Wyatt Employment Law Report

Leave a comment

Sweeping New Data Breach Notification Regulations Effective September 23

By Erin Brisbay McMahon

If your company is an employer with a self-insured health plan, sweeping new data breach notification regulations issued on August 24, 2009 will impact your company, as well as companies that need to use the health information of your employees to render services to the plan (e.g., third-party administrators).  The regulations, issued by the Department of Health and Human Services (HHS), go into effect September 23, 2009.

While employers aren’t subject to the data breach notification regulations, the self-insured health plans they sponsor are.  Because most employer-sponsored health plans don’t have employees, compliance responsibilities fall to the employer.

Continue reading