Benefits Monthly Minute

Supreme Court Addresses Retiree ADA Claim | HIPAA Security Updates on the Horizon | DOL Gives Crypto a Green-ish Light

(Very!) hot off the press, the June Monthly Minute brings you up to speed on a new SCOTUS decision addressing retiree rights to sue under the ADA, proposed HIPAA security updates and Department of Labor guidance on cryptocurrency 401(k) plan investments.

Supreme Court Addresses Retiree ADA Claim

On June 20, 2025, the Supreme Court decided a case involving the rights of retirees to sue former employers under the American with Disabilities Act for denying post-employment retirement benefits. In the case, Stanley v. City of Sanford, Florida, Karyn Stanley worked as a firefighter since 1999, at which time the City offered health insurance until age 65 for retirees with 25 years of service and those who retired earlier due to disability. In 2003, however, the City changed its policy to provide insurance up to age 65 only for retirees with 25 years of service, and those who retired earlier due to disability would receive 24 months of coverage. Ms. Stanley retired in 2018 due to a disability and sued, claiming the City violated the ADA by providing different benefits to those who retire with 25 years of service and those who retire due to disability. The district court ruled that the alleged discrimination occurred after she retired, when she was not a “qualified individual” under Title I of the ADA (because she no longer held or sought a job with the defendant). The district court’s dismissal of the case was affirmed by the 11th Circuit and the Supreme Court.

KMK Comment: Essentially, the ruling establishes that retirees must hold or seek a job at the time of the alleged discrimination to bring a viable ADA claim. While the Court conceded that plaintiff’s position -- that the “qualified individual” requirement is a conditional mandate that applies only if a plaintiff holds or seeks a job but not to retirees -- was conceivable, it ultimately found that her interpretation was too convoluted and strayed too far from the express statutory language to carry the day. While this is certainly an employer-friendly decision, the Court further provides that there may be other avenues for retirees to seek relief and protection from discrimination.

HIPAA Security Updates on the Horizon

Earlier this year, HHS's Office for Civil Rights (OCR) proposed major updates to the HIPAA Security Rule, eliminating the distinction between "required" and "addressable" safeguards and making most implementation standards mandatory. Although the comment period ended on March 7, 2025, the current administration has not yet provided further guidance. If the proposals are finalized, covered entities, including health plans, would need to maintain a written inventory of technology assets, create annual network maps, and implement enhanced cybersecurity controls such as mandatory encryption, network segmentation, and multi-factor authentication. The rule also introduces stricter administrative requirements, including written incident response plans, annual compliance audits, and termination of system access within one hour of employee separation. The new rules would require health plans to reassess their current safeguards and conduct risk analyses that reflect modern cyber threats and infrastructure changes. And, in the meantime, the current administration has continued its risk analysis initiative and HIPAA audits in light of increased national cyber threats, making HIPAA privacy and security compliance a key initiative.

KMK Comment: While the Biden Administration initially proposed these Security Rule changes, there is reason to believe that the Trump Administration will adopt them, albeit in some reduced form. Accordingly, covered entities, including health plans, should work with legal counsel and service providers to assess overall HIPAA compliance and conduct a risk analysis to determine potential vulnerabilities and create a risk mitigation action plan. We will keep you updated as additional guidance is released.

DOL Gives Crypto a Green-ish Light

In Compliance Assistance Release No. 2025-01, the Department of Labor rescinded its stringent 2022 directive regarding 401(k) plan investments in cryptocurrencies. The 2022 guidance directed plan fiduciaries to exercise "extreme care before they consider adding a cryptocurrency option to a 401(k) plan's investment menu for plan participants." Reasoning that the “extreme care” standard differs from ordinary fiduciary principles and is not found in ERISA, the DOL now rejects the more restrictive, Biden-era standard. Instead, citing the Supreme Court’s 2014 Fifth Third v. Dudenhoeffer ruling, when evaluating any particular investment type, a plan fiduciary's decision should consider all relevant facts and circumstances and will "necessarily be context specific." 

KMK Comment: The new guidance is clearly a win for cryptocurrency providers (and other "digital assets" including those marketed as "tokens," "coins," and "crypto assets"). However, plan sponsors are still bound by fiduciary obligations to participants and beneficiaries which imposes a high standard of care. In this respect, before making investment lineup changes to include cryptocurrencies -- which are typically viewed as unstable investments that are difficult to value --  consultation with investment managers and expert service providers, as well as detailed documentation to support inclusion of these investments in the plan lineup, is key.

The KMK Law Employee Benefits & Executive Compensation Group is available to assist with these and other issues.

Lisa Wintersheimer Michel
513.579.6462
lmichel@kmklaw.com 

John F. Meisenhelder
513.579.6914
jmeisenhelder@kmklaw.com 

Antoinette L. Schindel
513.579.6473
aschindel@kmklaw.com 

Kelly E. MacDonald
513.579.6409
kmacdonald@kmklaw.com

Rachel M. Pappenfus
513.579.6492
rpappenfus@kmklaw.com  

Eric C. Cook
513.562.1453
ecook@kmklaw.com 


KMK Employee Benefits and Executive Compensation email updates are intended to bring attention to benefits and executive compensation issues and developments in the law and are not intended as legal advice for any particular client or any particular situation. Please consult with counsel of your choice regarding any specific questions you may have.

Jump to Page
Close

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Functional cookies collect information about your choices and preferences, and collect information about your use of the Sites and Services which enable us to improve functionality.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.