Skip to Main Content
Services Talent Knowledge
Site Search
Menu
Home page
Services Talent Knowledge
Firm Facebook
Firm Linkedin
Firm Twitter
Close Menu

Featured Industries

New & Emerging Industry Practice Areas

Practice Areas

Alert

Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

September 3, 2019

DOH Implements New Notification Protocols for Cybersecurity Incidents

Earlier this year, we wrote about cybersecurity guidance and resources tailored to the health care industry released by the US Department of Health and Human Services (HHS). This guidance identified common cybersecurity issues faced by health care organizations and provided cybersecurity practices that could be implemented by these organizations to mitigate any identified threats or vulnerabilities.

On August 12, 2019, the NYS Department of Health (DOH) Office of Health Information Management followed suit in highlighting these concerns by releasing a letter to administrators and technology officers announcing new notification protocols that should be used by providers to inform the DOH when a potential cybersecurity incident has occurred at their facility or agency. These new changes were to take effect immediately and apply to the following providers: hospitals, nursing homes, diagnostic and treatment centers, adult care facilities, home health agencies, and licensed home care services agencies.

The DOH guidance defines a cybersecurity incident as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of data or interference with an information system operations.” While acknowledging that providers are required to contact various other agencies when cybersecurity-related events occur, the DOH noted it has been able to provide significant assistance to providers when these types of events occur, so long as timely notice of these events is provided.

In order to obtain the DOH’s assistance, providers must:

  1. Notify law enforcement
  2. Notify the telephone numbers provided within the poster enclosed with the DOH letter
  3. In instances of immediate threat to public health or safety, provide an emergency notification by dialing 911

The DOH also advised that the poster must be posted in facilities and agencies to provide immediate awareness of the notification protocol to staff as well as to be used for reference purposes.

Moving forward, providers should consider adding the DOH notification to their existing cybersecurity-incident and breach-notification policies. However, the DOH’s new protocol does not relieve providers of their responsibility to make other required cybersecurity-related notifications, including to the individuals whose data has been compromised, the HHS, and, in the case of compromised private financial information, the state Attorney General’s Office, the Department of State, and the Division of State Police.

If you have any questions regarding the content of this alert, please contact Dena DeFazio, associate, at ddefazio@barclaydamon.com or another member of the firm’s Health Care & Health and Human Services Practice Area.

Subscribe

Click here to sign up for alerts, blog posts, and firm news.
Sign Up

Key Contacts

Dena DeFazio

Associate

Albany 518.429.4230 Read More
About Dena DeFazio

Related Industries

Featured Media

Alerts

EPA Lists Two New "Forever Chemicals" Under CERCLA

Read More
About EPA Lists Two New "Forever Chemicals" Under CERCLA

Alerts

NYS Governor Hochul Announces Final RFP for New Certified Community Behavioral Health Clinics

Read More
About NYS Governor Hochul Announces Final RFP for New Certified Community Behavioral Health Clinics

Alerts

The Second Department Affirms Successful Storm in Progress Defense of Slip and Fall Case

Read More
About The Second Department Affirms Successful Storm in Progress Defense of Slip and Fall Case

Alerts

The New York FY 2025 Budget – CDPAP FIs Under Threat

Read More
About The New York FY 2025 Budget – CDPAP FIs Under Threat

Alerts

Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Anderson, Beauchamp, Murray, Angeles, Monegro, and Bullock—Targeting Businesses in Recent Flurry of Lawsuits

Read More
About Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Anderson, Beauchamp, Murray, Angeles, Monegro, and Bullock—Targeting Businesses in Recent Flurry of Lawsuits

Alerts

Updated Bulletin on Tracking Technologies in the Health Care Industry

Read More
About Updated Bulletin on Tracking Technologies in the Health Care Industry
Previous Alert
Next Alert
View All Alerts

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out