Deadline for SHIELD Act Raises Questions for HIPAA Entities

Harris Beach PLLC

As the March 21 deadline for the New York SHIELD Act draws closer, health care providers may be wondering: does their status as a covered entity under HIPAA, and its associated data security protections, automatically translate into compliance with the data security portions of SHIELD?

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act requires a comprehensive cybersecurity program and data breach notifications to take effect for virtually every business with clients or patients who reside in New York state. Failure to comply with SHIELD places businesses at risk for penalties.

Health care practices and hospitals are regulated entities under HIPAA and required to comply with the Privacy and Security Rules. It’s likely health care entities do not need to take additional steps to align with the SHIELD Act. However, a health care entity may have obligations under SHIELD that are different than under HIPAA; if, for example, the health care organization maintains a system with employee information that includes Social Security Numbers. This system would not be governed by HIPAA if it only contains employee SSNs and no PHI. In this instance, SHIELD would require protection of that particular system containing SSNs.

But if there’s any uncertainty or concern about your organization’s compliance with SHIELD, now is the time to take action and consult your legal advisor. It’s also an opportune time to listen to our recording of the SHIELD Act webinar: “Yield for SHIELD: Getting Compliant by March 2020.”

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Harris Beach PLLC | Attorney Advertising

Written by:

Harris Beach PLLC

Harris Beach PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.