[firm] blog logo

Revised Data Security Standards for Payment Cards

The Payment Card Industry Security Standards Council recently released revised data security standards for payment cards, which include debit cards issued by vendors in conjunction with flexible spending accounts, health reimbursement arrangements, and health savings accounts. These revised standards update the Payment Card Industry Data Security Standard (?Ç£PCI DSS?Ç¥) to version 3.2 and contain a variety of enhancements to protect against security threats, including revised system penetration testing requirements, enhanced policies and procedures for detecting failures, and stricter authentication protocols. The PCI DSS responsibilities fall on the card issuers, vendor service providers, merchants, etc., not on an employer which merely sponsors or facilitates a spending account benefit that utilizes debit cards. PCI DSS version 3.2 will be viewed as a ?Ç£best practice?Ç¥ until January 31, 2018. Beginning February 1, 2018, version 3.2?ÇÖs standards become mandatory for the industry. Employers sponsoring or facilitating spending account benefits utilizing debit cards should update… Continue Reading

EEOC Issues Final Regulations on Wellness Programs

On May 16, 2016, the EEOC issued two sets of final regulations regarding the compliance of employer-sponsored wellness programs with the Americans with Disabilities Act (the ?Ç£ADA?Ç¥) and the Genetic Information Nondiscrimination Act of 2008 (?Ç£GINA?Ç¥). The final regulations were generally consistent with the ADA and GINA wellness program proposed rules issued by the EEOC during 2015, which set forth limits on the inducements employers may offer to employees for participation in wellness programs that solicit health information from participants. Consistent with the proposed regulations, the final regulations also include confidentiality and notice requirements for wellness programs subject to the ADA and GINA. The effective date for compliance with the wellness program inducement limits and new ADA notice requirements is the first day of the plan year beginning on or after January 1, 2017. The final regulations under the ADA are available?áhere. The final regulations under GINA are available?áhere.

May 2016