Skip to content

Find resources to help with recovery if you’ve been impacted by Hurricanes Milton and Helene. Learn More

Baldwin Bulletin

October Is Cybersecurity Awareness Month: Ensure Your Cybersecurity Preparedness Plan is in Place

The Baldwin Group
|
Updated: October 15, 2024
|
2 minute read

October is Cybersecurity Awareness Month. It is a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk, and to generate discussion on cyber threats on a national and global scale. 

Employer Action Items

  • Employers and plan sponsors should hire a consultant to assist in prudently selecting a service provider with strong cybersecurity practices, and subsequently monitoring the activities of any engaged provider.
  • Employers should develop a cybersecurity program, along with essential best practices for privacy and security inside and outside their walls.
  • Employers should also develop written privacy and security assuredness policies and procedures, governing the administration of confidential and protected health information, and to mitigate related, interconnected, and arising security risks.
  • Employers should contemplate and explore cybersecurity insurance offerings, ideally underwriting such coverage prior to the occurrence of a cybersecurity event affecting the organization’s operations or data. 

Summary

Employees are often targeted by cyberattacks. While it is important and beneficial for employers to foster a strong cybersecurity culture, the HIPAA Security Rule actually requires it!

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires the performance of certain security preparedness operations by covered entities (“CE’s”). Performance of these preemptive preparedness operations is mandated by US Department of Health and Human Services (“HHS”) and The U.S. Department of Labor (“DOL”) regulations. A HIPAA covered entity’s failure to assure and provide evidence of the performance of these essential requirements is enforced by the cumulative efforts of the DOL and the Office for Civil Rights (“OCR”), the investigative and enforcement division of HHS charged with enforcement of HIPAA Privacy and Security, as well as enforcement of Title VII of the Civil Rights Act. The Security Rule requires that HIPAA Covered Entities:

  • Ensure the confidentiality, integrity and availability of electronic personal information (e-PHI); 
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by their workforce.

In September of 2024, the DOL updated current cyber security guidance previously released in 2021. This guidance applies to all types of plans governed by the Employee Retirement Income Security Act (“ERISA”), including health and welfare plans.

The release updates the 2021 guidance of the Employee Benefits Security Administration (“EBSA”) and includes the following:

  • Tips for Hiring a Service Provider: helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices to monitor their activities, as ERISA requires.

Below we have provided an additional resource to assist CEs in creating and improving security preparedness operations and ensuring they are following the Security Rule.

Additional Resources

To obtain additional support for performance of these and other HIPAA requirements, as mandated by the Security and Privacy Rules, please reach out to your local service colleague or your client advisor. The Baldwin Group maintains an extensive suite of support solutions such as HIPAA Complete and advisory guidance capabilities respecting a covered entity’s performance of the HIPAA administrative simplification mandates. The BRCC also offers a carefully curated range of consultative and advisory support solutions related to the administration of US-based employee benefit plans, program, and other offerings.


Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Compliance Alert
BRCC COMPLIANCE ALERT - December 17, 2024
2025 BRCC Educational Webcast and HIPAA Complete Training Calendars Overview The Baldwin Regulatory Compliance Collective (“BRCC”) is excited to announce...
Baldwin Bulletin
Upcoming Compliance Deadlines - December
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans.  Please note the following...
Baldwin Bulletin
2024-2025 Affordable Care Act (“ACA”) Reporting Office Hours with BRCC Compliance Experts
The BRCC announces a new series of open office hours with our ACA compliance experts, designed specifically for the 2024-2025...
Baldwin Bulletin
Summary Annual Report (“SAR”) due December 15th for Calendar Year Plans with Form 5558 Extensions
Employers who are required to submit a Form 5500 for their employee benefit plans also have an obligation to distribute...
Baldwin Bulletin
Internal Revenue Service (“IRS”) Releases Draft Publication 15-B (Fringe Benefits)
The IRS issued an early release draft of their annual Publication 15-B. The draft contains tax forms, instructions, and other...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us