The RISC eNews Blast is intended to provide relevant and timely news information from a number of sources to member pool staff. If you see articles in the journals, email and sources you subscribe to that may be of interest to the RISC membership, please feel free to forward them to Erin Rian for inclusion in the eNews Blast.
In this week's edition of the RISC eNews Blast:
DATA SECURITY & CYBER RISK
Apple iPhone fingerprint sensor hacked by German's Chaos Computer Club (The Guardian, 9/23/2013): A German hacking team says that it has broken the protection around Apple’s fingerprint sensor on its new iPhone 5S. They claim to have taken the fingerprint of a user from a glass surface and created a fake fingerprint that could be used to access the phone. The hacking team has taken the position in the past that fingerprint biometrics are not suitable for security. Although most small local governments are not likely to be adopting fingerprint biometrics in their own environments anytime soon, they may have employees who use an iPhone 5S on a BYOD basis. If so, it remains important for the government to have strong security in place for accessing its systems from a mobile device, and to consider requiring that confidential information on the phone be encrypted.
Negligence and Intent Equal Forces in Causing Cyber Breach (Property & Casualty 360, 9/20/2013): According to the Ponemon Institute, negligence is involved in 39% of cyber attacks, and criminal attacks are involved in 37%. Organizational preparedness activities may be paying off, however, as there was a 24% reduction in the cost of data breach to companies between 2010 and 2011. This report reinforces how important it is to train all employees who use the organization’s technology systems, including those that connect via their own technology.
Held Hostage: Cyber Extortion is One of the Fastest Growing Threats for Executives (Best’s Review, 9/2013, p. 78 ~ Note: This article is available by subscription only): Cyber extortion is becoming an increasingly feared threat. In cyber extortion, criminals threaten to release stolen confidential information, disable the target’s computer system, or take other malicious acts if they are not paid a demanded sum of money. In the local government setting, theft and exposure or sale of citizen and employee personal identifying information would be a particular concern. An interesting twist on cyber extortion is that experts say most extortionists do not actually have the information they claim to have. They just make threats to a wide audience, hoping that a few will make the demanded payment. For this reason, pools and their members should consider engaging a forensics firm to assess the legitimacy of the threat before making any payment. This Bests Review article is subscriber only content, so we cannot provide a link. Email Claire Reiss if you do not subscribe to Best's Review but are interested in more information.
Pools that are participating in Net Diligence have access to a panel of forensics providers through the eRisk Hub. Those that do not use Net Diligence can contact NLC-RISC for suggestions.
MEDICARE SECONDARY PAYER
Obtaining Final Medicare Secondary Payer Conditional Payment Amounts via Web Portal: Interim Final Rule with Comment Period (The Federal Register, 9/20/3013): The Department of Health and Human Services has issued an interim final rule specifying the process and timeline for expanding CMS’s existing Medicare Secondary Payer web portal to conform to the requirements of the SMART Act. The expansion of the system would allow those who have pending settlements, awards or other payments to access online detailed information about the claims upon which CMS’s conditional payment amount is based. At present, users can only access online the total CMS conditional payments claim. To enable access to the more confidential information, CMS will implement a security feature called multifactor authentication. CMS expects to develop this authentication system within 90 days of the effective date of the rule, which is November 19, 2013, and expects to implement the solution no later than January 1, 2016. Although the agency has concluded that a notice of proposed rulemaking with a public comment period is unnecessary for this rulemaking and is waiving it to avoid delay in implementing public access to the portal, the interim final rule identifies November 19, 2013 as the due date for any comments. See the Franco Signor Blog, below, for more information on available options.
CMS Proposes Interim Final Rule on SMART & Invites Public Comments – Please Do! (Franco Signor Blog, 9/20/2013): Franco Signor questions CMS’s actions in waiving the comment period for this rule, and does a point-by-point comparison of how the proposed interim rule fails to meet the requirements of the SMART Act. Franco Signor encourages the industry to file comments with the goal of causing CMS to back off on rushing through this rule. RISC is interested in knowing how many RISC members would be interested in participating in the comment process. If you are, please advise Claire Reiss at firstname.lastname@example.org.
PROPERTY & CASUALTY
Popular Bathroom Wipes Blamed for Sewer Clogs (ABC News, 9/23/2013): Pools whose members are experiencing more frequent or larger than expected sewer back-up claims or damage to sewage processing equipment may want to investigate whether “flushable” wipes are playing a role. The large marketing effort by the industry has resulted in an uptick in use that is contributing to blockages in some communities. Although many are labeled flushable, they may not be disintegrating as toilet tissue does. One consequence has been the need for sewer systems to install heavy-duty grinders.
One Wet Mess: Lawmakers, FEMA Howl Over Impending Flood Rate Hikes (Property Casualty 360, 9/19/2013): The tension between eliminating subsidization of flood insurance and ensuring that property owners can afford to buy it is erupting in the U.S. Senate. The Biggert-Waters Act of 2012 mandated an affordability study of the increased rate structure, but it is not likely to be completed until 2015. The rate increases are scheduled to begin October 1, 2013. There is discussion in the Senate about delaying, amending or repealing the Act altogether to address this problem.
Top 4 Tech Priorities: Commercial Insurers (Property Casualty 360, 9/17/2013): A study by the insurance research and advisory firm Novarica of commercial insurers’ investment in technology found that the four top priorities are business intelligence, core policy administration systems, core claims systems and agent portals.
Congress Expected to Act Late on 'Critical' TRIA Renewal (Property Casualty 360, 9/11/2013): A spokesperson for the Property and Casualty Insurers of America expects Congress to defer renewal of TRIA until the last moment, as it has for the past two renewals. TRIA is presently set to sunset on December 31, 2013.
Court: Facebook ‘Like’ Is Protected By the First Amendment (Wall Street Journal, 9/18/2013): The Fourth U.S. Circuit Court of Appeals has ruled that the act of “liking” something on Facebook is protected speech under the First Amendment. The ruling was made in the context of the termination of a deputy sheriff for “liking” his boss’ opponent’s Facebook page. The appeals court held that the act of “liking” was entitled to protection as speech, just as an affirmative statement would be protected.
More Facebook Issues: This Time, It's the Stored Communications Act (Mondaq, 9/18/2013): The federal Stored Communications Act may become a factor in an employer’s ability to use social media in making employment decisions. In a case before the U.S. District Court for the District of New Jersey, the court held that an employee’s private postings to her Facebook were protected private electronic communications under the SCA. The court held that the posting was protected because the employee used privacy settings that made her postings available only to her “friends”. However, the court went on to exempt the employer from liability as an “authorized user”, because the employee’s co-worker, one of her Facebook “friends”, forwarded screen shots of the posting to the employer without being asked to do so. Useful takeaways from the framing of this decision are:
• An employer is likely protected as an authorized user only if it hasn’t coerced or pressured employees to monitor the postings of their co-worker “friends” on the employer’s behalf, and
• An employer may not be required to disregard a posting if its content is provided to them voluntarily by a “friend” of the employee.
Social media's impact on hiring, management and discipline: what every employer needs to know (Lexology, 9/2/2013): Employers should be careful in their utilization of social media in investigating potential employee backgrounds because an employer’s use of even publicly available social media to investigate job candidates can result in liability if the employer discovers protected class information and refuses to hire on that basis. The key to avoiding this potential liability is to limit as much as possible the employer’s knowledge of protected class information. Some approaches to avoiding acquisition of this information include:
• Isolating the social media investigation from the hiring person, using either internal or external sources to do the investigation using uniform criteria.
• Ensuring that the investigator looks for and records only pre-determined information, which does not include any protected class information.
• Retain all records about hiring, including computer print outs of social media sites reviewed (although these print outs should not be provided directly to the decision maker).
• Be sure that appropriate disclosures are made to the candidate about the investigation, and make Fair Credit Reporting Act disclosure if a credit reporting agency is used to conduct the background check.
Employers also have to use care when dealing with the social media activities of current employees. Some employers have been sanctioned by the National Labor Relations Board for drafting overly broad social media policies aimed at suppressing critical comments by employees. When drafting social media policies, employers should avoid overly broad language that could be construed as chilling employee rights to engage in concerted activities under Section 7 of the National Labor Relations Act. Taking job action against an employee for social media postings should only occur after consulting with legal consel.
Predicting Who Will have Chronic Pain (Claims Journal, 9/18/2013): A National Institutes of Health funded study by researchers at the Northwestern University concludes that abnormalities in brain structure may predispose people to develop chronic pain after a low back injury. Researchers could predict with 85% accuracy the patients who would develop chronic pain based on an MRI of the brain. The senior author of the study concluded that vulnerable individuals should be treated early and aggressively with medication to prevent pain from becoming chronic. This study suggests the possibility that brain MRI’s and aggressive early treatment with pain medications could become a more common component of treatment for non-brain related injuries. It does not address how current rampant addiction problems would be affected by this strategy.
The Great Recession’s Effect on Workers’ Comp Claims Frequency: NCCI (Claims Journal, 9/18/2013): The National Council on Compensation Insurance has published a report concluding that the recession of 2007-2009 influenced workers’ compensation claims frequency. Until 2010, claims frequency had been declining at an average rate of more than 4% per year since 1990. In 2010, claims frequency increased by 3.8%. Claims frequency declined modestly in 2011 and lost time frequency declined by 5% in 2012. Despite the 2012 decline in frequency, the average cost per lost time claim increased by 1% for indemnity and 3% for medical.
2013 NLC-RISC Staff Conference - Registration Deadline September 30th! (October 21-23, 2013 at The Nines in Portland, Oregon): The NLC-RISC Staff Conference Provides staff of state municipal league-sponsored risk pools with the opportunity to learn about trends, programs, services and best practices in a variety of coverage lines and functional areas, and offers a great opportunity to network with pool staff from across the country ~ all in a non-competitive, collaborative environment! A preliminary agenda and online conference registration, as well as hotel reservations can all be found on the 2013 NLC-RISC Staff Conference Event Page. Contact Erin Rian with questions or concerns.
Southern Municipal Conference IT Conference (October 16-18, 2013 in Columbia, South Carolina): The Southern Municipal Conference has sponsored the SMC IT meeting for 11 years. The group meets twice each year to share the IT experiences of each league and/or Risk pool. Presentations by IT experts on the latest hardware and software help keep the participants up to date on the cutting edge of technology. Registration for the SMC IT Group meeting is open to all State Municipal Leagues and League Risk Pools.