2020 is finally here, and for most of us, that means it’s time to reflect on the past year and think about whether or not we accomplished our goals. If we didn’t, we typically resolve to do better in the coming days. What better time than now to start thinking about data security? As cybercrime is evolving at a rapid rate, it’s important to ensure you’re doing everything possible to protect your patients information. Chances are, you’re already concerned with Health Insurance Portability and Accountability Act (HIPAA) compliance. But this year, there’s a new data security law coming into effect, and those in the healthcare industry will need to pay special attention to it.
New York’s SHIELD (Stop Hacks and Improve Electronic Data Security) Act comes into effect on March 21, 2020. Governor Cuomo, who signed the SHIELD act into law on July 15, 2019, expressed, “As technology seeps into practically every aspect of our daily lives, it’s increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure.”
He continued to review the importance of the new law, “The stark reality is security breaches are becoming more frequent, and with this legislation, New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”
The SHIELD Act focuses on ensuring companies better protect sensitive information belonging to residents of the state. The territory extends further than the state itself - requiring ALL businesses and healthcare organizations that store or access information belonging to residents of the state to ensure the proper safeguards are in place to protect that information. Under the SHIELD Act, the definition of a breach has been expanded to include any sort of unauthorized access to digitized data that may compromise the integrity, security, and confidentiality of private information
In addition, the definition of private information has been expanded to include the following:
If you’re HIPAA-compliant, you’re likely already compliant with the SHIELD Act. However, there are various elements of the bill that impact your healthcare organization. First and foremost, a distinction between private and health information is created - meaning private data refers to personal information, such as an identifiable link tied to social security numbers, debit card information, and other types of data. In addition, private information also refers to retinal scans or patient portals.
What does this mean? It means if a breach occurs wherein email addresses and passwords are breached, it falls under this law. The biggest impact on healthcare organizations is in regards to the new reporting requirements.
Need help complying with the SHIELD act? Call (631) 203-6403.
LI Tech Advisors is the top healthcare IT services company in Long Island, NY and surrounding areas.
Like this article? Keep reading…
How to Save Your Business from Drowning in Complex Technology
Best Practices for Creating & Protecting Your Passwords