New York Aims to Bolster Hospital Cybersecurity with Imminent Release of Proposed Regulations


New York Governor, Kathy Hochul, recently announced proposed cybersecurity rules for New York hospitals, which are due to be imminently published in the State Register on December 6, 2023, subject to approval by the Public Health and Health Planning Council.  The Governor’s press release indicates the proposed regulations, if enacted, will require New York hospitals to meet at least the following requirements: 

The proposed regulations have not officially been published, but the text currently under consideration by the Public Health and Health Planning Council is available here (see pages 31-62).  Once the proposed regulations are published in the State Register, they will likely be subject to a 60-day public comment period.

While HIPAA compliance is nothing new for hospitals, it is the regulatory floor with respect to cybersecurity best practices. Therefore, New York hospitals should stay attuned to these proposed regulations which will likely require investment in more stringent administrative and technical security safeguards.


©2024 Epstein Becker & Green, P.C. All rights reserved.
National Law Review, Volumess XIII, Number 334