The SEC’s March 2022 proposed rules related to cybersecurity risk management, corporate governance, and incident disclosure by public companies may be finalized soon. Many health care organizations, especially nonprofits and private equity-backed health IT companies, may think these rules apply only to public companies and not to them. Bob Chaput, Founder and Executive Chairman, Clearwater, and Rachel V. Rose, Principal, Rachel V. Rose—Attorney at Law PLLC, discuss the new requirements and outline why all organizations in the health care ecosystem should pay attention to and meet the spirit and intent of these disclosure requirements. Bob and Rachel recently authored an article on this issue for AHLA’s Health Law Weekly. Sponsored by Clearwater.