In July of 2019, the Governor of New York signed into law the “Stop Hacks and Improve Electronic Data Security Act” (SHIELD ACT). Reporting requirements went into effect October 23, 2019, with security requirements effective March 21, 2020.

This Act amends New York’s existing data breach notification law by expanding the definition of “Private Information” and by adding “Data Breach Security Protections” similar to those of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. It is important that healthcare organizations that own or license any computerized information of New York residents are aware of this Act as they may need to add additional cybersecurity safeguards and will have new reporting requirements in the event of a breach.

Clearwater’s experts can help you analyze the risk associated with information systems used to create, receive, maintain or transmit private information as defined within the SHIELD Act. We can also provide assistance with updating breach notification procedures to include providing the notifications under this new state-level regulation as required.

For further insight, review our blog What the New York SHIELD Act Means for Healthcare Organizations.