If you’re like most employers, your benefits data sit in separate databases at different vendors. You really don’t think much about the data itself, relying instead on vendor reports to see how much your plan is costing you and the most prevalent conditions in your population.

This might have seemed like a good idea once, but times have changed.

Why HR needs control of benefits data

You need control of your benefits data because:

• As the fiduciary, you must exercise discretion or control over how the plan is operated and its assets (see ERISA).
• You own the data, so you should have access to it.
• You need to make sure your data is secure so you don’t experience a breach.

Employers providing group benefit plans are subject to the terms of ERISA. The regulations apply to private-sector, for-profit and non-profit entities, and to both fully insured plans and those that are self-funded directly by the employer or union. Fiduciary responsibility is important, but not the focus of this blog.

Access to Your Data

Today’s technology presents a lot of options for you to store your data, but not all storage platforms are equal. Here are some critical items to consider when evaluating a data storage strategy for your employee benefit data:

• Do you or your benefits advisor have 24/7 access to the various data elements your membership creates? You should be able to get the answers you need when you need them.
• How many years of data will your vendor(s) store on your behalf?

• Most data vendors will hold 3-7 years of historical data. You need historical data to track program performance over time. Make sure you don’t lose crucial years of data by not storing enough information about your population.

Securing your data

Computer hacks, malicious malware, and phishing scams are dominating the news. You need to make sure your data is protected.

What security measures do your vendors take to ensure your data is secure?

• Do they consistently protect your data with modern encryption mechanisms? In accordance with HIPAA regulations, all PHI must be encrypted at rest and in transit.
• Do they turn off or create holes in their firewalls to increase performance? That puts your data at high risk for breach.
• What steps do they take to ensure that their employees aren’t putting your data at risk of phishing or other hacking techniques?
• Do they have a maintenance schedule to protect their security systems? They need to stay on top of newly devised threats and system improvements by patching or updating their systems regularly and in response to new and emerging threats.
• Do they deploy two factor authentication and other role-based access controls? Two factor authentication gives them greater control over who is legitimately accessing the system, limiting the risk of a breach.

What data is being generated by your members, and what data is important to store?

This is an important question. You may not realize the various data elements you and your advisor/broker could have stored. The more elements you warehouse, the more insight you can generate if you decide to analyze the data. It’s critical that you partner with a vendor that embraces best practices in data storage.

Your benefits data is waiting to reveal critical insight about trends, cost drivers, and the health of your employees, so the vendor you choose should do more than store your data. The vendor should also integrate and analyze your data so you can improve benefits plan performance across all your programs.

‍