Don’t Stop at HIPAA: HMOs and CCRCs Must Now Also Comply with NYCRR 500

The New York Department of Financial Services (NYS DFS) recently announced that its scope will now include Health Maintenance Organizations (HMOs) and Continuing Care Retirement Communities (CCRCs). As a result, cybersecurity compliance for these organizations is going to get a lot more complicated. HMOs and CCRCs will not only need to adhere to HIPAA requirements, but also to sections of NYCRR 500, including operating under the shadow of the 72-hour breach notification rules. During this panel webinar session, Mark Sangster, Vice President Strategic Marketing, and Ken Rashbaum, Partner at Barton LLP, will explore the impact of these new regulations on HMOs and CCRCs and lead a Q&A discussion on how you can prepare. In this webinar you will learn: • Recent changes to NYCRR 500 cybersecurity requirements • Recommendations for how HMOs and CCRCs can prepare for requirements • Trends, best practices and proactive measures to help mitigate risk and avoid regulatory investigations