Outline of New York State & the NYS Assembly Seal

New York State Assembly

Speaker Carl E. Heastie
 
     
  •  Summary 
    •  
  •  Actions 
    •  
  •  Committee Votes 
    •  
  •  Floor Votes 
    •  
  •  Memo 
    •  
  •  Text 
    •  
  •  LFIN 
    •  
  •  Chamber Video/Transcript 

A10357 Summary:

BILL NOA10357
 
SAME ASSAME AS S09269
 
SPONSORRosenthal
 
COSPNSRReyes, Dinowitz, Simon, Glick, Cunningham, Tapia, Shimsky, Bichotte Hermelyn, Burdick, Braunstein, Lucas, Seawright, Stirpe, Kim, Dilan, Taylor, Septimo, Gonzalez-Rojas, Levenberg, Mitaynes, Ramos, Otis, Weprin, Kelles, Lee, O'Pharrow, Pheffer Amato, Gallagher, Romero
 
MLTSPNSR
 
Add Art 42 §§1120 - 1129, Gen Bus L
 
Provides for the protection of health information; establishes requirements for communications to individuals about their health information; requires either written consent or a designated necessary purpose for the processing of an individual's health information.
Go to top

A10357 Memo:

NEW YORK STATE ASSEMBLY
MEMORANDUM IN SUPPORT OF LEGISLATION
 submitted in accordance with Assembly Rule III, Sec 1(f)




 
BILL NUMBER: A10357
 
SPONSOR: Rosenthal

 
TITLE OF BILL:
 
An act to amend the general business law, in relation to providing for
the protection of health information
 
 
PURPOSE OR GENERAL IDEA OF BILL:
 
This bill would govern companies that collect and sell healthcare infor-
mation and provides additional rights and protections to users related
to the sale and of their private health information,
 
 
SUMMARY OF SPECIFIC PROVISIONS:
 
Section one amends the general business law by adding a new article
42-A.
 
Section two provides a severability clause.

Section three establishes the effective date.
 
 
JUSTIFICATION:
 
Most residents of the State are under the impression that HIPAA protects
them and their health data from being accessed by third parties and sold
by and to other organizations. Residents are generally unaware that
their technology is constantly tracking their movements, and geolocation
data is being sold to companies for the purposes of targeted advertise-
ments or tracking. Most users also do not have an understanding of how
much information is being collected, stored, and sold for the benefit of
third parties, For example, a mobile app to track menstruation cycles
was recently caught selling users' data to antiabortion advocacy organ-
izations.
 
This bill creates a legal framework for residents to reclaim and retain
control of their healthcare information. Electronic apps or websites,
that are designed to provide a diagnosis or retain health information
will be required to receive affirmative consent by the user to retain
such information and would provide users the ability to rescind such
consent. The bill also provides a legal remedy for those whose data was
improperly collected or used.
 
 
PRIOR LEGISLATIVE HISTORY:
 
2025-26: A.2141/S.929 - Vetoed
 
2023-24: A.4983-D - Advanced to Third Reading; S.158-E Advanced to Third
Reading
 
 
FISCAL IMPLICATIONS:
 
None to the State.
 
 
EFFECTIVE DATE:
Six months.
Go to top