· New York’s state attorney general has increased its enforcement actions in recent years. These include:
· University of Rochester Medical Center, $15,000 fine for insufficiently training nurse practitioner who shared patient information (2015)
· CoPilot Support Services, $130,000, for permitting unauthorized access to health records of 220,000 residents (2017)
· Aetna, $1.15 million, for revealing HIV/AIDS status through a mailing label error (2018)
· Arc of Erie County, $200,000, for a business associate exposing sensitive protected health information (2018)
· Emblem Health, $575,000, revealing Social Security numbers on mailing labels (2018)