In Compliance Assistance Release No. 2024-01, the U.S. Department of Employee Benefits Security Administration (EBSA) affirmed that all ERISA covered health and welfare plans are subject to the cybersecurity guidance which was published in 2021.
Regarding cybersecurity best practices on April 2021, EBSA issued a cybersecurity guidance for benefit plan fiduciaries and service providers. ERISA requires plan fiduciaries to take necessary safety measures to reduce cybersecurity risk, EBSA’s three types of guidance are directed at benefit plan sponsors, fiduciaries, record keepers, and participants.
With the new guidelines EBSA clarifies that cybersecurity guidance applies to ERISA covered health and welfare plans. EBSA clarifies that ERISA plan sponsors and fiduciaries, as well as plan service providers should prioritize cybersecurity with regards to plan assets and PII.
This is beyond the requirements of HIPAA (applies only to group health plans), this applies to all service providers whether they are business affiliates or not. Employers who sponsor ERISA covered health and welfare plans, must review the EBSA guidance, confirm current safeguards, and implement additional safeguards to secure data and hold service providers to high standards.
Have Questions? and want to read more about the changes? Cybersecurity Guidance Applies To Health And Welfare Benefits for more details.
We are dedicated to providing exceptional service, so please do not hesitate to contact our dedicated Total Benefit Solutions health insurance specialists at (215)-355-2121 or fill out the contact form below. We are available to answer any questions or address any concerns you may have.