Many employers historically were only concerned with privacy and security for health plans under the Health Insurance Portability and Accountability Act (HIPAA)1 and state laws; however, there are other references to protecting participant information in the Employee Retirement Income Security Act (ERISA) that should not be overlooked. Data security experts consistently state that it is not ‘‘if’’ a breach will occur, but ‘‘when.’’ Employers send employee data to vendors for many purposes—payroll, leave management, disability management and retirement plan administration and record keeping. READ MORE

By Greta Cowart, Marcus Brown, Theanna Sedlock

Reproduced with permission from Tax Management Compensation Planning Journal, April 2017