White Papers

New York SHIELD Act: Where Do I Begin?

Issue link: https://insights.cynergistek.com/i/1153724

Contents of this Issue


Page 5 of 5

Consider This…. Page 6/6 CCPA Compliance: Where Do I Begin? Examples of Entities Not Exempted from Data Protection Standards 1. Examples of healthcare providers and businesses that are not covered by the HIPAA standards: ‣ Dental practices that do not accept direct insurance reimbursement ‣ Retailers of health-related merchandise like vitamins or medical supplies ‣ Medical marijuana dispensaries 2. Small businesses are required to adopt security safeguards that are reasonable and appropriate to their size and sensitivity of the private information they collect and maintain ‣ "Small business" means any person or business with: a. fewer than fifty employees; b. less than $3 million in gross annual revenue in each of the last three fiscal years; or; c. less than $5 million in year-end total assets Summing it All Up Healthcare organizations and any business that maintains private information of New York residents should carefully review their cybersecurity policies and procedures and make any necessary adjustments to their incident response plans in the event of a data breach. HIPAA covered entities should prepare to begin reporting breaches to the NY Attorney General. Additionally, companies should ensure that their information security programs comply with the HIPAA Security Rule if applicable, or the SHIELD Act's required data security safeguards. Please let us know if you find this edition of "Consider This…." valuable and topics that you would like to see in future issues.

Articles in this issue

view archives of White Papers - New York SHIELD Act: Where Do I Begin?