Given the Most Recent SONY Security Breech How is your Company Protecting Sensitive Data?

Cook, Hall & Hyde, Inc. is a recognized industry leader in the commercial insurance, employee benefits and risk management business.  Risk management can be complex and often goes far beyond the insurance components.  In the past few years, the necessity for greater business attention to the risk issues surrounding information security, protection of data, and data breaches has taken center stage in many risk management departments.  The threats to a company’s most sensitive data, including that which is entrusted to us by clients, have become significantly greater and data compromises much more prevalent and costly.  The operational and system expectations as well as the attendant liability, regulatory, and reputational consequences have also increased dramatically.

Our clients have worked hard to build a successful businesses and Cook, Hall & Hyde wants to support you in making sure that it is not stolen or undermined by a lack of awareness, preparation and protection around data management risk issues.  A few simple questions for your consideration:

  • When it comes to the protection of your confidential company information including the information entrusted to you by your customers, clients and employees – do you have it right?  What about other sensitive company information regarding financial, strategic, intellectual property and other sensitive data?  
  • Are you confident that you, your management team, and your Information Technology shop understands and has executed against the complexities of the legal, regulatory, operational, and systemic data risk management protection requirements for material that contains Personally Identifiable Information (PII); Protected Health Information (PHI); Payment Card Industry Data Security Standards (PCI-DSS), other sensitive and classified data?
  • If your company’s systems or bank access credentials were compromised and funds were stolen from your bank account, would your bank immediately repay those funds?  Would the loss be covered by the current insurance that you have in effect?
  • If your company’s confidential information was compromised by a data breach tomorrow, would you know what to do?  Do you have the appropriate plans and resources in place to respond effectively?

Cook, Hall & Hyde, your risk management partner, has identified existing and emerging risks associated with the vulnerabilities of many companies’ current data protection practices that are leading to significant exposures, data compromises, financial losses and reputational risks to our clients.  We have established a relationship with a leading provider in the area of data risk management services, to assist Cook, Hall & Hyde in providing the necessary experience and expertise to assist our clients with assessing their current data risk management practices and programs.   Where appropriate they can help build cost effective data risk management programs to enhance the client’s protection protocols, risk mitigation, privacy compliance and breach preparedness planning and response posture to cover sensitive data.

The threats and requirements can be complex and require a holistic and layered approach to protection.    Data is a powerful tool, be sure that yours’ works for you, not against you.  Don’t let data risk be your point of vulnerability, make it a strength.  We can help contact us 631-329-7268 or email me at

Corporate Wellness Programs: Are They a Wise Investment for Employers?

With the permission of TLNT and Jeremy Sharp I am reposting a terrific article that lends clarification regarding the new GINA regulations issued in November 2010, ADA and HIPAA compliance for wellness programs. TLNT is a HR blog about “The Business of HR,” with news, insight, and topical information from experts and thought leaders in HR, talent management, and all areas related to HR and managing a workforce. Jeremy Sharp, a partner at Walter & Haverfield in Cleveland, concentrates his practice primarily in the field of employee benefits and executive compensation. He also has experience handling related legal issues involving taxation, labor and employment law, school law and health care reform. You can contact him at

 Corporate Wellness Programs: Are They a Wise Investment for Employers?

Employee HIPAA Privacy Notice Requirement

HIPAA requires that privacy notices be issued (1) to all employees when they first become covered by the plan, (2) to any employee upon request and (3) to all employees each time the privacy policy is revised. In addition, at least once every three years (beginning three years after the notice is first provided), employees must be informed (in writing) that the notice is available and the procedure for requesting a copy of the notice or group health plans may distribute a new notice every three years. 

Self-Compliance Tool for Part 7 of ERISA: HIPAA and Other Health Care Related Provisions  

Summary of The HIPAA Privacy Rule 

Are you Complying with HIPAA’s Final Wellness Regulations?

The US Dept of Labor has developed a checklist to determine whether a health promotion or disease prevention program is required to comply with the DOL’s final wellness program regulations, and, if so, whether the program is in compliance with the regulations.    

Click here for the Wellness Program Checklist

Click here for DOL’s HIPAA Compliance Guide

%d bloggers like this: