Health IT Regulations and Resources
SHIN-NY Policy Guidance for 10 NYCRR Part 300
- 10 NYCRR § 300.3(b)(1) v4.2, "privacy and security" – Privacy & Security Policies and Procedures for QEs (PDF)
- 10 NYCRR § 300.3(b)(2) v1.6, "monitoring and enforcement" - Oversight & Enforcement Policies and Procedures for QEs (PDF)
- 10 NYCRR § 300.3(b)(3) v1.7, "minimum service requirements" - Qualified Entity (QE) Minimum Technical Requirements (PDF)
- 10 NYCRR § 300.3(b)(4),(5) v1.6, "organizational characteristics of qualified entities" & "qualified entity certification" - Qualified Entity (QE) Organizational Characteristics Requirements (PDF)
- Qualified Entity (QE) Member Facing Services Requirements v1.7 (PDF)
- Statewide Health Information Network for New York (SHIN-NY) Waiver Appendix A (PDF)
Statewide Common Participation Agreement
Per 10 NYCRR § 300.6, healthcare facilities, as defined in section 18(c)(1) of Public Health Law, must become participants of the Statewide Health Information Network for New York (SHIN-NY). As part of a recent update to the regulations governing the SHIN-NY, all participants must sign the Statewide Common Participation Agreement (SCPA).
- A public comment period for proposed amendments to the SCPA will begin in July 2026. The amendment process is being coordinated by the New York eHealth Collaborative (NYeC), the State Designated Entity for the SHIN-NY, through the Statewide Collaboration Process as required in 10 NYCRR Part 300. Proposed SCPA amendments were drafted in response to stakeholder feedback over the past year since the SCPA was implemented. For more information visit the NYeC website.