[firm] blog logo

As Plan Administrator, the Employer is Liable – Not the Service Provider (i.e., What Kind of Indemnification Are You Getting?)

The plan administrator of an employee benefit plan (employee welfare or retirement) has the general fiduciary responsibility under ERISA to ensure the operational and documentary compliance of the plan. Under ERISA, the sponsoring employer is the plan administrator unless another person or entity is named in the plan. This generally means the employer retains ultimate responsibility and liability for legal compliance even though the employer may rely heavily on the plan’s third-party service providers. One way to mitigate this liability is to obtain indemnification from a service provider for the service provider’s errors, for which the employer (as plan administrator) would still be legally liable. The default language in third-party service provider contracts often provides indemnification only for the service provider’s “gross negligence”, but not its “ordinary negligence”, thus leaving the employer responsible for correcting (and paying for) errors caused by the service provider that do not amount to “gross negligence” or “intentional… Continue Reading

OCR Issues Fact Sheet on Direct Liability for Business Associates under HIPAA

HHS’s Office for Civil Rights(?Ç£OCR?Ç¥), which is the government agency responsible for enforcement of the HIPAA privacy, security, breach notification, and enforcement rules (the ?Ç£HIPAA Rules?Ç¥), recently issued a new fact sheet (?Ç£Fact Sheet?Ç¥). The Fact Sheet recaps the provisions in the HIPAA Rules for which a HIPAA business associate may be held directly liable for compliance. HIPAA business associates of an employer-sponsored group health plan, which is a ?Ç£covered entity?Ç¥ under HIPAA, would include, for example, the health plan?ÇÖs third-party claims administrator, a health plan consulting firm, a benefits broker, and the health plan?ÇÖs outside legal counsel, if such persons or entities create, receive, maintain, or transmit HIPAA protected health information (?Ç£PHI?Ç¥) on behalf of the health plan. The Fact Sheet clarified that OCR has authority to take enforcement action against business associates only for certain requirements and prohibitions of the HIPAA Rules as listed in the Fact Sheet,… Continue Reading

October 2021
S M T W T F S
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Archives