On August 11, 2025, the Office for Civil Rights (OCR) published updated guidance relating to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (Privacy Rule) in the form of two new FAQs. The FAQs clarify the OCR’s position on (1) permitted disclosures of protected health information (PHI) to value-based care arrangements and (2)
New York Department of Financial Services Updates Cybersecurity Guidance: Coverage of Cybersecurity Requirements Addressed in 4 New FAQs
By Scott Baird & Norman Roos on
Posted in Cybersecurity
On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”).
To aid in compliance with the regulation, the NYDFS recently added new…