The RISC eNews Blast is intended to provide relevant and timely news information from a number of sources to member pool staff. If you see articles in the journals, email and sources you subscribe to that may be of interest to the RISC membership, please feel free to forward them to Erin Rian for inclusion in the eNews Blast. The eNews Blast will be delivered weekly, and the RISC Report newsletter will be delivered every two months. In this week's edition of the RISC eNews Blast:
DATA SECURITY & CYBER RISK
Malicious Virus Shuttered Power Plant: DHS (Reuters, 1/16/2013): A third party contractor unknowingly inserted a virus into the turbine control system of a US power plant last fall by inserting an infected USB computer drive. This approach, which may have been used to introduce Stuxnet into Iran’s nuclear program, can be used to infect computer systems that are isolated from the public Internet. Aging systems that run on Windows XP and Windows 2000 are more vulnerable to infection because their default “auto run” feature allows malicious software to load as soon as a USB device is plugged into the computer. The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team responded to 198 cyber incidents reported by energy companies, public water districts, and other infrastructure in the fiscal year ending September 2012. 41% of the incidents were attacks against the energy sector.
Utah’s Medicaid Loses Control of Patient Records, Again (Salt Lake Tribune, 1/16/2013): 6,000 Utahns will be receiving notice that their personal information was misplaced by a Medicaid contractor that processes pharmacy claims for the state. A contractor employee loaded the information onto an unencrypted thumb drive to improve access then left the health department headquarters and subsequently misplaced the drive. Although the state believes the potential for identity theft is low, it is notifying Medicaid recipients whose records were compromised. The contractor may face a fine.
HHS Office of Civil Rights Settles First HIPAA Breach Involving Fewer than 500 Individuals (Mondaq, 1/14/2013): The settlement with a small nonprofit Hospice in Idaho related not to the actual data breach, but to the organization’s failure to adopt appropriate security policies and procedures to address mobile device security and to conduct a security risk analysis to safeguard protected health information. A statement by OCR director Leon Rodriguez recognized that encryption is an easy method for making lost information unusable, which may indicate that OCR is moving toward viewing encryption as an industry standard for laptops.
Disable Java? Here’s How, After US Agency Warns of Software Vulnerability (Christian Science Monitor, 1/12/2013): The US Computer Emergency Response Team (US-CERT) is recommending that Americans temporarily disable Java because it raises the risk of hacker infiltration of computers.
HHS Proposes Rules to Verify Health Care Premium Subsidy Eligibility (Workforce, 1/15/2013): On January 14, the Department of Health and Human Services (HHS) issued a proposed rule outlining how state and federal insurance exchange administrators will verify individual’s eligibility for federal premium subsidies to purchase health insurance through exchanges. Read the fact sheet from CMS on the proposed rules here.
IRS Releases Proposed ACA Regulations on Employer ‘Shared Responsibility’ (Bloomberg BNA, 1/2/2013): On December 28 the Internal Revenue Service released long anticipated proposed regulations on the “shared responsibility” provisions under the Affordable Care Act on employer health coverage. Starting in 2014, employers with at least 50 full-time employees (including full-time equivalents or FTEs) are required to offer a minimum level of affordable health coverage or pay a penalty. The proposed regulations outline minimum essential coverage, determination of applicable large employer status, identifying full time employees, under what circumstances an employer will be liable for payment, as well as safe harbors and transition rules. The comment period on the proposed regulations closes on March 18, 2013. The full proposed regulations and additional details can be found here. An FAQ can be accessed here for highlights of the proposed regulations.
HHS Issues proposed Regulations Implementing Reinsurance Fees Paid by Carriers and Group Health Plans Under the Affordable Care Act (Lexology, 1/2/2013): Recent proposed regulations address various questions of interest to health insurance carriers and employers sponsoring group health plans. The proposed regulations issued December 7, 2012 focus on and explain how transitional reinsurance program fees will be determined and collected from group health plans in 2014 and beyond.
MEDICARE SECONDARY PAYER
SMART Act Brings Increased Discipline and Rationality to Government’s Medicare Secondary Payer Recovery Process (Mondaq, 1/9/2013): Among the changes that are designed to improve the process for Non-Group Health Plans is a requirement that CMS solicit proposals within 60 days of the SMART Act’s enactment for the types of practices that will and will not be subject to the monetary penalty of up to $1,000 per day for non-reporting. Pools may want to consider whether they know of situations that should be proposed to CMS for exclusion from penalties.
PROPERTY & CASUALTY
Models Miss Sandy Losses, Need Adjustment (Property Casualty 360, 1/10/2013): The models failed to project the severity of flooding caused by Sandy’s record storm surge, which would normally be associated with a more intense hurricane. They also did not accurately project the degree of loss to motor vehicles, because models generally assume autos will be driven out of the area as part of the pre-hurricane evacuation. Fitch says that the industry will reevaluate its exposure to the Northeast, and that Sandy’s losses will help sustain gradual rate increases in the Northeast.
Profitability Challenged in a Workers' Comp Market Beset by Uncertainties (Property Casualty 360, 12/27/2012): According to Moody's, workers' compensation profitability for insurers is challenged by rising combined ratios, uncertainty in employment, and the challenge of reserving for rising medical costs.
OTHER TOPICS OF INTEREST
AP Impact: Deficient Levees Found Across America (Associated Press, 1/17/2013): The U.S. Army Corps of Engineers has found 326 levees, protecting more than 2,000 miles, to be in urgent need of repair. The Corps's findings were made in the course of its first ever inspection of levees under federal oversight. The total will be higher, as the Corps has not issued ratings for 40% of the 2,487 levees involved. Local governments are responsible to upgrade levees that fail inspection, but some local officials are resisting due to the potential cost. The USACE levee database is accessible here.
Local Governments Strain Under Weaker State and Federal Aid (Governing, 1/17/2013): Local governments are turning to cuts in workforce, hiring freezes, increased fees and new fees, and drawing down their reserves to meet financial needs in the face of reduced federal and state aid.
New Guide on Best Practices for Emergency Vehicle Visibility (U.S. Fire Administration, 1/17/2013): The U.S. Fire Administration worked with the Cumberland Valley Volunteer Firemen's Association's Emergency Responder Safety Institute, with funding from the National Institute of Justice, to develop this slide show of markings that help increase the visibility of emergency vehicles to motorists.
New Gun Law Offers Reply to Mass Killings (TimesUnion.com, 1/16/2013): New York has enacted a new gun control bill. Among the changes are an expanded definition of assault weapons, reduction of the maximum number of rounds in a magazine, and background checks on all gun sales. Also included is a requirement that mental health professionals report to officials a patient they believe to be a danger to themselves or the public.
Cleaning and Disinfection Plans During an Influenza Outbreak (Zurich Insurance, 1/15/2013): A cleaning and disinfection plan for a facility during an influenza outbreak has four key components:
• Areas to be cleaned
• Frequency of cleaning
• Which cleaning/disinfection materials will be used
• Material-specific cleaning procedures and techniques.
House Approves $50.7 Billion in Emergency Aid for Storm Victims (New York Times, 1/15/2013): The House of Representatives passed a $50.7 billion relief bill on January 15 for victims of Superstorm Sandy. The funds will assist homeowners and business owners and will assist governments in the reconstruction of public infrastructure.
Survey Finds Claims Process Improvement Eyed as Top Initiative to Lower Costs (Claims Journal, 1/14/2013): A survey of thirty insurance executives found that claims process improvement is their top priority for lowering operational costs. 75% of respondents expect to upgrade or replace their claims systems within five years. The survey also found that poor communication is the biggest issue customers have with claims processors.
The California Supreme Court Makes Clear that Assumption of Risk Applies to More Than Just Sports (Mondaq, 1/14/2013): In Nalwa v. Cedar Fair, L.P., issued December 31, 2012, the California Supreme Court held that the assumption of risk doctrine applies to recreational activities, not just to sports. Under that doctrine, operators, instructors and participants have a duty not to increase the risk of injury over the risk inherent in the activity. In Nalwa, assumption of risk applied even though the injury occurred in a state-regulated amusement park where the operator owes participants the heightened duty of care of a common carrier. The full decision is accessible here.
Readying for Sandy, New Jersey Transit Erred in Modeling Storm (Insurance Journal, 1/13/2013): Reuters reports that the New Jersey Transit Agency used the wrong settings to project likely storm surge as Superstorm Sandy approached, consequently leaving valuable equipment in low lying areas that flooded. The settings used showed the storm traveling away from the New York area, producing storm surge predictions that were half of what occurred.
NLRB Confirms that Comments Posted on Social Media May be Entitled to Protection (Mondaq, 1/8/2013): The National Labor Relations Board issued a decision on December 14, 2012 upholding September 2, 2012 administrative law judge’s finding that it was unlawful for an employer to discipline or discharge employees for comments made on Facebook. The Board applied the Meyers Industries Framework, which protects oral comments if they are motivated by the employee’s concerted, NLRA protected activity. There is a link to the December 14 decision in the article.
MarketScout: Rates up 5% in December; Caps Off Year of Slow, Steady Increases (Property Casualty 360, 1/7/2013): 2012 was the first year of consistent rate increases after over seven years of a soft market. However, increases have come without the dramatic spikes of the last hard market, which began in 2001.
Information about NLC-RISC conferences, workshops and regional meetings can be found on our website under the Events tab. Please contact Erin Rian if you have questions.
Essentials in Risk Pool Management Certificate Program ~ Online courses start February 7, 2013: Essentials in Risk Pool Management is a one-course certificate program, developed through a collaboration of NLC-RISC, the Association of Governmental Risk Pools (AGRiP), California Association of Joint Powers Authorities (CAJPA) and Insurance Educational Association (IEA). The curriculum provides a risk pool participant with theoretical and practical knowledge, which provides a solid foundation to successfully work within or manage the risk pool. Completion of Essentials in Risk Pool Management satisfies one of the five required courses for the Associate in Risk Pool Management Designation. Registration for NLC-RISC members is $399. Register here.
Marketing Communications Workshop ~ May 15-16, 2013 in Denver, Colorado at the Sheraton Denver Downtown Hotel. Additional details and registration available early February.
2013 NLC-RISC Trustees Conference ~ May 16-18, 2013 in Denver, Colorado at the Sheraton Denver Downtown Hotel. Additional details and registration available early February.
2013 NLC-RISC Staff Conference ~ October 21-23, 2013 in Portland, Oregon at The Nines