Share

Northwest OH Legal Blog

Friday, April 28, 2017

An Ounce of Prevention is Worth the Avoidance of a Data Breach Health and Welfare Plan Fiduciaries Must Prepare for Battle

The data that health and welfare plans may store or exchange with service providers electronically often includes participants’ names, addresses, dates of birth and pertinent health information or even social security numbers.  Technology experts claim that health plan breaches are much more valuable to hackers than credit card breaches because health records and plan eligibility data have a longer “shelf life” than credit card data, which can be changed or eliminated when the credit card company is notified to shut the card down.  Health care plan information therefore has a higher “resale” value than other data obtained after a technology breach. 

Rather than wait to be a victimized health plan, plan sponsors and fiduciaries must take precautionary measures to prevent data breaches within their own organizations and between their plan and the service providers that support their plan’s operations.  By implementing several simple processes and educating employees and participants regarding these processes, plan trustees can block the efforts of not only hackers but can also prevent the unauthorized release of private health information and pertinent identity-revealing data of plan participants and their dependents. 

The following measures should be seriously considered  as preliminary actions by plan trustees, plan sponsors and administrators to guard against  in-house data breaches and ill-intentioned hackers:

  1. Form an Incident Response Team and appoint vigilant employees at leadership positions so they will be attentive to  specific procedures to prevent and handle data breaches within the organization and from outside vendors without appropriate security procedures or even data thieves. 
  2. Review Business Associate Agreements between the plan and every vendor carefully to be sure service providers protect, store and if necessary destroy plan information safely and in compliance with the Health Insurance Portability and Accountability Act (HIPAA). 
  3. Ask vendors for proof of Cyber Liability Insurance and ensure that service providers with large numbers of clients are adequately insured for risk of larger losses. 
  4. Ask your vendors if they do background checks on their employees and be sure that similar checks are done on employees hired at a Plan’s administrative offices. 
  5. Ask service providers and plan vendors how they provide secure communications to their clients and other service providers?  Do they encrypt information between themselves and their subcontractors and how do they send information to participants and dependents electronically?
  6. For service providers who use encryption, ask if they use at least 250-bit encryption since cyber-theft experts indicate that 250-bit encryption is the minimum threshold to block data theft. 

While these steps are only a start to a full program of data breach prevention and blocking hackers, such vigilance can not only protect plan data, individuals’ identify information and private health files, it will also provide additional proof that a health plan’s trustees are taking their fiduciary duties and due diligence activities seriously. 


Archived Posts

2017
September
August
July
June
May
April
March
February
January
2016
December
November
October
September
August
July
June
May
March
February
January
2015
November
October
September
August
July
June
May
April
March
2014
October
September
July
June
May
April
March
February
January
2013


With offices in Toledo and Lima, OH Allotta Farley Co., L.P.A. serves clients throughout northwest OH with various legal matters. Areas of service include Allen County, Ashland County, Auglaize County, Crawford County, Defiance County, Erie County, Fulton County, Hancock County, Hardin County, Henry County, Huron County, Lucas County, Marion County, Mercer County, Morrow County, Ottawa County, Paulding County, Putnam County, Richland County, Sandusky County, Seneca County, Van Wert County, Williams County, Wood County, Wyandot County.

Disclaimer
Hiring an attorney is an important decision which should not be based solely on advertising. The information you obtain at this site is not, nor is it intended to be, legal advice. You should consult an attorney for advice regarding your individual situation. We invite you to contact us and welcome your calls, letters and electronic mail. Contacting us does not create an attorney-client relationship. Please do not send any confidential information to us until such time as an attorney-client relationship has been established.



© 2017 Allotta Farley Co., L.P.A. | Disclaimer
2222 Centennial Road, Toledo, OH 43617
| Phone: 419.535.0075
121 West High Street, 10th Floor, Lima, OH 45801
| Phone: 419.224.0075

Labor Union Representation | Taft–Hartley/Multiemployer Benefit Plans | Workers' Compensation | Unemployment/Appeals | ERISA Disability | | Attorneys

Law Firm Website Design by
Zola Creative