HMOs and CCRCs Must Now Also Comply with NYCRR 500

The New York Department of Financial Services (NYS DFS) recently announced that its scope will now include Health Maintenance Organizations (HMOs) and Continuing Care Retirement Communities (CCRCs).

As a result, cybersecurity compliance for these organizations is going to get a lot more complicated. HMOs and CCRCs will not only need to adhere to HIPAA requirements, but also to sections of NYCRR 500, including operating under the shadow of the 72-hour breach notification rules. 

During this panel webinar session, Mark Sangster, Vice President Strategic Marketing, and Ken Rashbaum, Partner at Barton LLP, will explore the impact of these new regulations on HMOs and CCRCs and lead a Q&A discussion on how you can prepare.

During this webinar you will learn:

  • Recent changes to NYCRR 500 cybersecurity requirements
  • Recommendations for how HMOs and CCRCs can prepare for requirements
  • Trends, best practices and proactive measures to help mitigate risk and avoid regulatory investigations

 

About the Speakers

Mark Sangster

As a member of the LegalSec Council with the International Legal Technology Association (ILTA), Mark Sangster is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations. In addition to his passion for cybersecurity, Mark's 20-year sales and marketing career was established with industry giants like Intel Corporation, BlackBerry and Cisco Systems. Mark's experience unites a strong technical aptitude, and an intuitive understanding of regulatory agencies. Mark holds a Bachelor in Psychology degree from the University of Western Ontario, and a Business Diploma from Humber College

Ken Rashbaum

Kenneth N. Rashbaum is a partner at Barton LLP. In his capacity as a nationally known expert on data privacy, Ken counsels healthcare organizations on compliance with federal, state and judicial standards governing protected health information. He has served as HIPAA and privacy counsel to major hospital systems, health plans, physicians’ groups, cloud computing providers and health information application developers; advised academic hospital systems on protocols for implementation of electronic health records; and provided counsel on risk management issues in access, uses and disclosures of electronic patient information.