Keypoint: With the increased frequency and severity of cyberattacks against healthcare systems, state and federal agencies strive to improve cybersecurity controls with varied success.

In November 2023, New York Governor Kathy Hochul announced proposed regulations that would be the first state regulations for hospitals in New York. The governor described the proposed regulation as a “nation-leading blueprint” that would complement the federal Health Insurance Portability and Accountability Act (HIPAA) Security Rule enforced by the U.S. Department of Health and Human Services (HHS).

In the wake of the #MeToo Movement, New York, California and a number of other jurisdictions, both local and state, have passed new laws aimed at combatting sexual harassment in the workplace.  The New York laws require written sexual harassment prevention policy, assurance that all current and new employees, and even applicants for employment, receive a copy of the policy, and mandate annual sexual harassment training for all employees.  In addition, New York law now provides that employers can be liable for sexual harassment of nonemployees in the workplace, such as contractors, vendors and subcontractors.  Recent legislation prohibits employers from using mandatory arbitration provisions in employment contracts or nondisclosure agreements except when this is the victim preference.  Let me suggest that there are some important lessons to be learned from these laws.