Health IT Regulations and Resources
SHIN-NY Policy Guidance for 10 NYCRR Part 300
- 10 NYCRR § 300.3(b)(1) v4.2, "privacy and security" – Privacy & Security Policies and Procedures for QEs (PDF)
- 10 NYCRR § 300.3(b)(2) v1.6, "monitoring and enforcement" - Oversight & Enforcement Policies and Procedures for QEs (PDF)
- 10 NYCRR § 300.3(b)(3) v1.7, "minimum service requirements" - Qualified Entity (QE) Minimum Technical Requirements (PDF)
- 10 NYCRR § 300.3(b)(4),(5) v1.6, "organizational characteristics of qualified entities" & "qualified entity certification" - Qualified Entity (QE) Organizational Characteristics Requirements (PDF)
- Qualified Entity (QE) Member Facing Services Requirements v1.7 (PDF)
- Statewide Health Information Network for New York (SHIN-NY) Waiver Appendix A (PDF)
Statewide Common Participation Agreement
Per 10 NYCRR § 300.6, healthcare facilities, as defined in section 18(c)(1) of Public Health Law, must become participants of the Statewide Health Information Network for New York (SHIN-NY). As part of a recent update to the regulations governing the SHIN-NY, all participants must sign the Statewide Common Participation Agreement (SCPA). The deadline to complete the SCPA for regulated facilities was September 30, 2025.
- Corrective Action Plan Template (PDF) for regulated facilities that did not meet 09/30/2025 deadline
