As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019. A potential unintended side effect of the SHIELD Act may require health care companies to provide notification to the NY Attorney General for events that occurred well before its enforcement date. While the SHIELD Act’s data security requirements, which are covered under §4, will not come into effect until March 21, 2020, all other requirements, including the breach notification requirement, became effective on October 23, 2019. The notification enforcement date is important for any Covered Entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that has suffered a Breach, as defined by HIPAA, involving fewer than 500 individuals (“Minor HHS Breach”), was a breach of computerized data, and involved a New York resident.
Blog Editors
Recent Updates
- DOJ’s Final Rule on Bulk Data Transfers: The First 180 Days
- California Governor Signs SB 351, Strengthening the State’s Corporate Practice of Medicine Doctrine
- No Remuneration Plus No "But-For" Causation (Between an Alleged Kickback and Claims Submitted to the Government) Means No FCA Violation, District Court Says
- Novel Lawsuits Allege AI Chatbots Encouraged Minors’ Suicides, Mental Health Trauma: Considerations for Stakeholders
- DOJ Creates Civil Division Enforcement & Affirmative Litigation Branch: Implications for Health Care and Beyond