Security checkup

Do your benefits vendors follow these 7 security protocols?
Evaluate your vendors

Your benefits package helps protect employees and their families from threats to their health and overall wellness. But how well are they — and you — shielded from unexpected threats to personal data?

If you combined the populations of Chicago and Houston,1 you’d have the total number of patient records affected by the top 10 healthcare data security breaches in 2018.2 In fact, 94% of healthcare organizations have experienced at least 1 security breach in the past 2 years,3 affecting 41% of the U.S. population.4

Massive data breaches underscore the unavoidable reality that information security is not a “nice to have” – it’s a must-have.

Data security threats are real

Personal health information (“PHI”) is especially vulnerable because it can fetch a higher price on the black market.5 And once stolen, that data is usually trading hands among bad actors before the owner even knows it.

It can take a company, regardless of industry, an average of 7 months just to discover a data breach, and then another 66 days to contain it.6

If an average
breach happens JANUARY 1

It won’t be
discovered until JULY 19 (191 days)

and won’t be
contained until SEPTEMBER 23 (66 more days)*

So ask yourself: Do you know if your benefits vendor is equipped to secure, manage and verify personal data for your employees?

The basics EyeMed thinks you should demand

Full data protection calls for state-of-the-art systems for secure data management. And employers should expect this from their benefits companies. We suggest you ask about things like:

  1. End-to-end encryption: scrambled words or codes so only appropriate and authorized users can access it
  2. 2-factor authentication: a security enhancement that requires 2 types of credentials for logging into accounts
  3. Secure coding practices: developers that are well-trained to detect potential security risks
  4. Round-the-clock monitoring: like EyeMed’s command center, located right in our corporate headquarters, with 27/4 oversight using advanced tools and dashboards
  5. Third-party vendor assessments: oversight of critical vendors through systemic and regular tracking
  6. Security training: annual associate training in security and compliance, so that those handling your employee data understand the gravity of what’s at stake
  7. Vulnerability and penetration testing: in-depth testing of equipment, software and code to report on potential risks and prevent breaches

How do you evaluate your vendors?

To learn more what your benefits vendors should be doing to assure data protection, check out our 7 recommended security protocols for protecting PHI and other sensitive data.

1: “The 10 Largest Cities by Population,”, March 16, 2018, reviewed Dec. 20, 2018 2. “The 15 Largest Health Data Breaches in 2018,” by Joseph Goedert, Health Data Management, Dec. 14, 2018,, reviewed Dec. 19, 2018 3. https://www. technology-security-plan 4. The HIPAA Journal 5 The Washington Post (May 2015) https://www. medical-sector/?utm_term=.295c46e40605 6. Drolet, M.; “What does stolen data cost [per second]”; (2018, January 26); Ponemon Institute 2018 Cost of a Data Breach Study;