Skip to content

Find resources to help with recovery if you’ve been impacted by Hurricanes Milton and Helene. Learn More

Baldwin Bulletin

October Is Cybersecurity Awareness Month: Ensure Your Cybersecurity Preparedness Plan is in Place

The Baldwin Group
|
Updated: October 15, 2024
|
2 minute read

October is Cybersecurity Awareness Month. It is a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk, and to generate discussion on cyber threats on a national and global scale. 

Employer Action Items

  • Employers and plan sponsors should hire a consultant to assist in prudently selecting a service provider with strong cybersecurity practices, and subsequently monitoring the activities of any engaged provider.
  • Employers should develop a cybersecurity program, along with essential best practices for privacy and security inside and outside their walls.
  • Employers should also develop written privacy and security assuredness policies and procedures, governing the administration of confidential and protected health information, and to mitigate related, interconnected, and arising security risks.
  • Employers should contemplate and explore cybersecurity insurance offerings, ideally underwriting such coverage prior to the occurrence of a cybersecurity event affecting the organization’s operations or data. 

Summary

Employees are often targeted by cyberattacks. While it is important and beneficial for employers to foster a strong cybersecurity culture, the HIPAA Security Rule actually requires it!

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires the performance of certain security preparedness operations by covered entities (“CE’s”). Performance of these preemptive preparedness operations is mandated by US Department of Health and Human Services (“HHS”) and The U.S. Department of Labor (“DOL”) regulations. A HIPAA covered entity’s failure to assure and provide evidence of the performance of these essential requirements is enforced by the cumulative efforts of the DOL and the Office for Civil Rights (“OCR”), the investigative and enforcement division of HHS charged with enforcement of HIPAA Privacy and Security, as well as enforcement of Title VII of the Civil Rights Act. The Security Rule requires that HIPAA Covered Entities:

  • Ensure the confidentiality, integrity and availability of electronic personal information (e-PHI); 
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by their workforce.

In September of 2024, the DOL updated current cyber security guidance previously released in 2021. This guidance applies to all types of plans governed by the Employee Retirement Income Security Act (“ERISA”), including health and welfare plans.

The release updates the 2021 guidance of the Employee Benefits Security Administration (“EBSA”) and includes the following:

  • Tips for Hiring a Service Provider: helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices to monitor their activities, as ERISA requires.

Below we have provided an additional resource to assist CEs in creating and improving security preparedness operations and ensuring they are following the Security Rule.

Additional Resources

To obtain additional support for performance of these and other HIPAA requirements, as mandated by the Security and Privacy Rules, please reach out to your local service colleague or your client advisor. The Baldwin Group maintains an extensive suite of support solutions such as HIPAA Complete and advisory guidance capabilities respecting a covered entity’s performance of the HIPAA administrative simplification mandates. The BRCC also offers a carefully curated range of consultative and advisory support solutions related to the administration of US-based employee benefit plans, program, and other offerings.


Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Compliance Alert
IRS Expands List of Preventive Care Benefits for High Deductible Health Plans (“HDHP”)
Overview On Oct. 17, 2024, the IRS issued Notice 2024-75 (“Notice”) to expand the list of preventive care benefits permitted...
Baldwin Bulletin
Upcoming Compliance Deadlines - October
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans.  Please note the following...
Baldwin Bulletin
The California Corner: California State Disability Insurance Changes for 2025
California State Disability Insurance (“CA SDI”) is a program that provides short-term income replacement benefits to eligible workers who are...
Baldwin Bulletin
The California Corner: SB 729 –Coverage for Infertility and Fertility Medical Services
On September 29, 2024, California’s Governor Gavin Newsom signed SB 729 into law, modifying requirements related to coverage of infertility...
Baldwin Bulletin
Understanding Imputed Income for Purposes of Federal Taxation of Benefits
Imputed income is the value of any non-cash benefit or income an employee receives that is not part of their...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us