On August 15, 2017, the Secretary of Health and Human Services, Tom Price, issued a press release reporting that almost $105 million dollars will be bestowed upon 1,333 health centers across the United States, including its territories; and Washington D.C. Secretary Price stated “Americans deserve a healthcare system that’s affordable, accessible, of the highest quality, with ample choices, driven by world-leading innovations, and responsive to the needs of the individual patient. Supporting health centers across the country helps achieve that mission.”

According to the Health Resources & Services Administration, also known as HRSA, federally qualified health centers (FQHC) “are community-based and patient-directed organizations that deliver comprehensive, culturally competent, high-quality primary health care services.”  The main function of a health center is to provide health services to underprivileged patients where affordable healthcare is either lacking or nonexistent. Services include, but are not limited to, mental health support, substance abuse aid, dental health and many other services. While there are numerous requirements for an organization to qualify as a FQHC, one interesting qualification is that the organization must elect members of the community to serve on its governing board—ensuring that the community has a role when it comes to its own healthcare.

Even though the concept of a health center may be foreign to many in the United States, health centers play an important role in our society.  HRSA has concluded that, based on data from its Uniform Data System, almost 26 million individuals (which equals 1 in every 12 people living in the United States) depended on a health center for health services in 2016, including more than 330,000 veterans. The study also found that 1 in every 3 people living in poverty relied on a health center in 2016.

Living in a politically toxic climate on the topic of healthcare and its reforms, as we currently do today, brings in a breath of fresh air to see our tax dollars being put to good use. Health centers have served as a unique and beneficial service for the underserved and underprivileged for the last 50 years, and the federal government’s continued support appears to be unwavering.

Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity regulations apply to all individuals and entities that “operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law”, with a few exceptions.  This will undoubtedly result in insurance companies and other related healthcare entities, which hold sensitive patient health information, beefing up their internal and external rules and policies.  New York’s proactive stance should be taken with the utmost seriousness seeing that there are more than 400 cyberattacks each day over the internet, or almost 3 every minute.

The United States Congress has enacted a similar law to protect health information, the Health Insurance Portability and Accountability Act (“HIPAA”). However, because HIPAA was enacted and modified years prior to cybersecurity becoming a prominent threat to our society, HIPAA does not provide as much protection to patients’ electronic data as the New York regulations do.  HIPAA does provide important guidelines and safeguards to ensure the integrity and confidentiality of protected health information, but does not elaborate on many of the issues presented in New York’s cybersecurity regulations.

New York’s cybersecurity regulations require all “Covered Entities”, as defined in the regulations, to maintain a cybersecurity program to guard the confidentiality of Nonpublic Information, which includes a risk assessment and a comprehensive cybersecurity policy.  In addition, Covered Entities are now required to designate an individual to serve as the Chief Information Security Officer (“CISO”).  The CISO is tasked with overseeing, implementing and enforcing the Covered Entity’s cybersecurity policy, and is required to report, in writing and at least annually, to the Covered Entity’s Board of Directors or similar governing body.  The CISO’s report must include, as applicable, information on “(1) the confidentiality of Nonpublic Information and the integrity and security of the Covered Entity’s Information Systems; (2) the Covered Entity’s cybersecurity policies and procedures; (3) material cybersecurity risks to the Covered Entity; (4) overall effectiveness of the Covered Entity’s cybersecurity program; and (5) material Cybersecurity Events involving the Covered Entity during the time period addressed by the report.”

Compliance with the cybersecurity regulations will be transitioned over a two-year period with full compliance required by March 1, 2019.