Connecticut § 19a-490ll Audit of hospital's cybersecurity disruption plan. Availability for inspection by Departments of Public Health and Administrative Services and Division of Emergency Management and Homeland Security. Confidentiality of information.

Connecticut Statutes

§ 19a-490ll — Audit of hospital's cybersecurity disruption plan. Availability for inspection by Departments of Public Health and Administrative Services and Division of Emergency Management and Homeland Security. Confidentiality of information.

Connecticut § 19a-490ll

Title 19aPublic Health and Well-Being

Ch. 368vHealth Care Institutions

This text of Connecticut § 19a-490ll (Audit of hospital's cybersecurity disruption plan. Availability for inspection by Departments of Public Health and Administrative Services and Division of Emergency Management and Homeland Security. Confidentiality of information.) is published on Counsel Stack Legal Research, covering Connecticut primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Conn. Gen. Stat. § 19a-490ll (2026).

Text

Not later than January 1, 2025, and not less than annually thereafter, each hospital licensed pursuant to this chapter, except any such hospital that is operated exclusively by the state, shall (1) submit the hospital's plans and processes to respond to a cybersecurity disruption of the hospital's operations to an audit by an independent, certified cybersecurity auditor or cybersecurity expert credentialed by the Information Systems Audit and Control Association, or similar entity that provides such credentials, to determine the adequacy of such plans and processes and identify any necessary improvements to such plans and processes, and (2) make available for inspection on a confidential basis to the Departments of Public Health and Administrative Services and the Division of Emergency Man

Free access — add to your briefcase to read the full text and ask questions with AI

Not later than January 1, 2025, and not less than annually thereafter, each hospital licensed pursuant to this chapter, except any such hospital that is operated exclusively by the state, shall (1) submit the hospital's plans and processes to respond to a cybersecurity disruption of the hospital's operations to an audit by an independent, certified cybersecurity auditor or cybersecurity expert credentialed by the Information Systems Audit and Control Association, or similar entity that provides such credentials, to determine the adequacy of such plans and processes and identify any necessary improvements to such plans and processes, and (2) make available for inspection on a confidential basis to the Departments of Public Health and Administrative Services and the Division of Emergency Management and Homeland Security within the Department of Emergency Services and Public Protection information regarding whether such plans and processes have been determined to be adequate pursuant to such audit and the steps the hospital is taking to implement any recommended improvements by the auditor. Any recipient of the information submitted or made available pursuant to this section shall maintain the maximum level of confidentiality allowed under law for such information and shall not disclose such information except as expressly required by law. The information submitted or made available pursuant to this section shall be exempt from disclosure under the Freedom of Information Act, as defined in section 1-200.