Lexology November 28, 2023
Ropes & Gray LLP

On November 13, 2023, New York Governor Kathy Hochul announced the release of proposed statewide hospital cybersecurity regulations that would require state-licensed hospitals to establish cybersecurity programs, policies and procedures (the “Proposed Regulations”).1 The Proposed Regulations feature requirements regarding cybersecurity policies and procedures, personnel, user authentication methods, security risk assessments, incident response plans, and two-hour reporting of certain incidents.

If approved by the New York State Public Health and Health Planning Council (“PHHPC”) and subsequently finalized, the Proposed Regulations would supplement federal Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule requirements but would be broader in some respects, including with regard to what information is subject to the requirements.

Proposed Hospital Cybersecurity Requirements. Notable requirements of the Proposed Regulations...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, Provider, Regulations, States, Technology
Related Articles:
Cyber Resiliency: What Is It And How Is It Achieved?
Why the ‘human firewall’ is key to a strong cybersecurity culture
What B2B Firms Can Learn From Big Tech’s Cybersecurity Initiatives
Feds warn hospitals of cybersecurity risk in Chinese-made medical monitor
ViVE 2025: AI advances, cybersecurity, and what doctors and nurses need

Share This Article