can Virtual Health Make a Profit?

Share This Article