In a comment letter submitted this week, NADP outlined industry concerns related to a proposal
from the New York Department of Financial Services (DFS) to establish
Cybersecurity requirements for financial services companies, including
dental plans and with broad application to third parties, brokers and
concerns focused on the broad definitions for ‘covered entities’ and the
legal liability carriers would shoulder for downstream entities. As
drafted, it appears that all licensed New York brokers will be “Covered
Entities” except for very limited exceptions. In addition, all
participating and non-participating providers as well as all third-party
administrators, benefit administrators, enrollers and other entities
and individuals in the distribution and enrollment channel, among
others, will be subject to the third-party responsibilities within the
more reasonable exemptions, without which, carriers may be forced to
preclude smaller brokers, individual dental providers and other smaller
players from participation in the health and group insurance business.
As NADP only
learned of the rule last Thursday, the Government Relations Workgroup
(GRW) and Commission on Advocacy Policy (CAP) look forward to reviewing
the proposal more closely and discussing this with member plans and DFS.
Please reach out to NADP staff with additional thoughts, concerns or questions. We appreciate any additional input as discussions on this continue.