HealthSecuritySociety

New York Assembly Passes Health Information Privacy Act (NYHIPA); Hochul Set Period To Review, Decide On Enactment

By Jessica Mcfadyen
181
Especially on Long Island, medical experts have acknowledged the struggle of finding general internists to fill in the void left by retiring physicians.
If enacted, NYHIPA will impose stringent compliance requirements on digital health companies operating in or serving residents of New York. These entities will need to reassess their data collection and processing practices to ensure they align with the new consent and usage regulations. File photo: Ground Picture, licensed.

ALBANY, NY- The New York State Legislature has recently passed the New York Health Information Privacy Act (NYHIPA), aiming to enhance the protection of personal health information collected online. The legislation is now awaiting Governor Kathy Hochul’s decision to either sign it into law or veto it.

Key Provisions of NYHIPA:

  • Scope of Regulated Health Information: The act defines “regulated health information” broadly, encompassing data related to an individual’s physical or mental health, payment details, and location data linked to health services. This includes information collected by apps, websites, and wearable devices.
  • Consent Requirements: Entities are prohibited from collecting, using, or selling an individual’s health information without obtaining explicit written consent. This measure targets data brokers and trackers that often handle such data without user awareness.
  • Enforcement and Penalties: The New York Attorney General is empowered to enforce the law, with penalties for violations reaching up to $15,000 per incident or 20% of the entity’s annual revenue derived from New York consumers, whichever is greater.

If enacted, NYHIPA will impose stringent compliance requirements on digital health companies operating in or serving residents of New York. These entities will need to reassess their data collection and processing practices to ensure they align with the new consent and usage regulations. The law’s broad definitions mean that even organizations not traditionally considered healthcare providers could be affected if they handle health-related data

NYHIPA shares similarities with Washington State’s My Health My Data Act but is noted for its broader scope and stricter provisions. Unlike some state laws, NYHIPA does not exempt certain types of data or entities, potentially leading to wider applicability and more significant impacts on businesses.

Governor Hochul has a set period to review the bill and decide on its enactment. If signed into law, NYHIPA will take effect one year from the date of signing, providing entities time to adjust their practices accordingly. Organizations are advised to begin preparations to comply with the anticipated regulations.

Jessica Mcfadyen

Jessica Mcfadyen is a journalist for independent news and media organizations in the United States. Mcfadyen primarily spends her time scouting social media for the latest Local, US and World News for Long Island Guide. She also contributes to a variety of publications through involvement in the Society of Professional Journalists.

Disclaimer (varies based on content, section, category, etc.): News articles on this site may contain opinions of the author, and if opinion, may not necessarily reflect the views of the site itself nor the views of the owners of Long Island Guide. For more information on our editorial policies please view our editorial policies and guidelines section in addition to our fact checking policy and most importantly, our terms of service. All links on this site could lead to commissions paid to the publisher. Please see Advertising Disclosure in sidebar.
Comment via Facebook

Corrections: If you are aware of an inaccuracy or would like to report a correction, we would like to know about it. Please consider sending an email to [email protected] and cite any sources if available. Thank you. (Policy)

You might also like More from author