Dueling Cybersecurity Regulations for Healthcare: HHS Meets New York State
For healthcare insurers that operate in New York, data security regulation has gotten more complicated. The U.S. Department of Health and Human Services’ Office for Civil Rights has been the industry’s primary data security regulator. But now, with the implementation of New York’s new cybersecurity regulation – which covers not only financial institutions but insurers that operate in the state – healthcare insurers will need to navigate a new and highly detailed series of cybersecurity requirements than those already in place under the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act of 2009. Originally published in Bloomberg BNA’s Privacy and Security Law Report on March 20, 2017, and Health IT Law & Industry Report on March 27, 2017, we discuss the additional requirements placed on healthcare insurers under this new regulation. Please click here for a copy.