“With the recent Anthem data breach, many employers are probably asking the question — what are their
responsibilities with respect to HIPAA-HITECH? The article by Riga, Verrall and Vanderzanden does a good job of summarizing those responsibilities. The bottom line is it will depend on whether the employer’s health plan was “fully insured” or “self-Insured”. Employers need to also review their state’s data breach laws for any additional notification responsibilities. No employer is really immune from HIPAA-HITECH and state law when it comes to data breach and protecting the sensitive information of their employees as well as customers. Having a sound information security program anchored by a solid risk management process is a good business practice which is much cheaper than dealing with fines, penalties, and litigation down the road.”
Source: Industry News
