New York Expands Data Breach Notification Requirements for Health Care Entities

On July 25, 2019, Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act into law. Notably, the SHIELD Act broadens the definition of a “ data breach” and further expands data breach notification requirements. Under the SHIELD Act, a data breach occurs any time private data is acquired or accessed without authorization. In addition to providing breach notifications to affected individuals and the Secretary of Health and Human Services, health care entities are required to notify the New York State Attorney General’s Office. As precautionary measures, health care entities should avoid disclosing the personal and/or medical information of their patients without their consent. It is crucial for these entities to be aware of the SHIELD Act and the new requirements it imposes. 

Read Full Article

Blog post authored by Jean Krebs

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search