The Empire Plan is a unique health insurance plan designed especially for public employees in New York State. Empire Plan benefits include inpatient and outpatient hospital coverage, medical/surgical coverage, Centers of Excellence for transplants, infertility and cancer, home care services, equipment and supplies, mental health and substance abuse coverage and prescription drug coverage.
KATHY HOCHUL
Governor
REBECCA A. CORSO
Acting Commissioner
NY21-32
PE21-18
PA21-16
SEHP21-10
PAEX21-14
TO: All Health Benefits Administrators
FROM: Employee Benefits Division
SUBJECT: HBA Requirements Concerning the New York State ITS Acceptable Use Policy
DATE: November 3, 2021
To successfully perform their duties, Health Benefits Administrators (HBAs) are granted access to online materials and systems provided by the Employee Benefits Division (EBD), including HBA Online and the New York Benefits and Eligibility Accounting System (NYBEAS). Inappropriate use of these resources exposes the State and your agency to potential risks, including virus attacks, compromise of network systems and services, and legal issues. As described in HBA Memo NY20-29/PA20-22/PAEX20-20/PE20-27, “HBA Responsibilities,” all HBAs must adhere to all privacy and Health Insurance Portability and Accountability Act regulations in the application of their duties, most particularly for the privilege of NYBEAS access and use.
Effective immediately, agency Data Access Officers (DAOs) must ensure that all HBAs and NYBEAS users read and comply with the New York State ITS Acceptable Use Policy NYS-P14-001. (As a reminder, no person may serve as both DAO and HBA for an agency. For more information on how a DAO may request HBA permissions, please refer to HBA Memo NY18-12/PE18-04/PA18-02/SEHP18-03/PAEX18-02 NYBEAS Access and HBA Online Access.”)
The New York State ITS Acceptable Use Policy NYS-P14-001 describes acceptable use of technology resources to encompass the following:
- Understanding the baseline information security controls necessary to protect the confidentiality, integrity, and availability of information;
- Protecting State information and resources from unauthorized use or disclosure;
- Protecting personal, private, sensitive, or confidential information from unauthorized use or disclosure;
- Observing authorized levels of access and utilizing only approved IT technology devices or services; and
- Immediately reporting suspected information security incidents or weaknesses to the appropriate manager and the Information Security Officer or designated security representative.
The NYS ITS Acceptable Use Policy also provides information and guidelines on:
- What constitutes unacceptable use;
- Occasional and incidental personal use;
- Individual accountability;
- Restrictions on off-site transmission and storage of information; and
- Use of social media.
HBAs must read and comply with the ITS Acceptable Use Policy. However, HBAs are not currently required to submit a signed attestation to EBD confirming that they have read the ITS Acceptable Use Policy.