Bill > A04983

This bill establishes the New York Health Information Privacy Act, which provides for the protection of health information. The key provisions of the bill are: 1. It defines "regulated health information" as any information reasonably linkable to an individual's physical or mental health, and prohibits the sale of an individual's regulated health information to third parties or the processing of such information without the individual's valid authorization or for a permissible purpose (such as providing a requested service or complying with legal obligations). 2. It requires regulated entities to obtain written consent from individuals before processing their regulated health information, and provides detailed requirements for what must be included in a valid authorization. Regulated entities must also provide individuals with mechanisms to easily revoke their authorization. 3. It grants individuals the right to request access to and deletion of their regulated health information, and requires regulated entities and their service providers to comply with such requests. 4. It imposes security and data retention requirements on regulated entities, and regulates the use of service providers that process regulated health information on behalf of regulated entities. 5. It provides for enforcement by the Attorney General, including civil penalties of up to $15,000 per violation or 20% of revenue from New York consumers, whichever is greater. Overall, the bill aims to enhance privacy protections for individuals' health information in the private sector.

Business and Industry, Housing and Urban Affairs

https://www.nysenate.gov/legislation/bills/2023/A4983