Taxation of Identity Protection Services

Original post

According to the IRS, identity theft has been the number one consumer complaint to the Federal Trade Commission for 15 consecutive years. The Bureau of Justice Statistics estimates that 17.6 million people were victims of identity theft in 2014. Organizations at every level are trying to protect employee and customer personal information from computer hacking that can disclose sensitive information to identity thieves. As a protective measure, some businesses are providing identity theft protection services in the hopes of preventing and mitigating damage from a data breach. Some insurance carriers are now also offering identity protection services to their customers at no additional cost. Questions were posed to the IRS concerning the taxability of identity protection services provided at no cost to customers, employees, or other individuals whose personal information may have been compromised in a data breach.

The taxation of this identity protection benefit/service was considered by the IRS in 2015 and again in early 2016. Originally, the IRS determined that an individual whose personal information may have been compromised in a data breach does not have to include the value of such an identity protection service in his or her gross income. Similarly, the IRS had ruled that an employer providing such data protection services to employees whose personal information may have been compromised in a data breach of the employer’s recordkeeping system (or employer’s agent or service provider) does not have to include the value of such service in the employee’s gross income or wages. The value does not have to be reported on an individual’s W-2. (See IRS Announcement 2015-22.)

But what about identity theft protection services that are offered as a precautionary measure before a breach occurs? Blue Cross Blue Shield, for example, is now offering identity protection services to all eligible BCBS members on an opt-in basis as of January 1, 2016. The offering includes credit monitoring, fraud detection and fraud resolution support. After the IRS elicited comments on Announcement 2015-22, it decided to extend the same tax treatment to identity protection services provided to employees or other individuals before a breach occurs, similar to that offered by Blue Cross Blue Shield. (See Announcement 2016-02.) The reasoning behind this ruling is that providing identity protection services to employees and others before a data breach occurs will foster earlier detection of a data breach and may minimize the impact of a breach on operations.

While this tax treatment does not apply to cash received in lieu of the identity protection service or proceeds received under an identity theft insurance policy, it is a benefit that is worthwhile to flag for your clients at a time when identity theft continues be a growing problem in the United States.

Technology: Investors Do Better Interacting With People Instead Of Technology

Original post

Many employers have done an excellent job of integrating financial wellness programs with their employees in order for them to improve their overall financial well-being. However, the most significant progress appears to be when investors actually speak with a qualified human being rather than relying on technology. The key, according to an article on the website of Employee Benefit News titled, “Technology Alone Not Enough in Financial Wellness,” is the level of employee engagement.

The article stresses that people who interacted with a certified financial planner five or more times during the year had a much better grasp on their finances, an emergency fund, retirement contributions, and cash flow management when compared to people who only used online tools. Were employees who talked to a real person getting better advice? Were employees who were more worried about their money doing more to understand and solve their problems by actually talking to someone? This was not known, but what was discovered was that technology can only do so much.

For example, if you get on a scale, it’s going to give you a number. The scale won’t tell you what to eat, how many calories you’ll need to burn, or what steps you’ll need to take if something unexpected happens. In terms of a person’s financial well-being, technology overload can occur and he or she will get bombarded with information that’s either not understood or unusable.

Once employers figure out that technology alone is not a viable solution to help employees with their finances, they can shift some of their financial wellness and retirement programs to one-on-one guidance with certified financial planners. Furthermore, they can incorporate education and focused presentations, such as workshops on retirement, student loan repayment, tackling credit card debt, etc., into the mix in order to drive up employee engagement.

The takeaway is that there is no single solution to help employees with their monetary planning and problems. It takes a combination of technology, education, and personal face time to ensure that a company’s workforce is making progress toward their financial goals.

Trending: Virtual Healthcare Gains Broader Acceptance

Original post

The Cadillac tax may have been postponed until 2020 but that doesn’t mean employers have put healthcare cost containment measures on the backburner. In fact, new research shows 90% of employers are planning myriad measures to control rising healthcare costs.

The 2016 Medical Plan Trends and Observations Report, released today by DirectPath and CEB, highlights top trends in employers’ 2016 healthcare strategies. Overwhelmingly, employers are continuing to shift a larger share of healthcare costs to employees, often through high-deductible health plans, according to the report.

The use of telemedicine, meanwhile, continues to grow, with almost two-thirds of organizations offering or planning to offer such a service by 2018 – a 50% increase from the previous year.

“Employees often say that they go to the emergency room because it's hard to get a doctor's appointment. With telemedicine, you've got 24/7 access and you don't necessarily need an appointment,” notes Kim Buckey, vice president of compliance communications at DirectPath. “That's certainly a huge driver of avoiding those visits to the emergency room or even the urgent care clinic because telemedicine is typically less expensive than an urgent care visit, as well.”

Buckey says it “makes sense” for employers to investigate telemedicine – the remote diagnosis and treatment of patients via phone calls, email and/or video chat – because employees are increasingly accepting of virtual access to just about everything.

“How many employees now are just grabbing their phones, iPads, or computers when they need information? That's something that people are comfortable with using and they don't have to leave their house to get quality care,” she says.

Spousal and tobacco surcharges are also expected to grow, according to the CEB data. Twelve percent of employers surveyed already have spousal surcharges in place, while 29% expect to introduce them in the next three years. Twenty-one percent of employers already have tobacco surcharges in place, while 26% expect to implement them in the next three years.

“I think we're going to see more and more of those, particularly as employers focus more on wellness initiatives,” says Buckey, adding that a robust communications plan is needed before implementing tobacco or spousal surcharges.

“People don't understand basic concepts like deductibles, co-pays, co-insurance, let alone how to make a decision about what plan to choose, or frankly, what's the best way of receiving care,” she says. “As more and more of these provisions are added to plans, they have the potential of being even more confusing and off-putting to employees, so having a robust communications plan in place that addresses all of these issues [is important]. ... There certainly will be cases where these surcharges aren't going to apply to a large percentage of the population. You just want to make sure that the folks who are affected, understand how they're affected and why.”

Technology: Top Talent Prefers Being Recruited Via Their Mobile Device

Original post

If you haven’t noticed, newspapers are shrinking in size. Fewer people, especially the younger demographic of 18- to 40-year-olds, read them and this especially applies to when they’re searching for jobs. Employers who continue to use only the older methods of recruitment -- classified ads and job boards -- may not attract the most coveted applicants due to them not seeing the posting, or worse, feeling that the company looking to fill the position is old-fashioned and not technologically up to date.

According to an article on the website of Society For Human Resource Management titled, “The Most Sought-After Talent Prefer Mobile Recruitment,” almost 70% of applicants labeled as “high-potentials” were attracted more to companies with mobile recruiting options versus just over 50% of other applicants. Another comparison of high-potentials shows that about 75% use mobile devices when searching for jobs while only 40% of other potential employees do.

Because most people tend to do everything on their tablets or smartphones, it makes sense that searching for a job would just be another addition to that list. The article bears that out, noting that convenience is one of the primary reasons that high-potentials do this. Besides convenience, another benefit noted is that information can be obtained quickly via mobile device and high-potentials can respond faster to job postings.

The article states that everyone, at some point, will use a mobile device when job hunting, but those who are high-potentials take it to the next level. Everything from researching companies, receiving job alerts, filling out job applications, and even taking assessments was more likely to be done by a high-potential candidate on a mobile device. Furthermore, high-potentials were nearly two times as likely to prefer text messages and communication through social media (e.g., LinkedIn).

So, what’s the message to employers? If you want to attract top talent, then you must utilize mobile recruiting. Employers can build such a program by integrating all their job search functions, such as listings, applications, assessment tests, etc. on a mobile platform. They also need to make it simple and streamlined. As the article states, you don’t want a candidate who’s a high-potential to skip through your job recruiting process due to frustration.

Searching for jobs online

Original post

When it comes to searching for jobs, most Americans go online rather than depend on friends or other contacts for this information. In a Society For Human Resource Management article titled, “Online Job Searching Has Doubled Since 2005,” they reference a Pew Research Center study that found about half of all U.S. job seekers have researched and applied for jobs online. That’s more than double the number from 2005.

What this means for recruiters is that people seeking jobs are getting their information about the job as well as the company from the Internet. Other forms of job listings such as employment agencies, print ads, and job fairs are still being utilized, but not as much according to the Pew study. In addition, people with higher levels of education are more likely to use the Internet when looking for a job.

Nearly 90 percent of college graduates went online, versus just over three-quarters of people who attended, but didn’t graduate, and fewer than 70 percent of people who never went to college at all.

The advice given was that if you search online for a job, then you should definitely have a LinkedIn, or other professional social media profile. This is especially true if you’re using a tablet or other mobile device to apply online.

Can you imagine having to submit your résumé using a smartphone? It’s so much easier just to link it to a profile and many employers accept that.

In fact, another aspect of the Pew study was the percentage of Americans who used a mobile device and social media to search and apply for a job. What should come as no surprise is that more than half of all 18- to 29-year-olds have used a smartphone to search for jobs. Recruiters should take notice and make it easier for these job seekers to find and apply for available jobs. They should also be able to easily share or forward these jobs to a friend if they know he or she is looking.

The article states that more than 30 percent of social media users have relied on social media to research jobs in which they had an interest. In addition, approximately 20 percent applied for a job via social media and more than 10 percent said that the information they posted on their own personal social media account helped them get a job.

The article noted that while this may make it seem like younger job seekers are utilizing online tools more, people age 50 and older have caught on to this strategy and are also using it to their advantage.

Sleep deprived

Original post

Why can’t a bicycle stay up? Because it’s two (too) tired. Now that you’ve stopped groaning, lack of sleep is a growing problem among corporate America and a serious health concern. Unfortunately, sleep deprivation often takes a back seat in the wellness headlines compared to not exercising, bad eating habits, and stress, yet insufficient sleep leads to worse health and poor productivity.

In contrast with corporate culture that demands longer hours at work and higher productivity, fewer than six hours of sleep can significantly impair an employee’s abilities and overall well-being. According to an article on the website of Society for Human Resource Management titled, “Mobile Gadgets, Longer Hours Worsening Sleep,” it points to a study done at Cornell University that found that “both medical and indirect costs (such as those related to missed work, or lack of concentration while at work) were about $1,253 higher per individual for workers who had insufficient sleep than for those who got enough sleep.”

So, why is this story in the Technology section instead of the Wellness section? Because smartphones and tablets appear to be making the problem of sleep deprivation worse, but wearable technology may be able to help. It's like fighting fire with fire.

Let’s start with the problem. Both smartphones and tablets allow employees to stay connected to their work, thus allowing them to continue addressing work-related issues instead of unplugging (pun intended) from the office. Plus, these devices emit blue light, which causes our eyes to assume it is daylight regardless of the actual time of day.

To help combat this unnatural phenomenon, people need to train their minds and bodies to power down. Don’t look at email, social media, or any activity that requires you to stare at an electronic screen. By doing so, you will be able to achieve deep sleep and reduce or even eliminate fatigue the following day.

Technology, which is a primary cause of sleep deprivation, can also help relieve it. The latest high-tech wearable devices are able to monitor your health, rest periods, and sleep. By getting this complete picture of activity, it can help you change your habits and alter your day-to-day routines.

Your company's old papers could be treasure to a thief

A company's old box of papers may seem insignificant. But if the data is right, thieves could see that old box of papers as a gold mine.

Travelers Casualty and Surety Company of America lays out a similar scenario for you to consider.

You built your company with singular vision, always investing in the latest equipment and technology to keep you out front. Years of work and now you have 400 employees and robust systems throughout the manufacturing business.

RELATED: Developing a Cyber Breach Strategy

Then the FBI called. Hundreds of fraudulent tax returns had been filed to the IRS by “employees” claiming to work for you. You can’t believe it — your systems are secure and well-protected. But now it’s your name, your company and your people at risk.

You hired an investigator to determine how this information got out. Turns out a criminal stole a box of paper W-2 forms as they were being moved to storage. One box with 298 pieces of paper contained everything the thieves needed. You paid for credit monitoring for your employees but someone tipped off the local media and the story was out. Now you had to protect your business and reputation so you hired a public relations firm to help contain the crisis.

Investigators, credit protection, lawyers, crisis consultants - all because of an old box of papers.

According to the NetDiligence® Data Breach Cost Calculator* the estimated costs of the 298 lost records for the manufacturer could be:

Lost Records Cyber Awareness
An average event of this type impacts 28,000 records driving the average cost to a business to $1,700,000.**

Risk Management Tips:

  • An information retention policy should be established and include guidance on what types of information should be retained, how long it should be retained and procedures for destruction of unneeded data.
  • New hire training and regularly scheduled refresher training courses should be established in order to instill the data security culture of your organization.
  • Create, implement and test an incident response plan.

*The NetDiligence® Data Breach Cost Calculator and other tools are available to insureds on the Travelers’ eRisk Hub®.
**Ponemon 2015 Cost of Data Breach Study, NetDiligence Cyber Claims Study 2014

Proprietary and Confidential

Originally posted on

You know what they say about people who assume. When it comes to a company’s intellectual property, never assume anything. Just because you think something is proprietary and confidential doesn’t mean that it is, or that someone else will feel the same way you do. That’s why it’s a good idea to always err on the side of caution and make sure any documents that are part of a company’s intellectual property are labeled as such, password protected if necessary, and mentioned in the employee handbook as such. This may not keep them from getting stolen, but it will help a company should it need to file suit.

On Society for Human Resource Management, an article titled, Identify Your Trade Secrets to Prevail in IP Theft Litigation, lists a case where information was taken and used by a former employee because it wasn’t properly labeled as proprietary and confidential. Furthermore, it wasn’t identified in the employee handbook as a trade secret, nor was the employee required to sign a noncompete agreement. The issue at hand was a list of people, including their names, addresses, phone numbers, etc., held by the company. An employee took that list and used it for a competing business. The argument was that everyone within the company understood that the list was only for business purposes and was not publicly known, nor available to the public. The court, however, disagreed and ruled that the list was not a trade secret or confidential and proprietary information. The list was available to all staff and to the people on the list, so the company wasn’t trying to guard the secrecy of the information. Furthermore, most of the information was available in the public domain.

So, what is the lesson here for employers? Regardless of what the information may be, what technologies it may contain, or who has access to it, make sure everyone knows that it’s part of the company’s intellectual property and put in place safeguards that ensure this.

What kinds of safeguards are necessary? According to the article, as long as a company takes reasonable precautions by taking time to set up a system to protect information believed to be important, confidential, or proprietary, the system doesn’t have to be perfect.

So by limiting access to the information, keeping it secure, informing everyone who has access that the information is confidential, and designating the information as such in the employee handbook. It’s also a good idea, according to the article, to remind departing employees during their exit interview about any confidentiality obligations.

If something is worth protecting, then it’s worth the extra time and effort needed to ensure its security. Proprietary and confidential mean just that, and these terms should be taken seriously and not applied haphazardly.

Can your smartphone tell you if you have depression?

Originally posted by Carina Storrs on on July 15, 2015.

Getting a diagnosis of depression usually involves filling out questionnaires about your mood and undergoing lengthy interviews with a psychiatrist. But smartphone apps might be able to handle some of that work, and at least tell you if you are at risk of depression, simply by collecting GPS and other data, according to a new study.

Researchers at Northwestern University in Illinois tested an app they developed called Purple Robot. It uses data from a number of sensors in the smartphone that detect location, movement, phone usage and other activities to assess if a user is likely to have depression.

"The main reason for the development of the app is to see if we can objectively and passively identify if people are depressed," said Sohrob Saeb, a postdoctoral research fellow at the Feinberg School of Medicine at Northwestern University who is one of the developers of Purple Robot.

In the study of Purple Robot, Saeb and his colleagues at Northwestern and Michigan State University looked at GPS or phone usage data among 28 participants for two weeks.

They found that Purple Robot could identify 87% of the participants in the group who were determined to be at risk of depression according to PHQ-9, a nine-question test for depression, based only on GPS data on how much users moved between their regular locations. The more users moved around, the less likely they were to fall into the at-risk category.

In addition, by identifying the participants who used their phone the most, including everything from texting and playing games but not talking on the phone, Purple Robot could detect 74% of those in the at-risk group. Data on both GPS and phone usage were not available for enough participants to let the researchers see how well Purple Robot performed when both data sets were available, Saeb said.

However, PHQ-9 is only a screening tool that tells you if you have an above-average chance of having depression and is not enough to diagnose depression, said Dr. Scott Monteith, clinical assistant professor of psychiatry at Michigan State University, who has not been involved in developing or researching Purple Robot or other smartphone apps.

The way the test was used in the study, with a low cutoff score, it probably incorrectly identified many of the participants as being at risk of depression who were not, he added.

To get a better idea of the effectiveness of Purple Robot, the researchers are going to do a study involving more participants over a longer period to see if the app can detect changes in behavior over time, Saeb said. In addition, the group will see if they can improve Purple Robot's ability to spot depression by including additional data, such as how long people talk on the phone and who they talk to.

Depression is a debilitating illness that affects about 17% of people at some point in their lives. Meanwhile, it is estimated that by 2025 more than 5 billion people in the world will have a smartphone, and their sensing capability will be above and beyond that of today's iPhones, Androids and Blackberries.

There are probably hundreds of apps that promise to improve your mental health, from offering tests to gauge your depression risk to providing information about depression treatments. Others, like Purple Robot, are in the development stage.

Optimism and DBSA Wellness Tracker are two of the apps on the market that track your mood. goes further and analyzes data such as how much users move around on the weekends and how long they talk on the phone, as well as users' reports of their health, to alert them and their health care providers about concerns with their behavior and mental health., which is in use at about 30 medical centers, is available through health care providers and as part of research studies.

However the problem with all the apps that are designed to warn about depression risk is that their effectiveness has not been demonstrated, Monteith said.

It is not clear how good these apps are at picking out people who have depression, Monteith said. What's more, it is not clear how these apps would be "embedded into a broader continuum of care" to ensure that a person or their doctor went from getting an alert from the app, for example, to that person getting a diagnosis of depression and getting proper care, he added.

Even if researchers can get a better handle on the effectiveness of these apps, there are still numerous questions regarding risks, especially about the data they collect not being secure and private, Monteith said.

"The data from these types of apps could potentially end up in anyone's hands, if the data are moved offshore, which a lot are," said Monteith, who co-wrote a recent article on health care data privacy. Another way data security could be compromised is that when a company is bought, the buyer may not have to adhere to the original terms and conditions about how the data are used, he added.

Experts including Monteith worry that once data get into the wrong hands, that could potentially jeopardize a person's ability to get a job, get life insurance or get a loan.

The best way to keep data secure, at least from hackers and thieves, would be to make sure the users control their data, such as by keeping it stored encrypted on their phone, and have apps analyze the data on phones, and never have it sent back to the app developers or other companies, according to Dr. Deborah C. Peel, leader of Patient Privacy Rights, a nonprofit advocacy organization. Monteith is on the advisory board of Patient Privacy Rights.

As for Purple Robot, some of these concerns may not apply for now. Saeb and his colleagues work with encrypted data. However if they eventually make the app public, if they can demonstrate its effectiveness, they would have all the data on secure servers at Northwestern. This type of data centralization, even on secure servers, is a "honeypot" for hackers, Peel said.

So far, the analyses that Purple Robot is doing are really only for research purposes, Saeb stressed. In addition to the work he is involved in, there is also research on whether the app can pick up signs of bipolar disorder among users.

The app gets its name because the color of Northwestern University is purple, and because the developers hope the app can act like a robot and automatically alert a user of his or her mental health risk and also make recommendations to possibly mitigate the risk, such as using the phone less or getting out of the house, Saeb said.

Despite concerns surrounding these apps, Monteith said he is "totally in favor of research [on them], that's what we need to do." However, he urged that researchers consider both effectiveness and risks in their studies. "We need to look at what the FDA looks at" when deciding whether to approve medical treatments and devices, Monteith said.

“Friending” Your Doctor

Originally posted by

The term “friending” refers to adding someone to a list of friends on a social media website. This list is more of a contact database rather than meaning someone on it is actually your friend. And yet, the popularity of social media can’t be ignored.  It’s everywhere and we use it to connect with our family, friends, and coworkers. Now, think about what we could do if we used this to communicate with our doctor.

The first thing you're probably thinking is that it will violate the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), but you wouldn’t use it to share sensitive, confidential information that crosses professional and ethical boundaries. You would use it to manage your health care and access health information.

If health care organizations can figure out how to use Facebook, or other social media websites, to their benefit, then they will have a real advantage with their patients. In an article on The Huffington Post titled,Communicating With Your Doctor On Facebook May Be The Future Of Healthcare, it said that many organizations (also known as telemedicine and is the use of electronic and telecommunications technologies to provide health care from a distance) are well on their way to utilizing email and social media. For example, telehealth organizations have electronic ways for patients to use messaging, access test results, track their health, etc.

A study published in the Journal of General Internal Medicine, showed that many patients are interested in this type of communication, but they may be unaware that it’s available. If you’re still not sold on the concept of communicating with your doctor via email or social media, consider the benefits. You could have faster and ‘round-the-clock access to health care professionals. In addition, you would be able to better manage and monitor your health care and do it from the comfort and privacy of your own home. Doctors and health care organizations would benefit from the “social” aspect by extending their clinical reach to people in rural areas or outside the typical radius of a health care facility. Furthermore, they could provide real-time information so that the community at large can benefit from their expertise.

As with all technology, there are pros and cons as well as a definite learning curve associated with it. While this can initially limit both the patients’ and doctors’ ability to effectively use the new technology, once they become more familiar with the ins and outs, they should feel confident enough to rely on its benefits.