As reported here [http://www.proskauertaxtalks.com/2015/09/irs-provides-some-relief-after-data-hacks/], after last year’s customer data security breaches at major U.S. corporations, the IRS announced special tax relief for identity protection services provided to individuals affected by a security breach. In response to comments solicited in connection with that announcement, the Treasury Department and IRS have in Announcement 2016-02 [https://www.irs.gov/pub/irs-drop/a-16-02.pdf] extended that relief to no-cost identity protection services provided before a data breach.
Tzvia Feiertag is a senior associate in the Labor & Employment Law Department. She practices exclusively in the areas of ERISA and employee benefits-related tax law.
Tzvia advises a diverse group of clients, including Fortune 500 companies, financial service companies, media and publishing companies, private companies and not-for-profit organizations on all aspects of pension and welfare benefit plans. She counsels clients on the design, implementation and operation of 401(k), defined contribution, defined benefit, and self-insured and fully-insured medical, life and disability plans, as well as cafeteria plans, health savings account plans, flexible spending account programs and severance plans.
As physicians, nurses, therapists and health care providers continue to utilize new smart phones, tablets, and laptops in caring for patients, the Department of Health and Human Services (“HHS”) has responded with educational videos, worksheets and guidance to help health care providers create a “culture of compliance and awareness” and to protect patients’ Protected Health Information (“PHI”). While the material is focused on health care professionals, the information is also applicable to group health plan professionals and their business associates who use mobile devices to store and transmit PHI in connection with administration of group health plans.
On November 26, 2012, the Department of Health and Human Services Office for Civil Rights (“OCR”) published a thirty-two page document titled “Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” (“De-Identification Guidance”). OCR described the guidance document as a culmination of two years of work by “stakeholders with practical, technical and policy experience in de-identification.” OCR also acknowledged that the guidance implements many of the issues and topics that were raised during an OCR workshop held in Washington, DC on March 8-9, 2010.