This bill requires hospitals to adopt and submit to the Department of Health and Human Services a cybersecurity plan that includes provisions related to notifications, communications, continuity of care for patients and patient complaint processes in the event of a cybersecurity intrusion. The cybersecurity plan must include a provision for cybersecurity training for hospital employees and board members and organizations affiliated with the hospital. The bill also adds cybersecurity intrusions impacting patients' access to medical care to the definition of "sentinel event" in the laws governing required reporting of sentinel events.

Statutes affected:
Bill Text LD 2103, HP 1418: 22.1832, 22.8752