Bill Text: NY A01185 | 2019-2020 | General Assembly | Introduced
Bill Title: Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.
Spectrum: Partisan Bill (Democrat 3-0)
Status: (Introduced - Dead) 2020-01-08 - referred to insurance [A01185 Detail]
Download: New_York-2019-A01185-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 1185 2019-2020 Regular Sessions IN ASSEMBLY January 14, 2019 ___________ Introduced by M. of A. CAHILL, LIFTON, LUPARDO -- read once and referred to the Committee on Insurance AN ACT to amend the insurance law, in relation to authorizing continuing care retirement communities to adopt a written cybersecurity policy The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. Section 1119 of the insurance law is amended by adding a 2 new subsection (d) to read as follows: 3 (d) Such organization may adopt a written cybersecurity policy that is 4 designed to protect the confidentiality, integrity and security of 5 nonpublic information and is in compliance with: (i) the Health Informa- 6 tion Technology for Economic and Clinical Health Act ("HITECH"), the 7 Health Insurance Portability and Accountability Act ("HIPAA"), the 8 Gramm-Leach-Bliley Act; and (ii) all other applicable cybersecurity and 9 privacy protections governing nursing homes, adult care facilities and 10 assisted living residences to the extent the protections govern those 11 components of such organization's operations. The cybersecurity policy 12 shall be self-certified by such organization and such self-certified 13 cybersecurity policy shall be filed with the superintendent. The self- 14 certification shall attest that the policy provides sufficient 15 protections of nonpublic information in a manner which is not inconsist- 16 ent with the goals of the cybersecurity policies adopted by financial 17 services companies pursuant to regulations promulgated by the super- 18 intendent. Such self-certification shall be deemed compliant with such 19 regulations applicable to financial services companies. The superinten- 20 dent shall review the accuracy and reasonableness of the attestation. 21 Unless the superintendent objects to the attestation within sixty days 22 from the date it is submitted, such attestation shall be deemed 23 approved. 24 § 2. This act shall take effect immediately. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD05987-01-9