NY State Senate Bill S158

Current Bill Status - On Floor Calendar

Introduced
In Committee
On Floor Calendar
- Passed Senate
- Passed Assembly
Delivered to Governor
Signed/Vetoed by Governor

Your Voice

Please enter your contact information

First Name *

Last Name *

Email Address *

A valid email address is required.

Home address search or enter your address manually *

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Leave this field blank

Actions

view actions (4)

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Mar 08, 2023	advanced to third reading
Mar 01, 2023	2nd report cal.
Feb 28, 2023	1st report cal.429
Jan 04, 2023	referred to internet and technology

Votes

view votes

Feb 28, 2023 - Internet and Technology committee Vote

S158

committee

Aye

Nay

Aye with Reservations

Absent

Excused

Abstained

show Internet and Technology committee vote details

Internet and Technology Committee Vote: Feb 28, 2023

aye (5)

nay (1)

Walczyk

aye wr (1)

Stec

Co-Sponsors

S158 (ACTIVE) - Details

See Assembly Version of this Bill:: A4983
Law Section:: General Business Law
Laws Affected:: Add Art 42 §§1100 - 1103, Gen Bus L
Versions Introduced in 2021-2022 Legislative Session:: S9599

S158 (ACTIVE) - Summary

Creates privacy standards for electronic health products and services and permissible data brokering; requires consent to be given for the collection and/or sharing of personal health information or other personal data.

S158 (ACTIVE) - Sponsor Memo

 
BILL NUMBER: S158

SPONSOR: KRUEGER
 
TITLE OF BILL:

An act to amend the general business law, in relation to privacy stand-
ards for electronic health products and services and permissible data
brokering

 
PURPOSE OR GENERAL IDEA OF BILL:

This bill would govern companies that collect and sell healthcare infor-
mation, and provides additional rights and protections to users related
to the sale and of their private health information.

 
SUMMARY OF SPECIFIC PROVISIONS:

Section one creates a new article to the General Business Law to govern
the collection of data for electronic health products and services.

Section 1100 creates various definitions that will be used in the rest
of the bill.

Section 1101 makes it unlawful for a covered organization to engage in
data processing, geofencing or data brokering without meeting specific
thresholds related to a need for the data and consent from the user.

Section 1102 creates a private right of action for users that have been
injured a result of a violation of this article.

Section 1103 excludes any actions that are HIPAA compliant from being
governed by this article.

Section 2. Severability

Section 3. Effective Date

 
JUSTIFICATION:

Most residents of the State are under the impression that HIPAA protects
them and their health data from being accessed by third-parties and sold
by and to other organizations. Residents are generally unaware that
their technology is constantly tracking their movements, and geolocation
data is being sold to companies for the purposes of targeted advertise-
ments or tracking. Most users also do not have an understanding of how
much information is being collected, stored, and sold for the benefit of
third-parties. For example, a mobile app to track menstruation cycles
was recently caught selling users' data to antiabortion advocacy organ-
izations.

This bill creates a legal framework for residents to reclaim and retain
control of their healthcare information. Electronic apps or websites
that are designed to provide a diagnosis or retain health information
will be required to receive affirmative consent by the user to retain
such information and would need separate consent to sell such informa-
tion to third-parties.

The legislation also bans the practice of using geolocation at health-
care facilities to target advertisements to individuals. Many companies
offering healthcare products, treatments, or alternatives currently use
geofencing at healthcare facilities to identify potential customers for
their products, and send targeted advertisements to users while they are
at the health facility or shortly their departure.

 
PRIOR LEGISLATIVE HISTORY:

2022: S.9599 - Referred to Rules

 
FISCAL IMPLICATIONS:

None to the State.

 
EFFECTIVE DATE:
This act shall take effect on the sixtieth day after it shall have
become law.

S158 (ACTIVE) - Bill Text download pdf

 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                    158
 
                        2023-2024 Regular Sessions
 
                             I N  S E N A T E
 
                                (PREFILED)
 
                              January 4, 2023
                                ___________
 
 Introduced  by  Sen. KRUEGER -- read twice and ordered printed, and when
   printed to be committed to the Committee on Internet and Technology
 
 AN ACT to amend the general business law, in relation to privacy  stand-
   ards  for electronic health products and services and permissible data
   brokering

   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. The general business law is amended by adding a new article
 42 to read as follows:
                                ARTICLE 42
                  ELECTRONIC HEALTH PRODUCTS AND SERVICES
 
 SECTION 1100. DEFINITIONS.
         1101. ELECTRONIC HEALTH PRODUCTS AND SERVICES; PRIVACY.
         1102. PRIVATE RIGHT OF ACTION.
         1103. ACTIONS THAT ARE HIPAA COMPLIANT.
   §  1100.  DEFINITIONS. FOR THE PURPOSES OF THIS ARTICLE, THE FOLLOWING
 TERMS SHALL HAVE THE FOLLOWING MEANINGS:
   1. "CONSENT" MEANS AN  ACTION  WHICH  (A)  CLEARLY  AND  CONSPICUOUSLY
 COMMUNICATES THE INDIVIDUAL'S VOLUNTARY AUTHORIZATION OF AN ACT OR PRAC-
 TICE;  (B) IS MADE IN THE ABSENCE OF ANY MECHANISM IN THE USER INTERFACE
 THAT HAS THE PURPOSE OR SUBSTANTIAL EFFECT OF OBSCURING, SUBVERTING,  OR
 IMPAIRING DECISION MAKING OR CHOICE TO OBTAIN CONSENT; AND (C) CANNOT BE
 INFERRED  FROM  INACTION. A REQUEST FOR CONSENT SHALL BE PROVIDED TO THE
 INDIVIDUAL IN A CLEAR AND CONSPICUOUS DISCLOSURE, APART FROM ANY PRIVACY
 POLICY, TERMS OF SERVICE, TERMS OF USE, GENERAL RELEASE, USER AGREEMENT,
 OR OTHER SIMILAR DOCUMENT, OF ALL INFORMATION MATERIAL TO THE  PROVISION
 OF CONSENT.
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD01105-01-3
 S. 158                              2

 
   2.  "DEACTIVATION"  MEANS  A USER'S DELETION, REMOVAL, OR OTHER ACTION
 MADE TO TERMINATE HIS OR HER USE OF  AN  ELECTRONIC  HEALTH  PRODUCT  OR
 SERVICE.
   3.  "ELECTRONIC HEALTH PRODUCT OR SERVICE" MEANS ANY SOFTWARE OR HARD-
 WARE, INCLUDING A MOBILE APPLICATION, WEBSITE, OR OTHER RELATED  PRODUCT
 OR  SERVICE,  THAT  IS DESIGNED TO MAINTAIN PERSONAL HEALTH INFORMATION,
 DESIGNED TO DIAGNOSE OR DESIGNED TO INFER A MEDICAL DIAGNOSIS, IN  ORDER
 TO  MAKE  SUCH  PERSONAL  HEALTH INFORMATION AVAILABLE TO A USER OR TO A
 HEALTH CARE PROVIDER AT THE REQUEST OF SUCH USER OR HEALTH CARE  PROVID-
 ER, FOR THE PURPOSES OF ALLOWING SUCH USER TO MANAGE HIS OR HER INFORMA-
 TION, OR FOR THE DIAGNOSIS, INFERRED DIAGNOSIS, TREATMENT, OR MANAGEMENT
 OF A MEDICAL CONDITION.
   4. "HEALTH CARE PROVIDER" MEANS:
   (A) A HOSPITAL AS DEFINED IN ARTICLE TWENTY-EIGHT OF THE PUBLIC HEALTH
 LAW, A HOME CARE SERVICES AGENCY AS DEFINED IN ARTICLE THIRTY-SIX OF THE
 PUBLIC  HEALTH  LAW, A HOSPICE AS DEFINED IN ARTICLE FORTY OF THE PUBLIC
 HEALTH LAW, A HEALTH MAINTENANCE  ORGANIZATION  AS  DEFINED  IN  ARTICLE
 FORTY-FOUR  OF  THE  PUBLIC  HEALTH  LAW, OR A SHARED HEALTH FACILITY AS
 DEFINED IN ARTICLE FORTY-SEVEN OF THE PUBLIC HEALTH LAW; OR
   (B) A PERSON  LICENSED  UNDER  ARTICLE  ONE  HUNDRED  THIRTY-ONE,  ONE
 HUNDRED  THIRTY-ONE-B, ONE HUNDRED THIRTY-TWO, ONE HUNDRED THIRTY-THREE,
 ONE HUNDRED THIRTY-SIX, ONE HUNDRED THIRTY-NINE, ONE HUNDRED  FORTY-ONE,
 ONE  HUNDRED  FORTY-THREE,  ONE  HUNDRED  FORTY-FOUR, ONE HUNDRED FIFTY-
 THREE, ONE HUNDRED FIFTY-FOUR, ONE  HUNDRED  FIFTY-SIX  OR  ONE  HUNDRED
 FIFTY-NINE OF THE EDUCATION LAW.
   5.  "PERSONAL  HEALTH INFORMATION" MEANS ANY INDIVIDUALLY IDENTIFIABLE
 INFORMATION ABOUT AN INDIVIDUAL'S MENTAL OR PHYSICAL CONDITION  PROVIDED
 BY  SUCH  INDIVIDUAL,  OR OTHERWISE GAINED FROM MONITORING SUCH INDIVID-
 UAL'S MENTAL OR PHYSICAL CONDITION.
   6. "USER" MEANS AN INDIVIDUAL WHO HAS DOWNLOADED OR USES AN ELECTRONIC
 HEALTH PRODUCT OR SERVICE.
   7. "CONSUMER DATA" MEANS ANY INFORMATION THAT IDENTIFIES, RELATES  TO,
 DESCRIBES, IS CAPABLE OF BEING  ASSOCIATED  WITH, OR COULD REASONABLY BE
 LINKED,  EITHER  DIRECTLY  OR  INDIRECTLY,  WITH  A  PARTICULAR CONSUMER
 REGARDLESS IF SUCH DATA CAN BE DERIVED BY THE  CONSUMER,  HOUSEHOLD,  OR
 CONSUMER DEVICE OR DERIVED FROM OTHER SOURCES SUCH AS AN INTERNET PROTO-
 COL ADDRESS.
   8. "DATA PROCESSING" MEANS THE COLLECTION, USE, DISCLOSURE, RETENTION,
 OR PROCESSING OF PERSONAL HEALTH INFORMATION OR OTHER DATA.
   9.  "COVERED  ORGANIZATION"  MEANS AN ENTITY, INCLUDING A DATA BROKER,
 THAT OFFERS AN ELECTRONIC HEALTH PRODUCT OR SERVICE THAT IS  SUBJECT  TO
 THE PROVISIONS OF THIS ARTICLE.
   10.  "DATA  BROKER"  MEANS  A  PERSON  OR  ENTITY THAT COLLECTS, BUYS,
 LICENSES, OR INFERS DATA ABOUT INDIVIDUALS AND THEN SELLS, LICENSES,  OR
 TRADES THAT DATA.
   11. "DIGITAL ADVERTISER" MEANS ANY PERSON, CORPORATION, PARTNERSHIP OR
 ASSOCIATION THAT DELIVERS DIGITAL ADVERTISEMENTS BY ELECTRONIC MEANS.
   12.  "DIGITAL ADVERTISEMENT" SHALL INCLUDE ANY COMMUNICATION DELIVERED
 BY ELECTRONIC MEANS THAT IS INTENDED TO BE  USED  FOR  THE  PURPOSES  OF
 MARKETING,   SOLICITATION,  OR  DISSEMINATION  OF  INFORMATION  RELATED,
 DIRECTLY OR INDIRECTLY, TO GOODS OR SERVICES  PROVIDED  BY  THE  DIGITAL
 ADVERTISER OR A THIRD PARTY.
   13.  "GEOFENCING"  MEANS  A  TECHNOLOGY  THAT  USES GLOBAL POSITIONING
 SYSTEM  COORDINATES,  CELL  TOWER  CONNECTIVITY,  CELLULAR  DATA,  RADIO
 FREQUENCY  IDENTIFICATION,  WI-FI DATA AND/OR ANY OTHER FORM OF LOCATION
 DETECTION, TO ESTABLISH  A  VIRTUAL  BOUNDARY  OR  "GEOFENCE"  AROUND  A
 S. 158                              3
 
 PARTICULAR  LOCATION  THAT  ALLOWS  A  DIGITAL  ADVERTISER  TO TRACK THE
 LOCATION OF AN  INDIVIDUAL  USER  AND  ELECTRONICALLY  DELIVER  TARGETED
 DIGITAL  ADVERTISEMENTS  DIRECTLY TO SUCH USER'S MOBILE DEVICE UPON SUCH
 USER'S ENTRY INTO THE GEOFENCED AREA.
   §  1101.  ELECTRONIC HEALTH PRODUCTS AND SERVICES; PRIVACY. 1.  (A) IT
 SHALL BE UNLAWFUL FOR A COVERED ORGANIZATION TO ENGAGE IN DATA  PROCESS-
 ING, GEOFENCING, OR DATA BROKERING UNLESS:
   (I) THE USER TO WHOM THE INFORMATION OR DATA PERTAINS HAS GIVEN AFFIR-
 MATIVE  EXPRESS  CONSENT  TO  SUCH  DATA  PROCESSING AND IF SUCH COVERED
 ORGANIZATION WILL BROKER USER DATA, THE USER  MUST  ALSO  GIVE  SEPARATE
 AFFIRMATIVE CONSENT TO SUCH DATA BROKERING; AND
   (II)  SUCH  DATA PROCESSING, GEOFENCING OR DATA BROKERING, IS STRICTLY
 NECESSARY AND FOR THE PURPOSE OF:
   (A) PROTECTING AGAINST MALICIOUS, FRAUDULENT, OR ILLEGAL ACTIVITY;
   (B) DETECTING, RESPONDING TO,  OR  PREVENTING  SECURITY  INCIDENTS  OR
 THREATS; OR
   (C) COMPLYING WITH A COURT ORDER ISSUED TO THE COVERED ORGANIZATION.
   (B)  THE GENERAL NATURE OF ANY DATA PROCESSING OR DATA BROKERING SHALL
 BE CONVEYED BY THE COVERED ORGANIZATION IN CLEAR AND PROMINENT TERMS  IN
 SUCH  A  WAY  THAT AN ORDINARY CONSUMER WOULD NOTICE AND UNDERSTAND SUCH
 TERMS.
   (C) A USER MAY CONSENT TO DATA PROCESSING OR DATA BROKERING ON  BEHALF
 OF HIS OR HER DEPENDENT MINORS.
   (D)  A COVERED ORGANIZATION SHALL PROVIDE AN EFFECTIVE MECHANISM FOR A
 USER TO REVOKE THEIR CONSENT AFTER IT IS GIVEN.  AFTER  A  USER  REVOKES
 THEIR  CONSENT, THE COVERED ORGANIZATION SHALL CEASE ALL DATA PROCESSING
 AND DATA BROKERING OF SUCH USER'S PERSONAL HEALTH INFORMATION  OR  OTHER
 DATA  AS SOON AS PRACTICABLE, BUT NOT LATER THAN FIFTEEN DAYS AFTER SUCH
 USER REVOKES SUCH CONSENT.
   2. IN ORDER TO OBTAIN CONSENT IN COMPLIANCE WITH  SUBDIVISION  ONE  OF
 THIS SECTION, A COVERED ORGANIZATION OFFERING AN ELECTRONIC HEALTH PROD-
 UCT OR SERVICE SHALL:
   (A)  DISCLOSE  TO  THE  USER  ALL  DATA,  PERSONAL HEALTH INFORMATION,
 LOCATION DATA, AND OTHER PERSONAL DATA SUCH ELECTRONIC HEALTH PRODUCT OR
 SERVICE WILL COLLECT FROM THE USER UPON OBTAINING CONSENT;
   (B) DISCLOSE TO THE USER ALL  THIRD  PARTIES  WITH  WHOM  SUCH  USER'S
 PERSONAL  HEALTH INFORMATION OR OTHER PERSONAL DATA MAY BE SHARED BY THE
 ELECTRONIC HEALTH PRODUCT OR SERVICE UPON OBTAINING CONSENT;
   (C) DISCLOSE TO THE USER  THE  PURPOSE  FOR  COLLECTING  ANY  PERSONAL
 HEALTH INFORMATION OR OTHER PERSONAL DATA; AND
   (D) ALLOW THE USER TO WITHDRAW CONSENT AT ANY TIME.
   3.  NO ELECTRONIC HEALTH PRODUCT OR SERVICE SHALL COLLECT ANY PERSONAL
 HEALTH INFORMATION OR OTHER  PERSONAL  DATA  BEYOND  WHICH  A  USER  HAS
 SPECIFICALLY  CONSENTED  TO SHARE WITH SUCH ELECTRONIC HEALTH PRODUCT OR
 SERVICE UNDER SUBDIVISION ONE OF THIS SECTION.
   4. (A) AN ELECTRONIC HEALTH PRODUCT OR SERVICE SHALL DELETE OR  OTHER-
 WISE  DESTROY  ANY  PERSONAL  HEALTH  INFORMATION OR OTHER PERSONAL DATA
 COLLECTED FROM A USER IMMEDIATELY UPON SUCH USER'S  REQUEST,  WITHDRAWAL
 OF CONSENT; OR UPON SUCH USER'S DEACTIVATION OF HIS OR HER ACCOUNT.
   (B)  A  COVERED  ORGANIZATION  THAT  COLLECTS A USER'S PERSONAL HEALTH
 INFORMATION OR OTHER DATA SHALL LIMIT ITS COLLECTION AND SHARING OF THAT
 INFORMATION WITH THIRD PARTIES TO WHAT IS STRICTLY NECESSARY TO  PROVIDE
 A SERVICE OR CONDUCT AN ACTIVITY THAT A USER HAS REQUESTED OR IS STRICT-
 LY NECESSARY FOR SECURITY OR FRAUD PREVENTION.
   (C)  A  COVERED  ORGANIZATION  THAT  COLLECTS A USER'S PERSONAL HEALTH
 INFORMATION OR OTHER DATA SHALL LIMIT ITS  USE  AND  RETENTION  OF  SUCH
 S. 158                              4
 
 INFORMATION  TO  WHAT  IS  REASONABLY  NECESSARY TO PROVIDE A SERVICE OR
 CONDUCT AN ACTIVITY THAT A USER HAS REQUESTED OR A  RELATED  OPERATIONAL
 PURPOSE,  PROVIDED  THAT  INFORMATION  COLLECTED  OR RETAINED SOLELY FOR
 SECURITY OR FRAUD PREVENTION MAY NOT BE USED FOR OPERATIONAL PURPOSES.
   5.  A  COVERED  ORGANIZATION  SHALL  NOT  DISCRIMINATE  AGAINST A USER
 BECAUSE THE USER EXERCISED ANY OF THE USER'S RIGHTS UNDER THIS TITLE, OR
 DID NOT AGREE TO  INFORMATION  PROCESSING  FOR  A  SEPARATE  PRODUCT  OR
 SERVICE, INCLUDING, BUT NOT LIMITED TO, BY:
   (A) DENYING GOODS OR SERVICES TO THE USER.
   (B)  CHARGING DIFFERENT PRICES OR RATES FOR GOODS OR SERVICES, INCLUD-
 ING THROUGH THE USE OF DISCOUNTS OR OTHER BENEFITS  OR  IMPOSING  PENAL-
 TIES.
   (C) PROVIDING A DIFFERENT LEVEL OR QUALITY OF GOODS OR SERVICES TO THE
 USER.
   (D)  SUGGESTING  THAT  THE  CONSUMER WILL RECEIVE A DIFFERENT PRICE OR
 RATE FOR GOODS OR SERVICES OR A DIFFERENT LEVEL OR QUALITY OF  GOODS  OR
 SERVICES.
   6.  A  COVERED  ORGANIZATION  SHALL  IMPLEMENT AND MAINTAIN REASONABLE
 SECURITY PROCEDURES AND PRACTICES, INCLUDING  ADMINISTRATIVE,  PHYSICAL,
 AND  TECHNICAL  SAFEGUARDS, APPROPRIATE TO THE NATURE OF THE INFORMATION
 AND THE PURPOSES FOR WHICH THE PERSONAL HEALTH INFORMATION OR OTHER DATA
 WILL BE USED, TO PROTECT CONSUMERS' PERSONAL HEALTH INFORMATION OR OTHER
 DATA FROM UNAUTHORIZED USE, DISCLOSURE, ACCESS, DESTRUCTION, OR  MODIFI-
 CATION.
   7.  (A)  IT SHALL BE UNLAWFUL FOR ANY PERSON, CORPORATION, PARTNERSHIP
 OR ASSOCIATION TO DELIVER BY ELECTRONIC MEANS ANY DIGITAL  ADVERTISEMENT
 TO  A  USER THROUGH THE USE OF GEOFENCING AT ANY HEALTH CARE FACILITY AS
 DEFINED IN SUBDIVISION ONE OF THIS SECTION.
   (B) IT SHALL BE UNLAWFUL FOR ANY PERSON, CORPORATION,  PARTNERSHIP  OR
 ASSOCIATION  TO  ESTABLISH  A GEOFENCE OR SIMILAR VIRTUAL BOUNDARY IN OR
 AROUND ANY HEALTH CARE FACILITY FOR THE PURPOSE OF DELIVERING  BY  ELEC-
 TRONIC  MEANS  A DIGITAL ADVERTISEMENT TO A USER WITHIN SUCH HEALTH CARE
 FACILITY.
   § 1102. PRIVATE RIGHT OF ACTION. 1. ANY PERSON WHO HAS BEEN INJURED BY
 REASON OF A VIOLATION OF THIS ARTICLE MAY BRING AN ACTION IN HIS OR  HER
 OWN  NAME, OR IN THE NAME OF HIS OR HER MINOR CHILD, TO SEEK DECLARATORY
 RELIEF, TO ENJOIN SUCH UNLAWFUL  ACT,  TO  RECOVER  HIS  OR  HER  ACTUAL
 DAMAGES, TO SEEK STATUTORY DAMAGES AS PROVIDED PURSUANT TO THIS SECTION,
 OR  ANY  COMBINATION  OF  SUCH  ACTIONS.  ANY  VIOLATION OF THIS ARTICLE
 CONSTITUTES AN INJURY-IN-FACT AND A HARM TO ANY AFFECTED INDIVIDUAL. THE
 COURT SHALL AWARD REASONABLE ATTORNEY'S FEES TO A PREVAILING PLAINTIFF.
   2. ANY COVERED ORGANIZATION THAT VIOLATES THIS ARTICLE IS  SUBJECT  TO
 DECLARATORY  JUDGMENT,  AN INJUNCTION AND LIABLE FOR DAMAGES AND A CIVIL
 PENALTY. WHEN CALCULATING DAMAGES AND CIVIL PENALTIES, THE  COURT  SHALL
 CONSIDER  THE  NUMBER  OF  AFFECTED  INDIVIDUALS,  THE  SEVERITY  OF THE
 VIOLATION, AND THE SIZE AND REVENUES OF THE COVERED ORGANIZATION.  ADDI-
 TIONALLY,  STATUTORY  DAMAGES  SHALL  BE  AWARDED  IN THE AMOUNT OF FIVE
 HUNDRED DOLLARS PER VIOLATION. EACH INDIVIDUAL WHOSE DATA WAS UNLAWFULLY
 PROCESSED COUNTS AS A SEPARATE VIOLATION. EACH PROVISION OF THIS ARTICLE
 THAT WAS VIOLATED COUNTS AS A SEPARATE VIOLATION.
   § 1103. ACTIONS THAT ARE HIPAA  COMPLIANT.  NOTHING  IN  THIS  ARTICLE
 SHALL  PROHIBIT  ANY ACTION TAKEN WITH RESPECT TO THE HEALTH INFORMATION
 OF AN INDIVIDUAL BY A DATA  BROKER  THAT  IS  A  BUSINESS  ASSOCIATE  OR
 COVERED  ORGANIZATION  THAT IS PERMISSIBLE UNDER THE FEDERAL REGULATIONS
 CONCERNING STANDARDS FOR PRIVACY  OF  INDIVIDUALLY  IDENTIFIABLE  HEALTH
 S. 158                              5
 
 INFORMATION  PROMULGATED  UNDER  SECTION  264(C) OF THE HEALTH INSURANCE
 PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (42 U.S.C. 1320D- 20 2 NOTE).
   §  2.  Severability.  If any clause, sentence, paragraph, subdivision,
 section or part of this act shall be adjudged by any court of  competent
 jurisdiction  to  be invalid, such judgment shall not affect, impair, or
 invalidate the remainder thereof, but shall be confined in its operation
 to the clause, sentence, paragraph, subdivision, section or part thereof
 directly involved in the controversy in which such judgment  shall  have
 been rendered. It is hereby declared to be the intent of the legislature
 that  this  act  would have been enacted even if such invalid provisions
 had not been included herein.
   § 3. This act shall take effect on the sixtieth  day  after  it  shall
 have become a law.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

The New York State Senate

senate Bill S158

Sponsored By

Current Bill Status - On Floor Calendar

Your Voice

Actions

Votes

Feb 28, 2023 - Internet and Technology committee Vote

Internet and Technology Committee Vote: Feb 28, 2023

Co-Sponsors

S158 (ACTIVE) - Details

S158 (ACTIVE) - Summary

S158 (ACTIVE) - Sponsor Memo

S158 (ACTIVE) - Bill Text download pdf

Comments

senate Bill S158

Share this bill

Sponsored By

Liz Krueger

Current Bill Status - On Floor Calendar

Your Voice

Actions

Votes

Feb 28, 2023 - Internet and Technology committee Vote

Internet and Technology Committee Vote: Feb 28, 2023

Co-Sponsors

Leroy Comrie

Michelle Hinchey

Brad Hoylman-Sigal

S158 (ACTIVE) - Details

S158 (ACTIVE) - Summary

S158 (ACTIVE) - Sponsor Memo

S158 (ACTIVE) - Bill Text download pdf

Comments