States will increasingly be stepping up to fill gaps in the healthcare sector with new cyber legislation and requirements as the Trump administration promises to roll back regulations, predicts attorney Amy Magnano of the law firm Morgan Lewis’ healthcare practice.
“Probably more than anything else, I expect to see states with a more sophisticated cybersecurity, infrastructure and or agency presence to start rolling out proposed legislation surrounding what requirements they expect folks to have in the cybersecurity space,” she said.
New York State, for instance, in October 2024 enacted tough new cybersecurity regulations for hospitals. New York State’s legislature also recently passed a health information privacy law that is awaiting the governor’s signature.
More states – including perhaps other East Coast states, as well as California – could make similar cyber legislative and regulatory moves, Magnano predicted.
“I expect to see all those states to start to think really hard about pushing out laws surrounding this area,” she said. But the caveat for all of them is funding, she said in an interview with Information Security Media Group.
“I think it would be helpful if, like New York, they coupled that with funding versus just more regulation. Because a lot of covered entities in the healthcare sector are still reeling from a number of factors that have impacted their reimbursement structure the last several years,” she said.
“So, funding along with the laws would be a helpful way for the states to bring along that change. But each state is also struggling with its own budgetary issues.”
In this audio interview with Information Security Media Group (see audio link below photo), Magnano also discussed:
- The proposed update to the HIPAA Security Rule that was issued in the final weeks of the Biden administration, and what might happen with that;
- Steps that HIPAA-covered organizations and business associates should take to enhance cybersecurity practices while in the midst of regulatory uncertainty;
- Considerations involving the protection of health data used with artificial intelligence tools.
Magnano, a Morgan Lewis partner, focuses on healthcare litigation and regulatory matters, representing providers and facilities in complex disputes, licensing and regulatory investigations. She advises on healthcare compliance, including HIPAA, HITECH, state privacy regulations, and 42 CFR Part 2, with a strong emphasis on privacy, security, and breach notification requirements.