Assembly Bill A10486

Vetoed By Governor
2017-2018 Legislative Session

Relates to clarifying that continuing care retirement communities are not subject to certain cybersecurity regulations

download bill text pdf

Sponsored By

Archive: Last Bill Status - Vetoed by Governor


  • Introduced
    • In Committee Assembly
    • In Committee Senate
    • On Floor Calendar Assembly
    • On Floor Calendar Senate
    • Passed Assembly
    • Passed Senate
  • Vetoed By Governor
  • Signed By Governor

Do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.
Actions

Bill Amendments

co-Sponsors

2017-A10486 - Details

See Senate Version of this Bill:
S7940
Law Section:
Insurance Law
Laws Affected:
Amd §1119, Ins L
Versions Introduced in Other Legislative Sessions:
2019-2020: A1185
2021-2022: A749

2017-A10486 - Summary

Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.

2017-A10486 - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   10486
 
                           I N  A S S E M B L Y
 
                              April 30, 2018
                                ___________
 
 Introduced  by M. of A. CAHILL, LUPARDO -- read once and referred to the
   Committee on Insurance
 
 AN ACT to amend the  insurance  law,  in  relation  to  clarifying  that
   continuing  care  retirement communities are not subject to department
   of financial services cybersecurity regulations
 
   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  1119 of the insurance law is amended by adding a
 new subsection (d) to read as follows:
   (D) EXCEPT AS EXPRESSLY REQUIRED  BY  THIS  SECTION,  AN  ORGANIZATION
 AUTHORIZED  TO  OPERATE UNDER ARTICLE FORTY-SIX OF THE PUBLIC HEALTH LAW
 SHALL NOT BE SUBJECT TO  THE  JURISDICTION  OF  THE  SUPERINTENDENT  AND
 REQUIRED  TO  COMPLY WITH RULES AND REGULATIONS OF THE SUPERINTENDENT ON
 MATTERS UNRELATED TO THE PROVISIONS OF THIS SECTION, INCLUDING, BUT  NOT
 LIMITED  TO,  REGULATIONS  RELATING  TO  CYBERSECURITY  REQUIREMENTS FOR
 FINANCIAL SERVICES COMPANIES.    SUCH  ORGANIZATIONS  SHALL  INSTEAD  BE
 SUBJECT  TO THE JURISDICTION OF THE DEPARTMENT OF HEALTH ON SUCH MATTERS
 UNRELATED TO THE PROVISIONS OF THIS  SECTION,  INCLUDING  ANY  PERTINENT
 REGULATIONS OR OVERSIGHT REGARDING CYBERSECURITY REQUIREMENTS.
   § 2. This act shall take effect immediately.
 
 
 
 
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD15486-02-8



              

co-Sponsors

2017-A10486A - Details

See Senate Version of this Bill:
S7940
Law Section:
Insurance Law
Laws Affected:
Amd §1119, Ins L
Versions Introduced in Other Legislative Sessions:
2019-2020: A1185
2021-2022: A749

2017-A10486A - Summary

Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.

2017-A10486A - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                 10486--A
 
                           I N  A S S E M B L Y
 
                              April 30, 2018
                                ___________
 
 Introduced by M. of A. CAHILL, LUPARDO, LIFTON -- read once and referred
   to  the  Committee on Insurance -- committee discharged, bill amended,
   ordered reprinted as amended and recommitted to said committee
 
 AN ACT to amend the insurance law, in relation to authorizing continuing
   care retirement communities to adopt a written cybersecurity policy

   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  1119 of the insurance law is amended by adding a
 new subsection (d) to read as follows:
   (D) SUCH ORGANIZATION MAY ADOPT A WRITTEN CYBERSECURITY POLICY THAT IS
 DESIGNED TO PROTECT  THE  CONFIDENTIALITY,  INTEGRITY  AND  SECURITY  OF
 NONPUBLIC  INFORMATION AND IS IN COMPLIANCE WITH, THE HEALTH INFORMATION
 TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT ("HITECH"),  THE  HEALTH
 INSURANCE PORTABILITY AND ACCOUNTABILITY ACT ("HIPAA"), THE GRAMM-LEACH-
 BLILEY   ACT   AND   ALL  OTHER  APPLICABLE  CYBERSECURITY  AND  PRIVACY
 PROTECTIONS GOVERNING NURSING HOMES, ADULT CARE FACILITIES AND  ASSISTED
 LIVING  RESIDENCES.  THE CYBERSECURITY POLICY SHALL BE SELF-CERTIFIED BY
 SUCH ORGANIZATION AND SUCH SELF-CERTIFIED CYBERSECURITY POLICY SHALL  BE
 FILED WITH THE SUPERINTENDENT.  THE SELF-CERTIFICATION SHALL ATTEST THAT
 THE POLICY PROVIDES SUFFICIENT PROTECTIONS OF NONPUBLIC INFORMATION IN A
 MANNER  WHICH  IS  NOT  INCONSISTENT WITH THE GOALS OF THE CYBERSECURITY
 POLICIES ADOPTED BY FINANCIAL SERVICES COMPANIES PURSUANT TO REGULATIONS
 PROMULGATED BY THE  SUPERINTENDENT.  SUCH  SELF-CERTIFICATION  SHALL  BE
 DEEMED  COMPLIANT WITH SUCH REGULATIONS APPLICABLE TO FINANCIAL SERVICES
 COMPANIES. THE SUPERINTENDENT SHALL REVIEW THE ACCURACY AND  REASONABLE-
 NESS OF THE ATTESTATION. UNLESS THE SUPERINTENDENT OBJECTS TO THE ATTES-
 TATION WITHIN SIXTY DAYS FROM THE DATE IT IS SUBMITTED, SUCH ATTESTATION
 SHALL BE DEEMED APPROVED.
   § 2. This act shall take effect immediately.
 
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD15486-06-8


              

co-Sponsors

2017-A10486B (ACTIVE) - Details

See Senate Version of this Bill:
S7940
Law Section:
Insurance Law
Laws Affected:
Amd §1119, Ins L
Versions Introduced in Other Legislative Sessions:
2019-2020: A1185
2021-2022: A749

2017-A10486B (ACTIVE) - Summary

Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.

2017-A10486B (ACTIVE) - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                 10486--B
                                                            R. R. 122
 
                           I N  A S S E M B L Y
 
                              April 30, 2018
                                ___________
 
 Introduced by M. of A. CAHILL, LUPARDO, LIFTON -- read once and referred
   to  the  Committee on Insurance -- committee discharged, bill amended,
   ordered reprinted as amended and  recommitted  to  said  committee  --
   reported  and  referred  to  the  Committee on Rules -- amended on the
   special order of third reading, ordered reprinted as amended,  retain-
   ing its place on the special order of third reading
 
 AN ACT to amend the insurance law, in relation to authorizing continuing
   care retirement communities to adopt a written cybersecurity policy
 
   THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. Section 1119 of the insurance law is amended  by  adding  a
 new subsection (d) to read as follows:
   (D) SUCH ORGANIZATION MAY ADOPT A WRITTEN CYBERSECURITY POLICY THAT IS
 DESIGNED  TO  PROTECT  THE  CONFIDENTIALITY,  INTEGRITY  AND SECURITY OF
 NONPUBLIC INFORMATION AND IS IN COMPLIANCE WITH: (I) THE HEALTH INFORMA-
 TION TECHNOLOGY FOR ECONOMIC AND CLINICAL  HEALTH  ACT  ("HITECH"),  THE
 HEALTH  INSURANCE  PORTABILITY  AND  ACCOUNTABILITY  ACT  ("HIPAA"), THE
 GRAMM-LEACH-BLILEY ACT; AND (II) ALL OTHER APPLICABLE CYBERSECURITY  AND
 PRIVACY  PROTECTIONS  GOVERNING NURSING HOMES, ADULT CARE FACILITIES AND
 ASSISTED LIVING RESIDENCES TO THE EXTENT THE  PROTECTIONS  GOVERN  THOSE
 COMPONENTS  OF  SUCH ORGANIZATION'S OPERATIONS. THE CYBERSECURITY POLICY
 SHALL BE SELF-CERTIFIED BY SUCH  ORGANIZATION  AND  SUCH  SELF-CERTIFIED
 CYBERSECURITY  POLICY SHALL BE FILED WITH THE SUPERINTENDENT.  THE SELF-
 CERTIFICATION  SHALL  ATTEST  THAT  THE   POLICY   PROVIDES   SUFFICIENT
 PROTECTIONS OF NONPUBLIC INFORMATION IN A MANNER WHICH IS NOT INCONSIST-
 ENT  WITH  THE  GOALS OF THE CYBERSECURITY POLICIES ADOPTED BY FINANCIAL
 SERVICES COMPANIES PURSUANT TO REGULATIONS  PROMULGATED  BY  THE  SUPER-
 INTENDENT.  SUCH  SELF-CERTIFICATION SHALL BE DEEMED COMPLIANT WITH SUCH
 REGULATIONS APPLICABLE TO FINANCIAL SERVICES COMPANIES. THE  SUPERINTEN-
 DENT  SHALL  REVIEW  THE ACCURACY AND REASONABLENESS OF THE ATTESTATION.
 UNLESS THE SUPERINTENDENT OBJECTS TO THE ATTESTATION WITHIN  SIXTY  DAYS
 FROM  THE  DATE  IT  IS  SUBMITTED,  SUCH  ATTESTATION  SHALL  BE DEEMED
 APPROVED.
   § 2. This act shall take effect immediately.
 
              

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.