Congress Moves Forward With Flood Insurance Renewal and Reforms

The House of Representatives recently passed the 21st Century Flood Reform Act, a collection of seven bills that would reauthorize the National Flood Insurance Program (NFIP) until 2022 and establish a number of reforms. Many of the proposed changes focus on increasing the program’s financial viability, as the NFIP exceeded its borrowing limit of $30 billion during this year’s hurricane season.

Here are some of the key additions included in the recently passed bill:

  • Improved technology to help the Federal Emergency Management Agency (FEMA) map flood zones and set insurance premiums
  • Limits on annual premium increases and surcharges
  • Financial tools to help FEMA and the NFIP plan for their long-term needs
  • An option for businesses to opt out of flood insurance requirements after one year
  • Incentives for private flood insurance providers

According to the Congressional Budget Office, the proposed reforms would lead to $187 million in savings between 2018 and 2027. However, critics of the bill believe that the changes could increase the price of flood insurance in low-income areas.

 

Download December's Full P&C Profile


Are You Prepared for a Home Break-in?

While it may be difficult to imagine it happening to you, home break-ins are a common occurrence. If an intruder enters your home, your property and the well-being of your loved ones are at risk.

In order to protect your home and family from an intruder, consider doing the following:

  • Put an emergency plan in place and discuss it with everyone in your household.
  • Take any measure possible to let the intruder know someone is home and aware of his or her presence.
  • Do not assume the intruder is unarmed. He or she may be concealing a knife or gun and could produce it at a moment’s notice.
  • If you have something immediately available you can use for defense, grab it, even if it is just a scare tactic.
  • Remain vigilant. Take note of the intruder’s physical characteristics and provide the most accurate description possible to the police if he or she gets away.

In addition to the above, consider arming your home with a security system. A security system may seem expensive, but knowing your family and possessions are safe at all times may make it worth the cost.

 

Download Our December Insight PDF for More


Health Care Property & Casualty Profile - November / December 2017

In this November / December Health Care Profile, we will dive into digital innovation within hospitals, the financial benefit of easing doctor burnout, and how the federal government threaten three Massachusetts psychiatric hospitals. Read more below.


HOSPITALS WANT DIGITAL INNOVATION

A survey conducted by the American Hospital Association (AHA) and health innovation company AVIA found that 85 percent of health care leaders realize that digital innovation is a key factor in the long-term success of their health care organizations.

Survey respondents included executives and innovation officers from 317 health systems in 48 states. When asked to define innovation, almost 75 percent of survey respondents said that it involves collaborating with innovative organizations, and 42 percent said that they believe innovation includes testing and scaling externally developed digital solutions.

Christina Jack, the AHA’s senior director of entrepreneur strategy and innovation, stated that digital innovation could be hampered by the fact that it is dependent upon the competencies of a chief information officer. And, as a result, it isn’t woven into an organization’s operations.

Nonetheless, the health care leaders who participated in the survey were hopeful about the future and stated that, if done correctly, digital innovations could improve the patient and workplace experience for both physicians and staff, as well as improve safety and decrease costs.

According to the survey, areas where hospitals have already invested in digital innovation include operational efficiencies, primary care delivery and utilization, patient access and care transitions.

FEDS THREATEN 3 PSYCHIATRIC HOSPITALS

The federal government threatened ceasing Medicare payments to three Massachusetts psychiatric hospitals after safety lapses caused two mentally ill patients to forgo critical medication. One patient had a seizure and suffered a traumatic head injury as a result.

 

According to a letter dated Sept. 8 from the Centers for Medicare and Medicaid Services to the CEO of all three hospitals, conditions discovered on Aug. 28, 29 and 30 posed an immediate jeopardy to the health and safety of patients, limiting the hospitals’ capacity to render adequate care.

FINANCIAL BENEFIT OF EASING DOCTOR BURNOUT

According to a recent study published in JAMA’s Internal Medicine, addressing doctor burnout could save hospitals over $1 million per year.

The study looked at the cost of physician turnover as a whole and then used evidence to determine how many physicians leave their jobs because of burnout. It found that for an organization that employs 450 doctors, doctors who leave due to burnout cost the organization $2.5 million per year. If the same organization spent $1 million per year to lower the risk of burnout by 20 percent, it could save about $1.25 million each year.

Researchers said that the ways to decrease burnout involve understanding what causes it, such as a lack of work-life balance, heavy workloads, and a lack of flexibility and control.


5 Common Types of Construction Fraud to Avoid

Common Types of Construction Fraud

Fraud of all kinds is prevalent across every type of construction project. While cases of construction companies defrauding their clients are the most reported, it is the companies themselves that often lose money to fraud perpetrated by employees, contractors and partners.

To protect themselves, businesses should be aware of the following most common fraud schemes:

  1. Nonpayment of subcontractors and material suppliers done by delaying or falsifying lien waivers, or using project cash receipts to pay bills for other projects.
  2. Billing for unperformed work—often by exaggerating the units of production accomplished or the labour and equipment actually used.
  3. Subcontractor collusion, such as bid rigging and price fixing. It is important to prequalify and pre-approve contractors, provide the full scope of work to bid on, and then select the best-priced, most qualified and responsive subcontractor.
  4. Substituting or removing material, which can include doing things like installing low-grade materials that would require future repairs.
  5. Stealing tools or equipment from a worksite, often done by billing for equipment or tools for the job site that are then used for other subcontractor projects or personal use, or billing for unnecessary tools.

For further protection, it’s a good idea to implement a compliance and ethics program, set up an anonymous reporting system, properly define project scopes and ensure segregation of duties.

Prepare for OSHA’s First Injury Tracking Deadline

OSHA’s new Injury Tracking Application (ITA) was launched on Aug. 1, 2017, allowing establishments to start submitting their 2016 Form 300A. OSHA’s proposed compliance deadline is Dec. 1, 2017, leaving employers limited time to prepare.

The following establishments are subject to the rule and its subsequent reporting requirements:

  • Establishments with 250 or more employees
  • Establishments with 20-249 employees that operate in identified high-risk industries

In order to meet the Dec. 1 deadline, employers should familiarize themselves with the ITA. Employers in states that operate OSHA-approved state plans should consult with their OSHA state-plan administrator for any additional electronic reporting instructions.


Cyber Risks & Liabilities - November 2017

We live in a world centralized around cyber activity – so shouldn’t employers protect themselves from cyber risks? The answer: yes. This article will help employers be aware of the damage a breach in cyber security can cause and help them seek the best cyber insurance.


5 Cyber Risk Questions Every Board Should Ask

When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.

To help oversee their organization’s cyber risk management, boards should ask the following questions:

  1. Does the organization utilize technology to prevent data breaches? Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are current and effective.
  2. Does the organization have a comprehensive cyber security program that includes specific policies and procedures? Boards should ensure that cyber security programs align with industry standards and are audited on a regular basis to ensure effectiveness and internal compliance.
  3. Has the management team provided adequate employee training to ensure sensitive data is handled correctly? Boards can help oversee the process of making training programs that foster cyber awareness.
  4. Has management taken appropriate steps to reduce cyber risks when working with third parties? Boards should work with the company’s management team to create a third-party agreement that identifies how the vendor will protect sensitive data, whether the vendor will subcontract services and how it will inform the organization of compromised data.
  5. Has the organization conducted a thorough risk assessment and considered purchasing cyber liability insurance? Boards, alongside the company’s management team, should conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.

Key Considerations When Buying Cyber Insurance

Buying cyber insurance is not a one-size-fits-all process. To ensure your business has sufficient cyber coverage, it is critical to assess your needs and consider your specific risks. The following are some common elements of cyber insurance policies to consider when building optimal coverage for your business:

  • Limits and sublimits—Hierl Insurance Inc. can assist you in determining appropriate limits by utilizing industry benchmarking data and projected breach costs. From there, we can examine your sublimits, which don’t provide extra coverage, but set a maximum to cover a specific loss.
  • Retroactive coverage—Breaches can go undiscovered for years. For protection from unidentified cyber incidents, ask for a retroactive date that is earlier than the policy’s inception date.
  • Exclusions—Common cyber policy exclusions, such as outdated software, unencrypted mobile devices and penalties from credit issuers, can adversely impact coverage. Understand your policy exclusions before committing.
  • Panel provisions—Many insurance companies require policyholders to use preapproved investigators, consultants and legal professionals in the event of a cyber breach. If you have a preferred team of experts, make sure your preferred policy allows you to work with them before signing.
  • Consent provisions—Some cyber policies contain consent provisions that require obtaining the insurer’s consent before incurring certain expenses related to cyber claims. If prior consent provisions are included in the policy and cannot be removed, policyholders can change them to ensure that the carrier’s consent cannot be unreasonably withheld.
  • Vendor acts and omissions—Most organizations use third-party vendors to process or store a portion of their data. While they make it easier to do business, they also represent a potential exposure. It is critical that your business’s cyber liability policy covers claims that result from breaches caused by your vendors.

Cyber insurance is continually evolving alongside emerging cyber threats. Contact Hierl Insurance Inc. to help proactively assess your risks and ensure that your insurance coverage is in line with your specific business practices and exposures.

 

 

 

 

Yahoo Says All Accounts Were Hacked in 2013

Yahoo recently announced that, in contrast to an earlier estimate, all 3 billion of its accounts were hacked in 2013. The news could not only increase the legal exposure for Yahoo’s new owner Verizon Wireless, but also increase the number of class-action lawsuits expected in U.S. federal and state courts.

Recently obtained information shows that the stolen information did not include passwords in clear text, bank account information or card data. However, this information was protected with outdated encryption that experts said is easy to crack. It also included backup email addresses and security questions that could make it easier to break into other user accounts.

In late 2016, Yahoo made users change their passwords if they hadn’t since the hack, and invalidated old security questions and answers.

Equifax Cyber Security Incident

Equifax Inc. announced in September that about 143 million U.S. consumers may have been affected by one of the largest breaches in history.

Names, Social Security numbers, birthdates, addresses and driver’s license numbers were accessed by the intruders, according to a statement from Equifax. Credit card numbers for about 209,000 consumers were also accessed.

GDPR Compliance Deadline Approaching

The General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. Noncompliance could be costly for businesses—amounting to up to €20 million or 4 percent of global annual turnover, whichever is higher.

Companies that do business with customers in the EU must be able to show compliance by May 25, 2018. For more information on whether the GDPR affects your business, and how to comply, visit the website of the European Commission here.


Risk Insights: Donating to Disasters and Avoiding Scams

Hurricane Harvey is the strongest storm to make landfall in the United States since Hurricane Charley in 2004. News of the damage it has caused to southeastern Texas is prompting people to help in whatever ways they can. Unfortunately, there are dishonest people who prey upon people’s good intentions, creating fake charity campaigns to exploit victims and take advantage of those who want to help.

How to Avoid Scams

Despite the sense of urgency to help when disaster strikes, it is important to do some research before donating. Consider the following best practices to ensure that your resources go to a legitimate charity with experience in disaster relief:

  • Never wire money to someone who claims to be a charity. Legitimate charities do not ask for wire transfers. Once you wire the money, you’ll probably never get it back.
  • Be cautious about bloggers and social media posts that provide charity suggestions. Don’t assume that the person recommending the charity has fully researched the organization’s credibility.
  • Only donate through a charity’s official website, never through emails. Scammers have a knack for creating fake email accounts that seem legitimate.
  • Ensure that the charity explains on its website how your money will be used.

  • Be wary of charities that claim to give 100 percent of donations to victims. That is often a false claim, as well-structured organizations need to use some of their donations to cover administrative costs.
  • Never offer unnecessary personal information, such as your Social Security number or a copy of your driver’s license. However, it is common for legitimate charities to ask for your mailing address, and it is safe for you to provide it.

Despite the sense of urgency to help when disaster strikes, it is important to do some research before donating money. Don’t let dishonest people take advantage of your good intentions.

How to Choose a Charity

Even legitimate charities need to be considered with care. The Federal Trade Commission suggests avoiding new charities because, despite their legitimacy, they may not have the resources needed to get your money to its intended recipients.

Donors looking for a worthy charity can access an unbiased, objective list on a website called Charity Navigator. The site receives a Form 990 for all of its charities directly from the IRS, so it knows exactly how

the charities spend their money and use their donations. It also rates charities based on their location, tax status, length of operation, accountability, transparency and public support.

Gaining popularity for charitable donations is a crowdfunding website called GoFundMe, which allows people to raise money for a wide variety of circumstances. Despite its popularity, visitors to the site should be cautious about the campaigns to which they donate. Visitors can report suspicious campaigns directly to GoFundMe via its official website or to their state’s consumer protection hotline.

National Organizations

The following national organizations have long-standing reputations for providing disaster relief and accepting donations:

  • The American Red Cross provides shelter, food, emotional support and other necessities to people affected by disasters.
  • AmeriCares takes medicine and supplies to survivors.
  • Catholic Charities USA supports disaster response and recovery efforts that include direct assistance, rebuilding and health care services.
  • The Salvation Army provides shelter and emergency services to displaced individuals.

Remember that there are other ways to provide disaster relief that don’t involve monetary donations, especially if you live near the affected area. Local food banks and blood centers commonly ask for donations during relief efforts.

 

Sourced from – Zywave.com


Be Prepared: Workplace Violence

Be Prepared is committed to preventing violence in the workplace. In order to keep our workplace as safe as possible, please observe the following guidelines:

Identifying Your Risk

Workplace violence can include actions or words that endanger or harm you, and cause you to believe that you may be in danger, including the following:

  • Verbal or physical harassment
  • Verbal or physical threats
  • Assaults or other violence
  • Any other behavior that causes you to feel unsafe (bullying or sexual harassment)

Staying Safe

  • Participate in all safety training and apply the knowledge learned to your everyday job.
  • Learn, understand and comply with all company safety procedures and precautions.
  • Share any suggestions for making our workplace safer with your supervisor.
  • Report all violent incidents immediately and accurately, regardless of whether the violence is between an employee and a client or customer, or between multiple employees. Even if you are not involved, be sure to report incidents that you witness.
  • Call 911 immediately if the violent incident is serious. After help has arrived, be prepared to discuss what happened with both authorities and company officials.
  • Report behaviors such as threatening, bullying, stalking or harassing. If it is ongoing, it is helpful if you document each episode.
  • Let your supervisor know if you ever feel threatened or nervous, and would like additional security measures to be established.
  • Report any worrisome or distinguishable changes in a co-worker to a supervisor.
  • Remember, you will never be penalized for reporting violence, whether you are a victim or a witness. The company will observe complete confidentiality. Our concern is for the safety of all employees.


CenterStage...Creating a Safety Minded Workplace

“One of the best ways to promote a safe working environment is through safety meetings. They don’t have to be formal or lengthy, just be sure to make them mandatory and keep an attendance log. Additionally, ensure everyone knows that you are interested in their ideas so they will be active participants in working towards a goal of an injury free workplace.” -Cathleen Christenson

VP, Property & Casualty

Large companies often have safety departments and staff dedicated to managing safety practices and policing the proper accident-prevention procedures. They also usually have the capacity to hold much more formal meetings. On the other hand, small businesses, where most employees wear multiple hats in the company, have a much more shared responsibility when it comes to employee safety in the workplace. This shared responsibility requires employees to keep a watchful eye out for each other and report any potential dangers they see before accidents can happen.

Best Management Practices in Creating a Safety Minded Workplace

1. Make Safety a Top Priority

An employee safety plan may not be high on a small business’ list of priorities-- until something happens. As much commitment should be placed on safety and health as any other part of a business. An injured worker is an unproductive employee and can cost a business the services of a valued employee while they are out, as well as drive up insurance cost. Businesses can proactively help prevent accidents and control worker compensation costs by developing and implementing a safety program. Hierl works to provide guidance on the design and implementation of company safety programs.

2. Ensure All Employees are Involved in the Safety Effort

According to the Occupational Safety and Health Administration (OSHA), one of the most effective ways to develop a safety-minded culture is to involve employees in ongoing “Toolbox Talks.” These are brief,

informal meetings to allow employees to stay up-to-date on potential workplace hazards and safe workplace practices. These meetings can be as simple as discussing the company safety policy or can hone in on one specific topic, such as machinery use, tool handling, safety minded attitudes or anything that could provide knowledge about preventing accidents in the workplace.

3. Identify and Control Safety Hazards

Identify safety hazards in your workplace so you can best learn how to control and correct them. Learning the OSHA regulations that apply to your industry can be helpful here. Good employee safety strategies encompass many different topics depending on what industry the business is in. OSHA provides a comprehensive list of topics to address with employees. Consulting employees on what problems they have noticed can often be the most beneficial when it comes to narrowing down the most important topics to cover. A major safety topic that arises often is simple housekeeping procedures such as spills, loose cords, etc. Encouraging a “see something, say something” policy will allow employees to report the potential dangers they encounter in their daily work and act to prevent injuries or accidents before they can happen. The primary responsibility of the employees is to perform his or her duties in a safe manner to prevent injury to themselves and others.

4. Comply with Regulations

Safety practices differ across different kinds of companies. For instance, you wouldn't have your employees train to operate a forklift when they will never have to operate a forklift on the job. On the other hand, everyone can benefit from "Housekeeping" and "Substance Abuse" training sessions, with the goal of being an injury-free workplace at the forefront of everyone's mind.

Some positions may need to be OSHA certified as well. There are two types of OSHA certifications (OSHA 10-Hour and OSHA 30-Hour), with four industry specific categories (OSHA10 Hour General Industry, OSHA10 Hour Construction, OSHA30 Hour General Industry, and OSHA30 Hour Construction).

5. Continually Improve Your System

Review the strengths and weaknesses of your safety programs as there is always room for improvement. Healthy workers will support a work environment that fosters trust, creativity and general well-being. To access helpful talking points for supervisors, ask a Hierl representative about the complete line of Safety Matters flyers, including hand protection, safe lifting techniques, accident prevention, slips and falls, hazard communication, first aid basics and more.

To download the full article click Here.


Helping Your Employees Protect Against Identity Theft

Are you doing enough to help your employees protect themselves from identity theft? Make sure to take a look at this article by Irene Saccoccio from SHRM on what employers can do to protect their employees from identity theft.

Social Security is committed to securing today and tomorrow for you and your employees. Protecting your identity and information is important to us. Security is part of our name and we take that seriously.

Identity theft is when someone steals your personally identifiable information (PII) and pretends to be you. It happens to millions of Americans every year. Once identity thieves have your personal information they can open bank or credit card accounts, file taxes, or make new purchases in your name. You can help prevent identity theft by:

  • Securing your Social Security card and not carrying it in your wallet;
  • Not responding to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail, or online;
  • Shredding mail containing PII instead of throwing it in the trash; and
  • Reviewing your receipts. Promptly compare receipts with account statements. Watch for unauthorized transactions.

It is important that your employees take the necessary steps to protect their Social Security number. Usually, just knowing the number is enough, so it is important not to carry your Social Security card or other documents unless they are needed for a specific purpose. If someone asks for your employees’ number, they should ask why, how it will be used, and what will happen if they refuse. When hired, your employees should provide you with the correct Social Security number to ensure their records and tax information are accurate.

If your employees suspect someone else is using their Social Security number, they should visit IdentityTheft.gov to report identity theft and get a recovery plan. IdentityTheft.gov guides them through every step of the recovery process. It’s a one-stop resource managed by the Federal Trade Commission, the nation’s consumer protection agency. You can also call 1-877-IDTHEFT (1-877-438-4338); TTY 1-866-653-4261.

Your employee should also contact the Internal Revenue Service (IRS), and file an online complaint with the Internet Crime Complaint Center at www.ic3.gov.

Don’t let your employees fall victim to identity theft. Advise them to read our publication Identity Theft and Your Social Security Number or read our Frequently Asked Questions for more information. If you or an employee suspects that they’re a victim of identity theft, don’t wait, report it right away!

See the original article Here.

Source:

Saccoccio I. (2017 May ). Helping your employees protect against identity theft [Web blog post]. Retrieved from address https://blog.shrm.org/blog/helping-your-employees-protect-against-identity-theft


U.S Aftermath of WannaCry Ransomware Yet to be Seen

The WannaCry ransomware that has spread across 150 countries since Friday has appeared to slow down, but employees starting the workweek should be careful, as the effects in the United States are yet to be determined.

WannaCry locks users out of their computers by exploiting a vulnerability in outdated versions of Mircosoft Windows. It then demands money from users who want to regain control of their data. The ransomware initially requests around $300, and if no payment is made, threatens to double the amount after three days and delete files within seven days. Once it infects one computer, it can spread to every computer in that network within seconds.

According to Elliptic- a London startup that helps law enforcement agencies track criminals-around $50,000 worth of bitcoin payments have been made to the hackers as of Monday morning.

Countries Affected in First Few Hours of Cyber Attack

  • United States- Fedex
  • United Kingdom- The National Health Service
  • Russia- The Ministry of Internal Affairs
  • France- Renault
  • Spain- Telefonica
  • China- Universities and gas stations
  • Japan- Hitachi

Nobody knows who is behind the attack, but Europol is working on a decrypting tool. Many firms hired experts over the weekend to prevent new infections, which seems to have worked in Europe, so far.

After the initial discovery of the WannaCry ransomware, Mircosoft issued a warning to the U.S. government concerning its data-storing practices. Mircosoft claimed that the tool used in the WannaCry cyber attack was developed by the U.S. National Security Agency and was stolen by hackers. Microsoft released a Windows security update in March to tackle the problem exposed by the latest attack, but many users haven't run the update yet.

Precautions

Some experts recommend that you should not pay the ransomware if you've been hacked. Even if there is a way to determine if you've paid the ransom, there is no guarantee that the hackers will return the files to you unharmed, if returned at all. Experts also recommend you take the following precautions:

  • Update your network if you haven't yet.
  • Turn on auto-updaters, if available.
  • Don't click on links that you do not recognize.
  • Don't download files from people you don't know.
  • Back up your documents regularly.

Hierl Insurance Inc. will continue to monitor the situation. Contact us if you have any further questions regarding how you can avoid disruptive business interruptions from cyber attacks.