HIPAA compliance requirements continue to evolve, and recent court decisions have understandably drawn significant attention.
Last summer, we examined these developments in our Workplace Privacy Report article, analyzing how a Texas federal district court decision affected the HIPAA Reproductive Health Privacy Rule and why a subsequent Supreme Court decision may change that outcome. The
It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant communications, AI introduces both new opportunities and new responsibilities for those overseeing Employee Retirement Income Security Act of 1974 (ERISA)-covered retirement and health plans
A Texas federal court just shook the foundation of HIPAA’s reproductive health privacy protections — but the Supreme Court may have the final word. In a sweeping decision, Judge Matthew Kacsmaryk vacated key provisions of the 2024 Reproductive Health Rule, stripping away national safeguards on disclosing reproductive health information. Yet, a recent SCOTUS ruling in
On June 2, 2025, the U.S. Department of Labor (DOL) announced a significant expansion of its compliance assistance tools by launching an Opinion Letter Program across five key enforcement agencies, including the Employee Benefits Security Administration (EBSA). This initiative aims to provide employers, plan sponsors, and other stakeholders with clear, tailored guidance on complex issues
A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.
Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release
In 2021, the Department of Labor (DOL) issued cybersecurity guidance for ERISA-covered retirement plans. The guidance expands the duties retirement plan fiduciaries have when selecting service providers. Specifically, the DOL makes clear that when selecting retirement plan service providers, plan fiduciaries must prudently assess the cybersecurity of those providers.
On May 15, 2024, the
On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the
In an effort to close the gap in retirement savings across the state, Governor Phil Murphy signed the New Jersey Secure Choice Savings Program Act (Act) in March of 2019. The Act created the Secure Choice Savings Program (Program), designed to provide a path for more private sector employees save for retirement. In short, the
It started sometime last year and, in hindsight, was inevitable. Clients with 401(k) plans and a crypto-savvy employee population began asking whether they could offer cryptocurrency as a plan investment option. In the 401(k) world, where even a self-directed brokerage window with built-in investment limitations can be too risky, the answer seemed obvious – watch
According to a recent survey, about 45% of companies do not have a Chief Information Security Officer (CISO). As West Monroe’s “The Importance of a CISO” observes, it would be terrific for all organizations to have a CISO, but that simply may not be practical for some, particularly smaller organizations. Recent internal