Employers
HHS Signals Continued Focus on Health Plan Privacy and Cybersecurity
Privacy and security are enforcement priorities for government regulators following HHS's restructuring of its Office for Civil Rights.
HR Compliance
Updating Compliance: The FTC Enhances Health Breach Notification Rules for Non-HIPAA Entities
The HIPAA Breach Notification Rule requirements have been updated and now require certain entities to notify individuals, the FTC, and sometimes the media about breaches of
The Federal Trade Commission (FTC) recently updated its Health Breach Notification Rule, which mandates certain non-HIPAA covered entities to notify individuals, the FTC, and sometimes the media, about breaches involving unsecured personally identifiable health data. This update is particularly relevant to vendors of personal health records (PHRs) and their associated entities, broadening the scope to include developers of various health-related applications.
Key revisions include clarifying what constitutes a breach of security, specifying the types of data breaches that are included, and modernizing how notifications must be sent. These changes also extend to refining the definition of related entities and expanding the content that must be included in breach notifications. Moreover, the timing requirements for notifying the FTC have been adjusted, and overall readability and legal clarity of the rule have been enhanced.
This modernization reflects the increased usage of personal health apps and devices, such as fitness trackers and health monitoring apps, especially accelerated by the consumer shift towards digital health technologies during the COVID-19 pandemic. The FTC’s adjustments aim to address potential privacy concerns arising from these technologies and ensure that all entities handling sensitive health information are held to consistent standards.
For HR professionals, this underscores the importance of reviewing how employee health data, possibly collected through wellness programs or employee health apps, is managed. Ensuring that any breaches of this data are reported correctly according to the revised rules is critical, not only for compliance but for maintaining trust and avoiding penalties.
Benefit Allocation Systems (BAS) provides online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 integrates with major insurance carriers for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and others), and with leading payroll platforms for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
Topics
HR Compliance
Hiring Young Workers This Summer
Hiring workers under age 18 requires additional compliance responsibilities under the Fair Labor Standards Act's child labor provisions.
HR Compliance
What Federal Eligibility Verification Rules Can Teach Private Employers
A new OPM rule on federal health plan eligibility verification offers practical lessons for private employers managing dependent audits and qualifying life event documentation.