Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the extent of their responsibility to notify state agencies of security breaches when a vendor or other third party with access to participant information suffers a breach. This On the Subject provides answers to several frequently asked questions to help employers with group health plans navigate the challenging regulatory maze.
Employers with Group Health Plans: Have You Notified State Regulators of the Breach?
By Anthony A. Bongiorno and Amy C. Pimentel on February 23, 2015