One record. Two sets of rules. In New York, the state rules are often stricter.
New York layers some of the strongest health privacy protections in the country on top of federal HIPAA. The SHIELD Act, Mental Hygiene Law Article 33, and Public Health Law 27-F all impose additional requirements on healthcare organizations operating in New York. EZBunny's course covers what state law adds to your compliance obligations.
Start 14-day free trialIf you operate in New York, SHIELD Act and Public Health Law requirements apply on top of federal HIPAA obligations.
Course Details
20 minutes
State
New York Law
Online, self-paced
What your team will learn
- The SHIELD Act: broader privacy protections than HIPAA
- What counts as 'private information' under New York law
- Mental health records: New York goes further than HIPAA (Article 33)
- HIV confidentiality under Public Health Law 27-F
- The layered protection model (federal + state requirements)
- Infection control CE requirements for NY-licensed providers (PHL Section 239)
- Mandatory reporting obligations under Social Services Law 413
- Current NY law enforcement and penalties
Who needs this training?
If you operate in New York, multiple state laws apply on top of federal HIPAA. R = Required by regulation. S = Strongly recommended.
| Practice Type | Status | Authority |
|---|---|---|
| Physician Practices & Medical Groups | Required (if NY) | NY PHL 239 / SSL 413 |
| Dental Offices | Required (if NY) | NY PHL 239 |
| Urgent Care Centers | Required (if NY) | NY PHL 239 / SHIELD Act |
| Home Health Agencies | Required (if NY) | NY PHL 239 |
| Behavioral Health & SUD Treatment | Required (if NY) | MHL Art. 33 / PHL 27-F |
| Chiropractic Offices | Required (if NY) | SHIELD Act / SSL 413 |
| Physical Therapy & Rehab Clinics | Required (if NY) | SHIELD Act / SSL 413 |
| Ambulatory Surgery Centers (ASCs) | Required (if NY) | NY PHL 239 / SHIELD Act |
| Pharmacies | Required (if NY) | SHIELD Act |
| Mental Health Private Practices | Required (if NY) | MHL Art. 33 / SSL 413 |
| Community Health Centers (FQHCs) | Required (if NY) | Multiple NY laws |
| Telehealth Providers | Required (if NY) | SHIELD Act |
Which roles must complete this training?
If you operate in New York, all staff need awareness of state-specific requirements:
- Licensed health professionals (physicians, PAs, dentists, hygienists, RNs, LPNs, NPs, optometrists, podiatrists, athletic trainers): Infection control CE every 4 years per PHL Section 239
- All healthcare workers: Mandatory reporter training at hire under Social Services Law 413
- Mental health providers: Additional training on Article 33 protections for mental health records
- All employees: Sexual harassment prevention training, annually, per NY Labor Law 201-g
Common New York State compliance training questions
How is the SHIELD Act different from HIPAA?
The SHIELD Act applies to any organization holding private information of New York residents - not just HIPAA-covered entities. It broadens the definition of private information, requires specific data security safeguards, and imposes breach notification requirements with shorter timelines than federal law.
What are New York's mental health record protections?
Mental Hygiene Law Article 33 provides stricter protections for mental health records than HIPAA. Disclosure generally requires patient consent, and the redisclosure protections are stronger. Clinical notes from mental health treatment have additional layers of protection beyond standard medical records.
What is PHL 27-F and how does it affect HIV records?
Public Health Law Article 27-F governs the confidentiality of HIV-related information in New York. It is stricter than HIPAA: HIV test results and related information require specific written authorization for disclosure, with limited exceptions. The penalties for unauthorized disclosure are significant.
What infection control training is required for NY-licensed providers?
PHL Section 239 requires infection control training every 4 years for licensed healthcare professionals. This covers physicians, PAs, dentists, dental hygienists, RNs, LPNs, NPs, optometrists, podiatrists, and athletic trainers. This is a licensure requirement - failure to complete it can affect license renewal.
If you operate in New York, make sure your team knows what state law requires
20 minutes per person. Certificate on completion. Start your 14-day free trial now.
Start 14-day free trialRegulatory Disclaimer
Training requirements vary by organization type, size, state, payer mix, and accreditation. This guide reflects common federal and state requirements as of April 2026 and is not legal advice. Consult your compliance officer or legal counsel for requirements specific to your organization. State-specific content currently covers CA, TX, FL, NY, and IL. Additional states may have requirements not listed here. Last reviewed: April 2026.