Participate in the PRIMA/PERI Needs Survey
NLC-RISC is working with PRIMA/PERI and other risk management organizations on a study to determine public sector risk management needs. The study objectives are to:
- Identify individual risk managers’ information and skills gaps
- Help risk managers perform effectively in an organizational setting
- Address the broader needs of organizations to integrate risk management within organizational culture
- Help the risk management community elevate its status within the public sector and within society more generally
The target groups for this survey are:
- Public entity staff (risk professionals and other staff with risk management responsibilities including the city attorney and the city manager)
- Public entity elected and appointed officials
- Risk pool staff
- Staff of risk management associations
- Public entity service providers
We encourage you to use this link to complete the Public Risk Management Needs Survey. PRIMA/PERI also welcomes the participation of your individual members, and you are welcome to forward the link to them and to others within the target group as you deem appropriate. The survey will take approximately 15 minutes to complete. Responses are due no later than August 1, 2014. An executive summary report of the results obtained from pools belonging to NLC-RISC and members of these pools will be shared with NLC-RISC, and RISC will share those results with member pools. Individual responses will remain confidential and will not be shared by the research team.
The survey is funded by Public Entity Risk Institute (PERI), an independent thought leader and resource for public risk management. PERI is working in cooperation with its partner organization, the Public Risk Management Association. Significant funding is available from PERI to support new programs that will be identified through this survey. Staffing for this research project is provided by the University of California, Office of Risk Services (UC), and Bickmore.
Questions about the survey may be directed to the research consultants--University of California and Bickmore—by contacting Erike Young (email@example.com) or Lisanne Sison (firstname.lastname@example.org). If you want to discuss the survey with a RISC representative, contact Claire Reiss, email@example.com, or 202-626-3165.
2014 NLC-RISC Staff Conference Update
Hotel reservations and conference registrations are now being accepted for the NLC-RISC Staff Conference. A preliminary schedule of events is also available. A detailed agenda will be available soon. Access conference information on the event page here.
Healthcare Reform Update
Arthur J. Gallagher & Co., 6/25/2014
As mentioned in the last edition of the RISC eNews, NLC-RISC member pools now have access to Healthcare Reform information and resources through Arthur J. Gallagher & Co., including their Healthcare Reform Update newsletter. The following articles are included in the latest edition of the newsletter:
- Agencies Finalize Rules that Define How an Orientation Period Works with the 90-day Waiting Period
- HHS Finalizes Several SHOP Regulations
- Challenges to the Contraceptive Mandate Continue to Divide the Federal Courts
- Final Rules on Fixed Indemnity Plans as Excepted Benefits
- Clarifications to Marketplace Rule son Payment of Premiums and Special Enrollment Periods
- Expedited Process for Non-Formulary Drug Requests Required for the 2015 Plan Year
If you would like to receive the newsletter directly, please contact Yvonne Johnson, Area Vice President, Public Sector, Arthur J. Gallagher & Co. At your discretion, you may also share this information with your members. Additional resources can be found here.
Data Breach & Cyber Security
Health Data Breach Victims Have Standing to Sue Says West Virginia Supreme Court
National Law Review, 6/3/2014
The West Virginia Supreme Court has ruled in a case involving the breach of health data that victims have the standing to sue even though there was no evidence that anyone accessed the mistakenly released information or that any of the victims suffered quantifiable economic loss. This is problematic because it chips away at the most frequently used defense in data breach cases: that there is no demonstrated harm in the absence of a demonstrated economic loss. Two distinguishing characteristics that may have contributed to this outcome were that the data involved was personal health information, and that West Virginia has a judicial history of allowing actions based on invasion of privacy without demonstrated economic harm. The court did note that that the mere risk of future identity theft is not sufficient to confer standing, but also said that the breach of patient-physician confidentiality and invasion of privacy is not speculative.
Civil Grand Jury scrutinizes county’s online security
The California, 6/21/2014
In a new twist on the impact of data breach and privacy issues on local government, a civil grand jury has issued a report finding that a California county’s inadequate data protection systems leave it at significant risk of civil litigation for data breach. A March 2013 data breach involving a 2008 computer hooked up to a California health database cost an estimated $87,000 and uncovered severe shortcomings in countywide data protection policies, according to the grand jury.
Looking Beyond the Breach: Recovery Analysis in Data Breach and Cyber Losses
Claims Journal, 6/10/2014
Given the size of many data breach losses, insurers need to look at opportunities for subrogation to recover some of their paid losses. In cyber losses, the questions at the heart of a subrogation claims are whose job it was to protect the data/network and whether another party’s or vendor’s failure to meet the standard of care made the system more vulnerable. Potential targets are the network maintenance company, the security vendor and the software or hardware provider. The investigation process includes, like other types of subrogation claims, evidence preservation, notice to potential defendants, retention of expert witnesses, identification of applicable standards, and contractual issues.
"Reasonable" Data Security: The FTC's Guideposts For Employers
The Federal Trade Commission is asserting its authority in the area of privacy for employee information. The FTC’s position is that employers must take “reasonable” data security measures to safeguard that information. What is “reasonable” is not entirely clear, and recent testimony by a highly placed official sidestepped the issue and referred to FTC consent orders, guidance brochures and other statements for guidance. The article contains a summary of practices that have been determined to be unreasonable in documents released by the FTC.
This article provides a summary of some of the practices the FTC has identified as unreasonable in those documents. They fall into the categories of access control, data minimization, training, vendor management, document destruction and network safeguards. Additional detail is included about specific practices in each of these categories. Pools may find this “checklist” to be useful in evaluating the reasonableness of data privacy actions in multiple settings.
As Firms Ratchet Up IT Security, Data Breaches Remain Unstoppable
Carrier Management, 6/9/2014
No matter the expenditure, data breaches are impossible to stop 100% of the time. Increasingly it appears that the best approach is to hold only personal identifying information data that is necessary, and to encrypt the data that is held. Most pool members will not be financially able to retain highly skilled IT professionals to secure their networks, and even if they do those efforts may be unsuccessful. Pools may want to continue conveying to their members the message that firewalls and virus protection do not solve the problem, and that education of employees about safe computing and encryption of data are two important strategies.
Public entities with outdated computer systems are prime target for hackers
Business Insurance, 6/8/2014
Verizon Communications reports that public entities were the number 1 target of hackers in 2013, and were ranked number 2 in losses of data. Legacy systems with inadequate support and a wealth of personal information are two factors that make public entities rich targets.
Everyone’s Nightmare: Privacy and Data Breach Risks
Edwards Wildman, 5/2014
Edwards Wildman has published this new and updated version of its extensive resource on data privacy and breaches. This resource thoroughly discusses:
- The types of information and practices at risk
- The U.S. and international regulatory and statutory landscape
- The exposures presented by data breaches
- Insurance company exposures
- Privacy litigation in the U.S.
- Mitigation of exposures
The complete 174 page manual is available for free download. The insurance company exposures section reviews both exposure of insurance company to breach of their own data, and their exposure under different types of coverage to claims arising from data breaches.
ACA Driving Interest in Benefits Integration
Risk & Insurance, 6/6/2014
Large employers are beginning to integrate their data on workers’ compensation and wellness, as wellness programs are being challenged to prove their effectiveness, worker’s compensation costs are increasingly being driven by wellness-related issues such as obesity, and the Affordable Care Act is pushing employers to evaluate their total employee health care expenditures. One question to consider is whether this could be the dawn of a new effort to merge workers’ compensation and employee benefits into a 24x7 coverage.
Legislation Would Greatly Expand Number Of Employees Subject To Overtime
The Restoring Overtime Pay for Working Americans Act, S. 2486, would do the following:
- After a three-year phase in, the salary thresholds that trigger the overtime exemption for executive, administrative and professional employees would be $56,680 per year, up from $23,660, and would be indexed to inflation thereafter.
- The minimum annual salary that exempts highly compensated employees from overtime eligibility would be increased to $125,000 from $100,000, and would be indexed to inflation thereafter.
- An employee will be covered by overtime unless he or she spends more than 50% of the work hours performing exempt duties, such as supervision.
- Employers will be subject to penalties for failure to keep required records.
The bill was introduced by the Chair of the Senate Committee on Health, Education, Labor and Pensions, Senator Tom Harkin of Iowa.
What Came First — Management Discipline or the Employee Complaint?
Even well-deserved disciplinary actions become more complicated if the employee files a pre-emptive harassment or discrimination claim, raises an issue about workplace safety, or engages in other protected activities. Proceeding with the disciplinary action risks a claim for retaliation, even if the pattern of conduct for which discipline is imposed has been previously documented. To reduce the risk that an employee will file a pre-emptive complaint, document the decision to discipline and send it to human resources before communicating it to the employee. When faced with the need to discipline an employee who has filed a complaint, consider the following:
- Have all employees with the same performance issues as the complaining employee been treated the same way?
- Did the employee violate established policies or practices?
- Were the employee’s performance issues documented before the protected activity?
- Would an outsider see the planned disciplinary action as the next logical step?
If all the answers to these questions are clearly yes, the chances for a successful outcome are improved.
New Parade Safety Guide
The National League of Cities, the National Association of Counties and the International City/County Management Association worked together to create a parade safety guide for municipal governments, The Top 12 Things to Include in Parade Safety Plans, which is accessible from a link on this page.
Decoding Data: EDRs in Auto Claims Investigation
Property Casualty 360, 1/27/2014
The data stored in automobile Event Data Recorders (EDRs) is increasingly being used to make more accurate liability determinations. Tools are being developed to help insurers retrieve data from the EDR and analyze it to help determine the cause of the accident. EDRs were initially developed by the auto manufacturers as potential defense tools in products liability cases. They store several seconds of data surrounding a crash. Several major insurers are looking at this use and considering issues such as standardization, cost of equipment and training, value as evidence, and to whom the data would be accessible.
Property & Casualty
1990s Soft Market Redux? Not Quite, But Global Re Outlook Negative, Says Moody’s
Carrier Management, 6/18/2014
Moody’s has changed its outlook for the global reinsurance market from stable to negative for the next 12 to 18 months, based on similarities it sees with the market in the late 1990’s. It identifies two important differences from that market: lower demand for reinsurance due to buyers’ greater incentive to improve capital efficiency, and low interest rates. Low interest rates are attracting nontraditional capital to the catastrophe arena, which is creating an oversupply of capacity and driving down prices to points where reinsurers have difficulty earning their cost of capital. Moody’s notes that catastrophe insurance can consume up to 50% of underwriting capital even if it contributes only 10-20% of premiums. Shrinkage of an insurer's catastrophe reinsurance book of business may force it to redeploy or return significant capital. Those best positioned to cope are those with both insurance and reinsurance operations and with solid and diversified relationships with clients.
High Risk of Tornadoes in Southeast Than Midwest
Claims Journal 6/17/2014
Florida is the leading state for deaths from tornadoes, due to its concentration of higher risk structures such as mobile homes, vulnerable populations such as the elderly, and a tendency for tornadoes to arise at night and be less visible. Also more vulnerable than the Midwest are other southern states: Arkansas, Louisiana, Alabama, Mississippi, Georgia, Tennessee, Kentucky and western parts of the Carolinas.
How New Capital is Changing P/C Industry and What To Do About It
Insurance Journal, 6/17/2014
The alternative capital threatening traditional reinsurance markets may also cause problems in other property/casualty markets. At a Casualty Actuary Society meeting, speakers differed on exact approaches, but recognized the need to look for new opportunities in the changed ecosystem. The panelists also discussed that the industry has benefited from low inflation, which has enabled it to improve earnings by releasing unnecessary reserves from earlier years. If inflation increases, the low interest rate now built into reserves may lead to reserve inadequacy, increased volatility in profits, and rapid price increases.
6 Commercial-Lines Coverages and Where Rates Are Heading
Property Casualty 360, 6/13/2014
Moody’s reports that rate increases are expected in commercial lines in 2014, but at a lower pace than in 2013. Moody’s analysis of trends in workers’ comp, CGL, professional/special liability, commercial auto and property, and multiple peril are analyzed.
Five Megatrends that Will Revolutionize Insurance
Property Casualty 360, 6/11/2014
PwC has identified five megatrends that it says will affect everyone:
- Technological breakthroughs
- Climate change and resource scarcity
- Demographic shifts
- Accelerating urbanization
- Shifts in global economic power
Although pools do not operate on a global scale, some of these trends can affect pooling business.
- The development of technology is coming to pools both as a tool to help pools manage their business, and as a potential source of exposure when new technology is adopted by pool members.
- In addition to potentially increased insured losses due to climate change, communities may be faced with increased need for food, energy and water, and their solutions to these problems may produce consequences that affect their pools.
- Pool members may have to rapidly adapt their services to respond to changes in the demographics of their population, which may result in changes in the pool’s losses and a need for coverage to adapt to address new needs.
- The increased concentration of population in urban centers may reduce population in smaller communities and affect pools’ business models.
Creating Your Own Firewall
Property Casualty 360, 6/9/2014
A succinct summary of the steps to build a fire resistant buffer around property located in wildfire hazard areas, consisting of four zones with different types of plants and fire resistant roofing and siding. This would be a useful newsletter link for pools with members located in the wildland-urban interface.
Divided House Committee Advances Controversial 5-Year TRIA Extension
Insurance Journal, 6/20/2014
The House Financial Services Committee, divided along party lines, voted to report to the full House H.R. 4871, introduced on June 17, which would extend TRIA for five years; increase the insurer co-pay to 20%; bifurcate the program for nuclear, biological, chemical and radiological attacks; and increase the trigger from $100 million to $500 million. There is concern that the high trigger will drive small and medium sized carriers out of the terrorism insurance market, increasing concentration of risk and reducing competition. The House FSC leadership is looking for floor action before the July 4 recess, in order to set the stage for passage of a TRIA extension before Congress recesses in August.
5 Crucial TRIA Questions and Experts' Responses
Property Casualty 360, 6/13/2014
The questions and responses primarily seek to correct the misunderstanding that there is a large fund of money that has been collected and is being maintained to respond specifically to TRIA covered losses.
Rep. Neugebauer to NU: Transition Terrorism Risk to Where it Belongs -- Private Sector
Property Casualty 360, 6/12/2014
Rep. Randy Neugebauer, R-Texas, chairman of the Financial Services panel's Housing and Insurance Subcommittee and sponsor of H.R. 4871, says “TRIA was meant to be a temporary program. We are transitioning the program in order to transfer risk where it belongs—to the private sector; to the professionals in the insurance industry.” Neugebauer says these professionals “are getting compensated for taking that risk; the taxpayers are not,” and wants H.R. 4871 to be ready to bring to the Senate by mid July.
Stakes for P/C Insurers ‘High’ If Congress Shifts TRIA Burden: Moody’s
Insurance Journal, 6/11/2014
A new report by Moody’s says that a significant reduction in the protection offered by TRIA as part of the reauthorization process could result in reduced availability, increased cost and potential unavailability of insurance.
WCRI Identifies New Predictors of Worker Outcomes
Claims Journal, 6/19/2014
The Workers’ Compensation Research Institute has completed eight new state specific studies that identify predictors of outcomes in workers’ compensation injuries. The predictors identified included:
- Mistrust by the employee, specifically concern about being fired as a result of the injury, was associated with a four week increase in the average duration of disability
- The existence of the following comorbid medical conditions was associated with a higher rate of not working at the time WCRI interviewed the worker:
- Hypertension – 3% increase
- Heart problems – 8% increase
- Diabetes – 4% increase
The states studied were Indiana, Massachusetts, Michigan, Minnesota, North Carolina, Pennsylvania, Virginia and Wisconsin.
New Mexico Appeals Court holds medical marijuana covered under state Workers’ Comp law
LawProfessors Blog, 5/21/2014
The New Mexico Court of Appeals has upheld an order requiring an employer and its insurance company to pay for an injured employee’s medical marijuana, the use of which is legal under New Mexico law. The court determined that the Workers’ Compensation Act requires reimbursement for legal medical marijuana use by workers’ compensation claimants. The court rejected the argument that requiring the employer to pay for medical marijuana treatment would force it to violate federal law, because the employer did not cite any federal statute it would be violating, and the court declined to search for such a statute. The court also rejected an argument that the payment would violate federal policy under the Controlled Substances Act, because the Department of Justice appears to be deferring to the state and local authorities on compassionate use and some other issues.
A petition for writ of certiorari was filed with the New Mexico Supreme Court on June 13, 2014 and is currently pending according to the Supreme Court website. The decision may not be a strong precedent if the ruling indeed resulted from the employer’s lawyer failing to adequately identify a federal law the employer would violate by paying for medical marijuana. It is worth watching how it progresses, however, as pools in states that allow the use of medical marijuana will have similar concerns as the insurer for the employer in this case. A link to the full decision is included in the article.
Other Topics of Interest
With cellphone search ruling, Supreme Court draws a stark line between digital and physical searches
Washington Post, 6/25/2014
The US Supreme Court has ruled unanimously that, in most cases, police will need to get a search warrant before searching an arrested person’s smart phone. The privacy ramifications of this decision may well extend beyond the bounds of police searches of suspects, due to the unanimous ruling and the broad view taken by the Court of the intimate connection of smart phone with individual privacy.
When Drones Fall From the Sky
Washington Post, 6/20/2014
The Washington Post has analyzed accident records for military drones and concludes that fundamental safety hazards remain. Those include a limited ability to detect and avoid trouble, pilot error, persistent mechanical defects and unreliable communications links. Among the 418 major drone crashes identified around the world between September 2001 and now were 194 Class A accidents that destroyed the craft or caused at least $2 million in damage. Almost 25% of those occurred in the U.S. One incident, in Afghanistan, illustrates the potential for catastrophe. A 375 pound drone struck an aircraft on approach to a U.S. military base. With even local law enforcement agencies anticipated to begin using drones in the next few years, pools may want to consider whether and how their coverage would respond in the event of an accident, what adjustments they may want to make in their coverage language, and what type of loss control efforts they may want to mount if they will have exposure.
This is part of a three part series on drones in the Washington Post. Another segment, Close Encounters on Rise as Small Drones Gain in Popularity, is available here, and describes near misses between drones and aircraft in the US.
Sovaldi, a new pill for hepatitis C, cures the liver-wasting disease; but it’s costly
The cost of a new drug, Sovaldi, which is believed to be highly effective at curing hepatitis C, is leading some health care cost payers to consider limitations on its availability to those they cover. Research commissioned by the Associated Press found that the discount price paid by private payers was about $1,037 per pill, with a median cost in the U.S. of $97,000 for a 12 week course of treatment. It is available in other parts of the world for significantly less. Alternative therapies are also costly. The lowest cost drug is Victrelis, which has a lower cure rate and a median cost per course of treatment of $48,000. Incivek and Olisio have median costs of $89,000. Opinions differ as to whether Sovaldi is worth the additional cost. It has been rated as a “low value” drug by the California Technology Assessment Forum, but is recommended for primary treatment by the Infectious Diseases Society of America and the American Association for the Study of Liver diseases. Pools that offer health coverage may want to evaluate their position on Sovaldi. Pools that offer workers’ compensation coverage should look for any efforts in their states to adopt a first responder presumption statute for hepatitis C. The combination of Sovaldi as the drug of choice with a presumption statute could increase a pool’s workers’ compensation costs substantially.
GPS Tracking Case Has Left Unsettled Questions
National Public Radio, 6/16/2014
Police and lower court judges are still struggling with the ramifications of a 2012 U.S. Supreme Court decision, which held that police erred when they used a GPS device to track a suspect’s vehicle without a valid warrant. That decision produced three separate opinions, which agreed that the use of the device was a search under the Fourth Amendment, but stopped short of saying that a warrant would always be required. In an era of rapidly evolving technology and more slowly evolving law, pools may want to consider whether members whose police routinely use technology for surveillance without a warrant might face constitutional or other litigation for those practices.
Report Identifies Barriers to Successful Incorporation of Increasingly Autonomous Unmanned Aircraft in the Nation’s Aviation System, Outlines Research Priorities to Overcome Hurdles
National Academies, 6/5/2014
The National Research Council reports that the U.S. aviation system is not prepared to integrate civilian drones into the existing system of piloted planes. The report recommends the development of a national research agenda that would address the technological barriers to safety and reliability, the regulation and certification systems required to address these new systems, and social barriers such as privacy and legal issues. The concerns described in the summary are worth consideration by any pool that has members planning to use unmanned aircraft in their governmental functions. A link to the full report is provided in the summary.