I don't know who needs to hear this, but...
Before you sign up for a high deductible health plan (#HDHP), ask the insurance company who administers the health savings account (#HSA) that is linked to it.
If it's #HSABank, a.k.a. #WebsterBank, then I'm not going to tell you to choose a different insurance company, but you should at least factor into your decision the fact that, speaking from personal experience, HSA Bank is massively incompetent and a huge pain in the ass to deal with.

I needed to submit a form to my HSA administrator (hsabank.com). The form has my social security number on it. The offered ways to submit it are email (insecure), fax (obsolete and inconvenient), and U.S. Mail (slow and inconvenient).
I'm no longer surprised to encounter financial institutions that do this; I'm just sad.
There are many secure file upload products. Please, I'm begging you, deploy one of them if your company needs people to upload #PII.
#infosec #privacy #fintech #HSABank