Experience. Results.

ERISA cybersecurity guidelines

On Behalf of | May 10, 2021 | ERISA

ERISA protects New Jersey employees who hold health plans through a private employer. This is known formally as the Employee Retirement Income Security Act and it helps to set minimum standards for employers who establish these private health plans. Recently, the ERISA Advisory Council has released new guidelines regarding cybersecurity for private retirement plans.

A look at some of the guidelines

The ERISA Advisory Council recommends that all plan advisors maintain well-documented cybersecurity programs and conduct annual risk assessments. They are also advised to have an independent third-party evaluate their security controls. There was strong advisory noted for access control procedures and preparing a resiliency program to address disaster recovery if it was to occur.

Tips for employers selecting ERISA plans

When it comes to employers, they have various responsibilities to ensure that they fulfill their fiduciary duties to their plan participants. When selecting an ERISA plan service provider, they should be asking diligent questions regarding the security standards that the service provider uses. They should understand the practices for keeping ERISA disability claims private.

It’s advisable to ask about previous security breaches that an ERISA plan provider may have experienced and how they remedied the problem. In this day and age, most plan providers should have cyber insurance to help mitigate the costs of experiencing a security breach. It’s a plan administrator’s responsibility to ensure that any plan provider they select takes the time to consistently update their cybersecurity policies and procedures.

Cybersecurity is a growing issue for many different types of industries. When it comes to protecting employees’ private health data, it’s more important than ever to plan administrators to understand how their ERISA policy providers are updating their security protocols to meet new standards.