Cybersecurity Compliance and Health Plans

Posted by BAS - 19 September, 2024

header-picture

The Employee Benefits Security Administration (EBSA) issued an update regarding its 2021 cybersecurity guidance, extending its application to all employee benefit plans, including health and welfare plans. Initially, the guidance was developed to assist plan sponsors, fiduciaries, service providers, and participants in safeguarding sensitive data and assets related to employee benefit plans. However, since its release, there has been confusion, particularly among health and welfare plan service providers, about whether this guidance applied beyond retirement plans.

In response to this, the Department of Labor’s ERISA Advisory Council recommended in 2022 that EBSA clarify the scope of the guidance. With this recent update, EBSA has now confirmed that the cybersecurity guidance is relevant to all types of employee benefit plans governed by ERISA, not just retirement plans. This clarification aims to reinforce the importance of comprehensive cybersecurity practices across all employee benefit plans, including health and welfare plans, ensuring the protection of participants' personal information and plan assets.

The updated guidance provides specific resources to help plan sponsors and fiduciaries enhance cybersecurity measures. These include "Tips for Hiring a Service Provider," which advises on selecting providers with robust cybersecurity protocols, and "Cybersecurity Program Best Practices," which outlines the fiduciary responsibilities to manage cyber risks. Additionally, "Online Security Tips" offers essential advice to participants on reducing the risk of fraud when accessing their accounts online.

To further support health plans and service providers, the Department of Health and Human Services offers additional resources like Health Industry Cybersecurity Practices and specific technical guides for organizations of various sizes. These materials aim to equip healthcare organizations with tailored cybersecurity practices to address emerging threats and protect patient data.

This update reinforces the government’s outreach to ensure cybersecurity remains a priority across all employee benefit plans.


Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.

MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).

Topics: MyEnroll360 Security, MyEnroll360 News, Technology News, Cybersecurity


Recent Posts

Question of the Week - FSA Participation Restrictions

read more

Security Insights from National Tax Security Awareness Week

read more

MyEnroll360's Document Reference Library

read more