ThomsonReuters

JUNE 15, 2023

60-day special enrollment periods may be triggered by changes in eligibility for Medicaid or state premium assistance under the Children’s Health Insurance Program (CHIP). appeared first on Tax & Accounting Blog Posts by Thomson Reuters. 4 (“Special Enrollment Periods Required Under HIPAA”). Contributing Editors: EBIA Staff.

98

98

Audit Board

JUNE 22, 2023

Security and privacy are typically regarded as key risks from an internal audit perspective. However, out of the disruption of the pandemic emerged a new understanding of the interwoven nature of privacy, security, and trust. For example, while there is no overarching data privacy law in the U.S.,

Technology 52

Technology Compliance 52

ThomsonReuters

JUNE 8, 2023

The post HHS Investigation of Business Associate Results in $350,000 Settlement appeared first on Tax & Accounting Blog Posts by Thomson Reuters. The business associate must also investigate failures to comply with policies and procedures and report any material failure to HHS. Contributing Editors: EBIA Staff.

Compliance 52

Compliance 52

Audit Board

MAY 18, 2022

Deep into the era of big data, information security that includes the proper handling of customer and client privacy is mission-critical. A privacy program covers how a business stores and processes the personal information of clients when offering their products and services. What Is a Privacy Program?

Compliance 52

Compliance Technology Marketability 52

ThomsonReuters

MARCH 3, 2022

The agencies note that an exception to the HIPAA rules allows a group health plan to adopt a wellness program that, within certain parameters, provides premium discounts or rebates, or modifies otherwise applicable cost-sharing mechanisms, based on a health factor. appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

105

105

ThomsonReuters

APRIL 14, 2022

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance for Calendar Year 2020; Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Year 2020. Compliance Report. Breach Notification Report. Highlights of the reports include the following: Compliance Report.

Compliance 52

Compliance 52

ThomsonReuters

DECEMBER 22, 2021

(For more details about EAPs, including the distinction between EAPs and wellness programs, see our Checkpoint Question of the Week.) appeared first on Tax & Accounting Blog Posts by Thomson Reuters. The category of ERISA-listed benefits most likely to be provided by an EAP is medical care or benefits.

Compliance 59

Compliance 59

ThomsonReuters

JUNE 10, 2021

In addition to modifying and expanding earlier guidance on employer vaccination programs, the updated guidance adds six Q&As addressing ADA and GINA considerations for employer-provided COVID-19 vaccination incentives for employees and their family members. Contributing Editors: EBIA Staff.

Compliance 98

Compliance 98

ThomsonReuters

FEBRUARY 4, 2021

HHS’s Office for Civil Rights (OCR) has issued a report describing its 2016–17 audit program, which reviewed covered entities’ and business associates’ compliance with certain HIPAA privacy, security, and breach notification rules (see our Checkpoint article ). HHS: 2016-2017 HIPAA Audits Industry Report (Dec. Available at [link].

Compliance 52

Compliance 52

ThomsonReuters

JANUARY 4, 2024

Take advantage of wellness benefits Along with increasing salaries, more accounting firms are introducing wellness programs to encourage employee retention. Wellness programs for accounting professionals are designed to help them better manage the types of stress they’re most likely to encounter on the job.

Start-ups 71

Start-ups Accounting Firms Compliance Technology 71

Audit Board

MARCH 7, 2023

As a result, recent data privacy laws require you to report on your subprocessors, so we need to consider security two, three, and even four levels down. As a former GRC program leader, vendor risk management was part of my daily work.

Compliance 52

Compliance 52

ThomsonReuters

DECEMBER 3, 2020

Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance for Calendar Year 2018; Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Year 2018. Compliance Report. Breach Notification Report. Highlights of the reports include the following: Compliance Report.

Compliance 52

Compliance 52

Audit Board

JUNE 30, 2023

Regulatory and Compliance Risk Focus Emerging regulatory guidance and considerations are a key driver behind the momentum for maturing TPRM programs. Personal Data Privacy The General Data Protection Regulation (GDPR), which went into effect in 2018, was a bellwether moment for privacy requirements.

Compliance 52

Compliance 52

Audit Board

JUNE 30, 2023

Regulatory and Compliance Risk Focus Emerging regulatory guidance and considerations are a key driver behind the momentum for maturing TPRM programs. Personal Data Privacy The General Data Protection Regulation (GDPR), which went into effect in 2018, was a bellwether moment for privacy requirements.

Compliance 52

Compliance 52

Audit Board

MAY 18, 2023

There has been a wave of data privacy legislation passed over the last decade, with various laws being passed in the European Union and across the states in the United States. Privacy Shield Framework (Privacy Shield Framework), simplifying the EU-U.S. Should You Certify Under the Trans-Atlantic Data Privacy Framework (DPF)?

Compliance 52

Compliance Start-ups Technology 52

ThomsonReuters

JANUARY 20, 2022

The DOL has discretion to impose lower penalties in some instances—such as pursuant to programs designed to encourage Form 5500 filing—so not all violations will result in the maximum permitted penalty. The post DOL Issues 2022 Adjusted Penalty Amounts appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

Compliance 98

Compliance 98

ThomsonReuters

OCTOBER 7, 2021

The DOL, IRS, and HHS have issued five new COVID-19-related FAQs—two addressing group health plan coverage requirements for qualifying coronavirus preventive services and three addressing vaccine incentives under group health plans and wellness programs. Plan Eligibility (Q/A-4). 6 (“Determining Affordability of Employer-Sponsored Plans”).

52

52

ThomsonReuters

APRIL 22, 2021

EBSA: Cybersecurity Program Best Practices; Tips for Hiring a Service Provider With Strong Cybersecurity Practices; Online Security Tips; News Release (Apr. Key practices include having a formal and well-documented cybersecurity program that is informed by annual risk assessments and third-party audits of security controls.

Compliance 92

Compliance 92

Audit Board

MAY 15, 2023

There has been a wave of data privacy legislation passed over the last decade, with various laws being passed in the European Union and across the states in the United States. Privacy Shield Framework (Privacy Shield Framework), simplifying the EU-U.S. Should You Certify Under the Trans-Atlantic Data Privacy Framework (DPF)?

Compliance 52

Compliance Start-ups Technology 52

ThomsonReuters

JUNE 30, 2022

CMS: 2021 Compliance Review Program Findings (May 2022); EFT and ERA: Payment Remittance Reassociation Basics (June 2022). The CMS National Standards Group (NSG) has issued a report summarizing updated findings from its administrative simplification compliance review program. Fact Sheet. Contributing Editors: EBIA Staff.

Compliance 52

Compliance 52

ThomsonReuters

NOVEMBER 23, 2022

EBIA Comment: The newsletter notes that hacking is now the greatest threat to the privacy and security of PHI. For more information, see EBIA’s HIPAA Portability, Privacy & Security manual at Sections XXIX.E (“Developing Your Security Program”) and XXX.B.6 6 (“Standard: Security Incident Procedures”).

Compliance 52

Compliance 52

ThomsonReuters

JULY 28, 2022

As background, NSG administers HHS’s compliance review program to ensure that covered entities adhere to the HIPAA administrative simplification rules for electronic health care transactions. The post HIPAA FAQs Elaborate on EFT/ERA Transaction Standards appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

Treasury 52

Treasury Compliance 52

ThomsonReuters

MARCH 10, 2022

ANSWER: Whether a program offering COVID-19 testing, vaccinations, or both is subject to ERISA depends on how it is structured and how it operates. In that instance, the program must be evaluated for ERISA status on its own. appeared first on Tax & Accounting Blog Posts by Thomson Reuters. Contributing Editors: EBIA Staff.

Compliance 59

Compliance 59

Reynolds Holding

DECEMBER 18, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. This blog post explores some of the borrowed GDPR concepts and suggests resources companies might use as they develop their compliance programs.

Banking 45

Banking Compliance Start-ups Technology 45

ThomsonReuters

OCTOBER 21, 2021

Employers implementing incentives should continue to monitor agency guidance, including the recent tri-agency FAQs on the application of HIPAA wellness program rules to vaccine incentives (see our Checkpoint article ). Contributing Editors: EBIA Staff.

Compliance 52

Compliance 52

Audit Board

MAY 10, 2023

This article originally appeared on the ISACA Blog. New regulations include the Cyber Security Initiative, the SEC releasing ESG and reporting on cybersecurity, and evolving state regulations around data privacy. To combat this, legacy compliance teams must reframe their processes.

Compliance 52

Compliance Start-ups Technology 52

ThomsonReuters

NOVEMBER 17, 2022

Proposed Rule, Administrative Simplification: Modifications of Health Insurance Portability and Accountability Act of 1996 (HIPAA) National Council for Prescription Drug Programs (NCPDP) Retail Pharmacy Standards; and Adoption of Pharmacy Subrogation Standard, 45 CFR Part 162, 87 Fed. 67634 (Nov. Contributing Editors: EBIA Staff.

52

52

ThomsonReuters

APRIL 17, 2024

Training programs can educate tax professionals on the capabilities and limitations of GenAI, enabling them to leverage it effectively while ensuring accuracy. The post New report shows opportunities and risks for tax professionals with GenAI appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

Technology 98

Technology Data Analysis Compliance 98

ThomsonReuters

JANUARY 19, 2023

The DOL has discretion to impose lower penalties in some instances—such as under programs designed to encourage Form 5500 filing—so not all violations will result in the maximum permitted penalty. The post DOL Issues 2023 Adjusted Penalty Amounts appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

Compliance 59

Compliance 59

ThomsonReuters

JANUARY 14, 2021

The EEOC has announced proposed regulations that would significantly change the wellness program incentives permitted under the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA). Health-Contingent Programs. Here are highlights: ADA. Key provisions include—. Voluntariness.

80

80

Audit Board

SEPTEMBER 29, 2023

In this article, we will explore the implications of these trends and regulatory signals in the insurance industry — and discuss practical steps insurance companies with a growth-oriented mindset can take to fortify their IT risk and compliance programs. To get the PDF version, download here.

Compliance 52

Compliance Technology Finance Marketability 52

ThomsonReuters

NOVEMBER 4, 2021

For more information, see EBIA’s HIPAA Portability, Privacy & Security manual at Section XXIX.E (“Developing Your Security Program”). You may also be interested in our webinar “ Learning the Ropes: An Introduction to HIPAA Privacy & Security ” (recorded on 7/7/2021). Contributing Editors: EBIA Staff.

Technology 52

Technology 52

ThomsonReuters

MARCH 19, 2024

As open-source generative AI platforms (like ChatGPT) gain momentum, there are concerns around accuracy, security, and privacy — especially when it comes to handling clients’ sensitive tax information. Accounting firms must communicate the steps taken to ensure the security and privacy of client data. But what exactly are the risks?

Accounting Firms 52

Accounting Firms Compliance Technology 52

ThomsonReuters

JANUARY 21, 2021

The DOL has discretion to impose lower penalties in some instances—such as pursuant to programs designed to encourage Form 5500 filing—so not all violations will result in the maximum permitted penalty. The post DOL Issues 2021 Adjusted Penalty Amounts appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

Compliance 93

Compliance 93

ThomsonReuters

APRIL 15, 2021

See also EBIA’s HIPAA Portability, Privacy & Security manual at Section XXIX.E (“Developing Your Security Program”). The post Fiduciaries Did Not Breach Duties by Hiring TPA That Allowed Identity Thief to Withdraw 401(k) Funds appeared first on Tax & Accounting Blog Posts by Thomson Reuters.

Banking 52

Banking 52

ThomsonReuters

OCTOBER 29, 2020

The system’s quality assurance program should include elements such as secure primary and off-site storage, regular evaluations of the system, periodic checks of electronic records, and reliable backups in case the primary records are unavailable. Also, privacy and confidentiality concerns may require particular destruction methods.

Compliance 58

Compliance 58

Audit Board

SEPTEMBER 6, 2023

When reporting on your InfoSec compliance program to the Board, the main goal is to ensure board members are aware of high-risk cybersecurity items and InfoSec has the appropriate budget to address them. Emerging regulatory pressures from the federal government or privacy regulators. Cost of continued reporting.

Compliance 52

Compliance Technology Marketability 52