The Agency for Health Care Administration (AHCA), which manages Florida’s Medicaid program, will held a public rule development workshop on September 17, 2025 regarding its proposed rule to implement certain requirements that would affect facilities and providers regulated by AHCA.

Proposed Rule 59A-35.112 would impose new technology-related obligations on Florida Medicaid providers, which include implementing a requirement that providers establish a continuity plan for maintaining critical operations and patient care services during any interruption of normal operations, requiring adherence to certain IT infrastructure rules, and would establish a procedure for Medicaid providers to make mandatory reports to AHCA in the event of any information breaches. The proposed rule also outlines the necessary components of the continuity plan.

If the proposed rule is adopted, AHCA licensed health care providers would be required to have a written continuity plan that must include procedures for regular IT maintenance actions such as the performance of routine secure, redundant on-site and off-site data backups, as well as verification that the data backed up can be restored. It would further require that off-site backups be stored within the continental United States rather than on a server or cloud-based server offshore.

The facility or provider’s continuity plan would have to meet certain other standards, including outlining of specific procedures for the restoration of operations following a data breach, and procedures for restoration of data affected by a breach.

Should the rule be implemented, it would require that in the event of a data breach, AHCA licensed facilities and providers must report the event to AHCA within 24 hours and provide a police report or computer forensics report, a copy of the continuity plan, the information disclosed in the breach, and steps taken by the provider to remedy the incident, among other things.

The attorneys of Nicholson & Eastin routinely advise health care providers in connection with health care regulatory and compliance matters, including AHCA regulations. If you have questions regarding this or any other health care regulatory matter, please do not hesitate to contact us.