Bill > S00929

This bill establishes the New York Health Information Privacy Act, which provides comprehensive protections for individuals' health information. The bill defines "regulated health information" as any information reasonably linkable to an individual and collected in connection with their physical or mental health. It requires regulated entities (businesses processing health information) to obtain either explicit written consent or have a strictly necessary purpose for processing an individual's health information. The bill mandates clear, accessible communications about how health information will be used, requiring notices in plain language and multiple languages. Key provisions include requiring separate authorization for different types of processing, allowing individuals to easily access and delete their health information, and prohibiting entities from selling personal health data or discriminating against individuals who do not provide authorization. Entities must implement robust security measures to protect health information and can face significant penalties of up to $15,000 per violation or 20% of revenue from New York consumers. The law would apply to businesses processing health information of New York residents, with some exemptions for government entities, existing healthcare providers, and certain clinical research activities. The bill aims to give individuals more control over their personal health data and prevent unauthorized use or sale of sensitive information.

Business and Industry

https://www.nysenate.gov/legislation/bills/2025/S929