Many employers historically were only concerned with privacy and security for health plans under the Health Insurance Portability and Accountability Act (HIPAA)1 and state laws; however, there are other references to protecting participant information in the Employee Retirement Income Security Act (ERISA) that should not be overlooked. Data security experts consistently state that it is not ‘‘if’’ a breach will occur, but ‘‘when.’’ Employers send employee data to vendors for many purposes—payroll, leave management, disability management and retirement plan administration and record keeping.
Originally published in Bloomberg BNA's Tax Management Compensation Planning Journal - April, 2017.
Please see full publication below for more information.