• About Us
  • Events
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
  • Innovators
    1. Cybersecurity
    2. Data Breaches

    New York State Set to Impose New Health Data Security Breach Rules

    Oct. 13, 2019
    As of October 23, the state of New York will be implementing changes to its notification laws requiring notification to the state of health data or biometric security breaches

    As an October 8 report in Bloomberg Law online notes, “Businesses hit with a biometric or health data security breach could face heightened scrutiny from New York’s attorney general under changes to the state’s notification law, privacy attorneys said. As of Oct. 23, companies whose customers include New York residents must alert Attorney General Letitia James (D) to such breaches under the New York SHIELD Act. Companies that collect health data will now have to report data breaches to the New York attorney general, in addition to federal authorities,” Daniel R. Stoller, Bloomberg Law’s chief legal editor reported.

    As Stoller noted, “James’ office has been aggressive in probing data breaches, including recent investigations into Equifax Inc., Dunkin Donuts Inc., and Capital One Financial Corp. The state’s top cop is unlikely to let up on this pressure and may use the new data breach notice law to go after more companies for data breach notice failures, privacy attorneys said. Representatives for the New York Attorney General’s Office didn’t immediately respond to requests for comment.”

    Further, Stoller wrote, “Privacy attorneys say businesses should revisit their data breach response plans and those collecting biometric or health information should carefully secure this data to limit state attorneys general enforcement risk. Under the SHIELD Act, companies must notify James following a data breach for a wide group of sensitive data, including Social Security numbers and driver’s license data. The increased transparency is likely to lead to more enforcement actions for companies that don’t do enough to protect biometric or health, privacy attorneys said. Companies also must adopt reasonable security measures by March 2020, among other new rules.”

    And Stoller quoted Joseph J. Lazzarotti, a privacy principal at Jackson Lewis in New Jersey, who told him that businesses that have good processes and perform due diligence should face minimal regular risk, as they’ll be better prepared for any post-breach enforcement investigations.

    Continue Reading

    Sponsored Recommendations

    Care Access Made Easy: A Guide to Digital Self-Service for MEDITECH Hospitals

    Today’s consumers expect access to digital self-service capabilities at multiple points during their journey to accessing care. While oftentimes organizations view digital transformatio...

    Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

    Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

    Enabling efficiencies in patient care and healthcare operations

    Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

    Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

    Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.