New York Governor, Kathy Hochul, recently announced proposed cybersecurity rules for New York hospitals, which are due to be imminently published in the State Register on December 6, 2023, subject to approval by the Public Health and Health Planning Council. The Governor’s press release indicates the proposed regulations, if enacted, will require New York hospitals to meet at least the following requirements:
- Establish a cybersecurity program and take proven steps to assess internal and external cybersecurity risks;
- Develop a response plan for potential cybersecurity ...
On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a bulletin warning that commonly used website technologies, including cookies, pixels, and session replay, may result in the impermissible disclosure of Protected Health Information (“PHI”) to third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The bulletin advises that “[r]egulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of Protected Health Information (“PHI”) to tracking technology vendors or any other violations of the HIPAA Rules.” The bulletin is issued amidst a wider national and international privacy landscape that is increasingly focused on regulating the collection and use of personal information through web-based technologies and software that may not be readily apparent to the user.
Blog Editors
Recent Updates
- New York’s Health Information Privacy Act Poised to Become the Latest in a Growing Trend of State Data Privacy Laws
- Effective Dates of DEA Final Rules for Telemedicine Prescribing Delayed
- Video: 2025 Outlook - the Department of Health and Human Services Under the Second Trump Administration – Diagnosing Health Care
- The NIH IDC – Where Are We Now
- False Claims Act Exposure in Focus: President Trump Signs Executive Order Targeting DEI Programs