State Cybersecurity: NY & NJ Healthcare Approaches
Course
Donald Eckel and Thurain Nyunt discuss preparing for proposed HIPAA Security Rule requirements, balancing information blocking mandates and managing False Claims Act liability.
Federal healthcare cybersecurity regulation remains uncertain as the proposed HIPAA Security Rule faces pushback over impractical requirements like one-hour account disconnection and comprehensive PHI flow tracking across organizations. Healthcare providers face competing pressures: HHS renews information blocking enforcement demanding faster patient data access while OCR targets risk analysis deficiencies, ransomware response delays and breach notification failures. State attorneys general now independently pursue HIPAA violations, and the False Claims Act emerges as a dangerous new enforcement vector - creating treble damage exposure when organizations submit reimbursement claims while knowingly operating vulnerable systems or devices.
The session will cover:
- Preparing for proposed HIPAA Security Rule requirements including asset inventories and accelerated response timelines;
- Balancing information blocking mandates with breach prevention and privacy compliance;
- Managing False Claims Act liability for submitting claims while operating systems with known vulnerabilities.
Here is the course outline:
State-Led Cybersecurity Initiatives: New York and New Jersey Healthcare Models |
Completion
The following certificates are awarded when the course is completed:
 |
CPE Credit Certificate |