Employers
HHS Signals Continued Focus on Health Plan Privacy and Cybersecurity
Privacy and security are enforcement priorities for government regulators following HHS's restructuring of its Office for Civil Rights.
HR Compliance
Cybersecurity Compliance and Health Plans
The government released confirmation that its cybersecurity guidance applies to health plans.
The Employee Benefits Security Administration (EBSA) issued an update regarding its 2021 cybersecurity guidance, extending its application to all employee benefit plans, including health and welfare plans. Initially, the guidance was developed to assist plan sponsors, fiduciaries, service providers, and participants in safeguarding sensitive data and assets related to employee benefit plans. However, since its release, there has been confusion, particularly among health and welfare plan service providers, about whether this guidance applied beyond retirement plans.
In response to this, the Department of Labor’s ERISA Advisory Council recommended in 2022 that EBSA clarify the scope of the guidance. With this recent update, EBSA has now confirmed that the cybersecurity guidance is relevant to all types of employee benefit plans governed by ERISA, not just retirement plans. This clarification aims to reinforce the importance of comprehensive cybersecurity practices across all employee benefit plans, including health and welfare plans, ensuring the protection of participants’ personal information and plan assets.
The updated guidance provides specific resources to help plan sponsors and fiduciaries enhance cybersecurity measures. These include “Tips for Hiring a Service Provider,” which advises on selecting providers with robust cybersecurity protocols, and “Cybersecurity Program Best Practices,” which outlines the fiduciary responsibilities to manage cyber risks. Additionally, “Online Security Tips” offers essential advice to participants on reducing the risk of fraud when accessing their accounts online.
To further support health plans and service providers, the Department of Health and Human Services offers additional resources like Health Industry Cybersecurity Practices and specific technical guides for organizations of various sizes. These materials aim to equip healthcare organizations with tailored cybersecurity practices to address emerging threats and protect patient data.
This update reinforces the government’s outreach to ensure cybersecurity remains a priority across all employee benefit plans.
Benefit Allocation Systems (BAS) provides online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 integrates with major insurance carriers for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and others), and with leading payroll platforms for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
Topics
HR Compliance
Hiring Young Workers This Summer
Hiring workers under age 18 requires additional compliance responsibilities under the Fair Labor Standards Act's child labor provisions.
HR Compliance
What Federal Eligibility Verification Rules Can Teach Private Employers
A new OPM rule on federal health plan eligibility verification offers practical lessons for private employers managing dependent audits and qualifying life event documentation.