powered by LeadingAge New York
  1. Home
  2. » Advocacy
  3. » Advocacy Action Items
  4. » DFS-Compliant Cybersecurity Policy for CCRCs

DFS-Compliant Cybersecurity Policy for CCRCs

Support A.1185 (Cahill)

LeadingAge New York is urging lawmakers to support A.1185 (Cahill), legislation that would permit Continuing Care Retirement Communities (CCRCs) to adopt written cybersecurity policies and self-certify that such policies are not inconsistent with the goals of the cybersecurity regulations promulgated by the Department of Financial Services (DFS) in 2017.

DFS's final regulations, effective as of March 1, 2017, require most banks, insurers, and other financial institutions within DFS's regulatory jurisdiction to protect their customer information from cyberattacks. All covered entities are also required to annually certify to DFS that they are complying with the regulations, with the first yearly compliance certification due February 15, 2018. Although CCRCs obtain their certificates of authority from the CCRC Council under Article 46 of the Public Health Law and do not operate under a license, registration, charter, certificate, permit, accreditation, or similar authorization from DFS, the agency clarified in writing for the first time in mid-February 2018 that CCRCs are considered covered entities and are subject to the regulations.

New York's CCRCs are much smaller than most financial institutions and insurers that are subject to these regulations. The average CCRC has a total annual operating budget of approximately $20 million. Unlike banks and most insurers, which transact with thousands of customers—often through e-commerce—CCRCs typically collect funds from only 200 to 400 prospective and existing residents in the form of deposits, entrance fees, and monthly fees. Moreover, as health care providers, CCRCs are already subject to standards for privacy of individually identifiable health information under all applicable laws, including those governing technology, security, and privacy, and corresponding regulations.

Enter your information below to contact your lawmakers, urging them to support A.1185 (Cahill). You can also access LeadingAge NY's memo of support here.

 

DFS-Compliant Cybersecurity Policy for CCRCs

2024-25 State Budget Materials

View the 2024-25 State Budget materials here.

5 months ago

DFS-Compliant Cybersecurity Policy for CCRCs

Public Affairs Council

View resources and updates from LeadingAge New York's new Public Affairs Council here.

1 year ago
Legislative Action Center

DFS-Compliant Cybersecurity Policy for CCRCs

Legislative Action Center

View LeadingAge New York's advocacy materials and connect with your lawmakers.

2024 Advocacy Day

DFS-Compliant Cybersecurity Policy for CCRCs

2024 Advocacy Day

While our 2024 Advocacy Day has come and gone, members are encouraged to continue their advocacy by speaking with legislators and sharing our budget issue briefs!

7 months ago
Legislative Bulletin

DFS-Compliant Cybersecurity Policy for CCRCs

Legislative Bulletin

Did you miss an issue of the Legislative Bulletin? Current and past issues are posted here.

Advocacy and Public Policy News

DFS-Compliant Cybersecurity Policy for CCRCs

Advocacy and Public Policy News

Keep up to date on the latest budgetary, legislative, and political developments in New York State.