Many employers historically were only concerned with privacy and security for health plans under the privacy regulations issued under the Health Insurance Portability and Accountability Act of 1996 (‘‘HIPAA’’) and State laws; however, there are other references to protecting participant information in ERISA and employee information that should not be overlooked. Data security experts consistently state that it is not ‘‘if’’ a breach will occur, but ‘‘when.’’ Employers send employee data to vendors for many purposes—payroll, leave management, disability management and retirement plan administration and record keeping. READ MORE

By Greta Cowart, Marcus Brown, Theanna Sedlock

Reproduced with permission from Bloomberg - Privacy & Security Law Report, March 2017