Many employers historically were only concerned with privacy and security for health plans under the privacy regulations issued under the Health Insurance Portability and Accountability Act of 1996 (‘‘HIPAA’’) and State laws; however, there are other references to protecting participant information in ERISA and employee information that should not be overlooked. Data security experts consistently state that it is not ‘‘if’’ a breach will occur, but ‘‘when.’’ Employers send employee data to vendors for many purposes—payroll, leave management, disability management and retirement plan administration and record keeping.
Originally published in Bloomberg Law's Pension & Benefits
DailyTM - February 16, 2017.
Please see full publication below for more information.