Concerned About Losing Your Marketplace Plan? ACA Repeal May Take Awhile

Worried about your healthcare plan? Check out this interesting article from Kaiser Health News, by Michelle Andrews

President-elect Donald Trump has promised that he’ll ask Congress to repeal the Affordable Care Act on Day One of his administration. If you’re shopping for coverage on the health insurance marketplace, should you even bother signing up? If everything’s going to change shortly after your new coverage starts in January anyway, what’s the point?

While it’s impossible to know exactly what changes are coming to the individual market and how soon they’ll arrive, one thing is virtually certain: Nothing will happen immediately. Here are answers to questions you may have.

Q. How soon after Trump takes office could my marketplace coverage change?

It’s unlikely that much, if anything, will change in 2017.

“It’s a complex process to alter a law as complicated as the ACA,” said Sara Rosenbaum, a professor of health law and policy at George Washington University. It seems unlikely that congressional Republicans could force through a repeal of the law since Democrats have enough votes to sustain a filibuster blocking that move. So Congress might opt to use a budget procedure, called “reconciliation,” that allows revenue-related changes, such as eliminating the premium tax credits,  with simple majority votes. Yet even that process could take months.

And it wouldn’t address the other parts of the health law that reformed the insurance market, such as the prohibition on denying people coverage if they’re sick. How some of those provisions of the law will be affected is still quite unclear.

“It will likely be January 2019 before any new program would be completely in place,” said Robert Laszewski, a health care industry consultant and long-time critic of the law.

The current open enrollment period runs through January 2017. Shop for a plan, use it and don’t focus on what Congress may do several months from now, Rosenbaum advised.

Q. Will my subsidy end next year if the new administration repeals or changes the health law?

Probably not. Mike Pence, the vice president-elect, said on the campaign trail that any changes will allow time for consumers receiving premium subsidies to adjust.

Timothy Jost, an emeritus professor at Washington and Lee University School of Law in Virginia who is an expert on the health law, also predicts a reasonable transition period.

Congress and the new administration are “not eager to have a bunch of angry, uninsured voters,” Jost said.

Theoretical conversations about changing the health law are one thing, but “I think that Congress may be less willing to just wipe the subsidies out if a lot of people are using them,” Rosenbaum said. More than 9 million people receive subsidies on the marketplace, according to the federal Department of Health and Human Services.

Q. Can my insurer drop out once the new administration takes over, even if the law hasn’t been repealed?

No, insurers are generally locked in contractually for 2017, according to experts. But 2018 could be a whole different story, said Laszewski.

Many insurers are already losing money on their marketplace offerings. If they know that the health insurance marketplaces are being eliminated and replaced by something else in 2019, why would they stick with a sinking ship?

“The Trump administration could be left with a situation where Obamacare is still alive, the subsidies are still alive, but not the insurers,” said Laszewski. To prevent that, the Trump administration might have to subsidize insurers’ losses during a 2018 transition year, he said.

Q. My state expanded Medicaid to adults with incomes up to 138 percent of the federal poverty level (about $16,000). Is that going to end if Obamacare is repealed?

It may. Trump has advocated giving block grants to finance the entire Medicaid program on the theory that it provides an incentive for states to make their programs more cost-effective. But that strategy could threaten the coverage of millions of Americans if the block grants don’t keep pace with costs, Jost said.

So far, 31 states and the District of Columbia have expanded Medicaid under the health law. Republican governors in these states may play a key role in arguing against taking the expansion money away, Rosenbaum said.

Q. I have a heart condition. Does this mean I’m going to have a hard time finding coverage?

It’s possible. The health law prohibits insurers from turning people away because they’re sick and may be expensive to insure.

Republicans have generally promised to maintain that guaranteed insurability, but what that would look like is unclear. Some of their plans would require people to remain continuously insured in order to maintain that guarantee, said Laszewski.

“I would advise people who are sick to get good coverage now and hang onto it,” said Jost.

Q. Since Republicans have pledged to repeal the law, can I ignore the law’s requirement that I have health insurance?

The individual mandate, as it’s called, is one of the least popular elements of Obamacare. As long as it’s the law, you should follow it, experts said.

Insurers have argued that the requirement that they take all comers who apply for health insurance only works if there’s a coverage mandate or other mechanism that strongly encourages people to have insurance. Otherwise why would they bother unless they were sick?

For the past few years, Republicans have been pushing hard to eliminate the mandate, Laszewski noted.

“One of the easy things they could do is just not enforce it,” he said.

See the original article Here.

Source:

Andrews, M. (2016 November 10). Concerned about losing your marketplace plan? ACA repeal may take awhile [Web blog post]. Retrieved from address http://khn.org/news/concerned-about-losing-your-marketplace-plan-aca-repeal-may-take-awhile/


Ballot Measures Expand Marijuana Use in 8 States

Ballot measures to expand the use of marijuana passed in eight states last month, bringing the total number of states allowing some form of legalized marijuana use to 28, including the District of Columbia.

The following offers a brief summary of those ballot measures:

  •  Arkansas, Florida, Montana and North Dakota passed ballot measures that allowed or expanded the use of medicinal marijuana.
  • California, Maine, Massachusetts and Nevada passed ballot measures that legalized recreational marijuana use.
  • Voters in a ninth state, Arizona, rejected a ballot measure that would have legalized recreational marijuana use.

What remains unclear is what stance the Trump administration will take regarding enforcement of federal laws. Currently, marijuana remains illegal under federal law, and distributing marijuana is a federal offense. However, the Obama administration has been relaxed in its enforcement of federal marijuana laws.

Employers may want to review their employment policies regarding marijuana use, as well as consider local and state laws. For more information on what employers’ rights and responsibilities are regarding employee marijuana use, contact Hierl Insurance Inc. and ask for our Compliance Bulletin: Marijuana Use Legalized in 8 States

88 Percent of Employees Lack Knowledge to Prevent Cyber Incidents

According to a recent report, 88 percent of employees lack the understanding necessary to prevent common cyber incidents. That report is based on the results of a survey given to more than 1,000 employees across the Unites States, and was designed to test the level of knowledge and awareness of cyber security among employees by asking them to name proper behaviors in given circumstances. The survey covered eight risk domains and assigned three risk profiles—Risk, Novice and Hero—to indicate an employee’s privacy and security awareness IQ.

Key findings from the report include the following:

  • Only 12 percent of respondents earned a “Hero” profile, while 72 percent were given a “Novice” profile and 16 percent were given a “Risk” profile.
  •  Almost 40 percent of respondents disposed of a password hint using unsecure means.
  • About 25 percent of respondents failed to recognize a sample phishing email, even though it came from a questionable sender and included an attachment.

This report highlights one of the key vulnerabilities of any organization—employees’ lack of basic cyber security knowledge. Regardless of other hardware or network protections, employees can and will allow cyber criminals into an organization, often without even realizing it.

Fortunately, employee cyber training can help reduce this risk to your organization. For employee cyber training resources, contact Hierl Insurance Inc. today and ask about our Employee Cyber Training Manual.

BLS Reports Injuries and Illnesses Continue to Decrease

The latest numbers released by the U.S. Bureau of Labor Statistics (BLS) show that the rate of workplace injuries and illnesses are the lowest they’ve been in 13 years.

The BLS’s Survey of Occupational Injuries and Illnesses (SOII) showed that, in 2015, the rate for private industry workers was 3.0 recordable cases per 100 full-time equivalent workers—down from 3.2 in 2014. The rate for state and local government workers, conversely, increased slightly, from 5.0 in 2014 to 5.1 in 2015. Combined, the overall rate dropped from 3.4 in 2014 to 3.3 in 2015.

Despite an increasing population, the total number of cases dropped as well. The BLS estimates that there were 3.66 million injury and illness cases in 2015, down from 3.68 million in 2014.

The most notable outlier was in the public health care sector. For instance, public nursing home workers experienced an injury and illness rate of 12.6, while their private sector counterparts experienced a rate of 6.8.

Download original file Here


Why Care About Diabetes and What You Can Do as an Employer

Great article from our partner, United Benefit Advisors (UBA) by Mary Delaney

Diabetes is an expensive disease: $322 billion in America! Costs are compounded because diabetes is the leading cause of heart disease, stroke, kidney disease, lower limb amputation, and blindness, and also has connections with some cancers, arthritis, gum disease and Alzheimer’s disease. To add some perspective, consider these facts: Today, 3,835 Americans will be diagnosed with diabetes. Today, diabetes will cause 200 Americans to undergo an amputation, 136 to enter end-stage kidney disease treatment, and 1,795 to develop severe retinopathy that can lead to vision loss and blindness.

Nearly 30 million Americans have diabetes and 86 million have pre-diabetes. While Type 1 diabetes presents suddenly, Type 2 diabetes is known as a silent killer. One can have it for years before displaying symptoms but, during that time, damage is occurring throughout the body.  For that reason, prevention or early diagnosis of diabetes is imperative. In Vital Incite’s benchmark data of just under 12,000 individuals with A1c values who have not been diagnosed with diabetes, 8 percent of those individuals had A1c values greater than 7 percent. Those values indicate uncontrolled diabetes, but these individuals were not yet diagnosed. In order to reduce risk, and reduce disease burden, the goal is to control diabetes in its early stages so it does not progress. Yet, in examining the control of A1c values, we find that more than 39 percent of diabetics have A1c values that are not controlled.

ID with Diabetes and A1c Value

Using the appropriate resources to control diabetes is critical because, as risk increases, cost also jumps. More importantly, these individuals experience a significant reduction in their quality of life.

Diabetes costs increase with risk

According to Carol Dixon, Regional Director for Community Health Strategies at the American Diabetes Association Indiana, the American Diabetes Association offers many free resources to support you.

Wellness Lives Here℠ (wellnessliveshere.org): With year-round opportunities, Wellness Lives Here will help your organization educate and motivate employees to adopt healthful habits. For some, it means fewer sick days and higher productivity. For others, it means looking and feeling better. For everyone, the result is empowerment—Americans who are better able to control or prevent diabetes and related health problems.

Wellness Lives Here resources include:

  • Engagement with the local American Diabetes Association office for lunch and learns and health fairs
  • Stop Diabetes @Work – Handouts on many health topics that can be co-branded, monthly newsletter articles to communicate healthy lifestyle messages, and a multitude of resources to integrate health into the corporate culture
  • Mission Engagement Days – Specially designed, easy to use toolkits are provided, including Get Fit, Don’t Sit Day (May), and Healthy Lunch Day (November)
  • Health Champion Designation – This special recognition goes to organizations that inspire and encourage a culture of wellness.
  • The CEO Leadership Circle brings together invited executives for the opportunity to work jointly with the local Association office toward specific health goals and objectives for their company.

For more information on how the American Diabetes Association can support your wellness program, contact your local chapter or visit their website at diabetes.org. Read our recent blog on other cost-effective wellness strategies, particularly for small employers.

For additional trends among wellness programs, download In UBA’s new whitepaper: “Wellness Programs — Good for You & Good for Your Organization”.

To understand legal requirements for wellness programs, request UBA’s ACA Advisor, “Understanding Wellness Programs and Their Legal Requirements,” which reviews the five most critical questions that wellness program sponsors should ask and work through to determine the obligations of their wellness program under the ACA, HIPAA, ADA, GINA, and ERISA, as well as considerations for wellness programs that involve tobacco use in any way.

For the latest statistics from the UBA survey examining wellness program design among 19,557 health plans and 11,524 employers, pre-order UBA’s 2016 Health Plan Survey Executive Summary which will be available to the public in late September.

To see how one mid-sized manufacturer used risk scoring tools to identify medical spend waste and improve employee health, download this case study.

See the original article Here.

Source:

Delaney, M. (2016 September 27). Why care about diabetes and what you can do as an employer. [Web blog post]. Retrieved from address http://blog.ubabenefits.com/why-care-about-diabetes-and-what-you-can-do-as-an-employer


Safety Spotlight: Promoting Safety at Work

SAFETY ON THE JOB

Success depends on you

Safety in the workplace is something all employees should take seriously—your well-being is at stake. An on-the-job accident could very easily disable you, leaving security and future plans up in the air. A safety program isn’t only designed to keep you safe—taking responsibility on the job in keep your co-workers away from harm is important, too.

Together, you and your co-workers can support our company’s safety program by giving supervisors or safety leaders ideas on how things can be made safer. Any safety idea, no matter how small it may seem to you, could prevent a serious accident.

If you are a seasoned employee, you can use your years of valuable experience to spot potential safety hazards. Or, if you are a new employee, you may be able to spot something right away that an old pro may have overlooked. Never be afraid to speak up if you notice a safety hazard on the job.

In short, safety takes teamwork. Whatever your job is or whatever your duties include, keep your eyes open for hazards and report them. Help keep our safety program on solid ground!

BEGIN YOUR DAY SAFELY

Preparing your work area for the day

When you arrive at your work area, take a moment to prepare yourself to work safely.

Does your task require some type of personal protective equipment (PPE)? If you are on the shop floor, standard personal protective equipment is safety glasses with side shields and safety shoes with steel toes. Do you need to wear gloves? Face shields? Respirators? If any of these types of PPE are necessary, inspect them before putting them on to make sure they will provide the right protection throughout the job.

Look at the machine(s) you will be operating and look for some specific safety features. Are all machines safeguarded and are they working properly? Physical safeguards should be attached to the machine. Electric eyes should be tested to make sure they stop machine functions. Two-hand trip devices at the point of operation should be tested to make sure they work properly. Supplies should be in close proximity to the point of operation so you don’t have to do a lot of twisting or bending.

Think safe—work safe. It is a way to remember that you need to keep your head in the game. If you are thinking about safety, then you will work safely all day and will go home safe and sound.

See the original article Here.


News Brief: 500 Million User Accounts Hacked in Yahoo Breach

On Sept. 22, 2016, Yahoo Inc. confirmed that 500 million email accounts had been compromised in a 2014 hack—making it one of the largest cyber security breaches ever recorded. Personal information including names, email addresses, phone numbers, dates of birth, encrypted passwords, and unencrypted security questions and answers were stolen in the breach. Initial reports show no evidence that payment card or bank data was lost.

Yahoo, who discovered the breach while conducting an internal investigation, says the attack was done by a “state-sponsored” hacker, meaning that the cyber thief was likely acting on behalf of a government. Yahoo is working closely with the authorities, and affected users are being notified.

If You’ve Been Hacked

Anyone affected by the hack or who has not reviewed his or her Yahoo account since 2014 should change his or her password and security questions immediately. To further secure all of your online accounts, it’s important to do the following:

  1. Change your passwords. Oftentimes a company won’t be able to tell you that your information has been compromised until it’s too late. To protect yourself and your personal information, it’s important to change your password often. That way, even if you are hacked, your old password will be of no use to a cyber criminal.
  2. Avoid using the same password more than once. Using the same password across multiple accounts is common, but this is a dangerous practice. This is because if a hacker is able to get his or her hands on just one of your passwords, he or she can use it on other accounts, increasing the potential for lost information.
  3. Create complex passwords. Complicated passwords are harder to guess. As such, avoid common phrases, names or clichés. If possible, use a mixture of numbers, letters and special characters.
  4. Update security questions. As was the case with the Yahoo breach, security questions can be stolen by cyber criminals. Because of this, it’s important to update security questions often to avoid getting hacked.

To read Yahoo’s official press release on the hack and to learn more about what to do if you’ve been affected, click here.

Download the Full News Brief Here.


15 Warning Signs of Worker's Compensation Fraud

The WC (workers' compensation) insurance system is a no-fault method of paying workers for medical expenses and wage losses due to on-the-job injuries. While the majority of WC claims are truthful, the National Insurance Crime Bureau reports that billions of dollars of false claims are submitted each year. To help you detect possible WC fraud, experience shows a claim may be fraudulent if two or more of the following factors are present:

  1. Monday Morning: The alleged injury occurs either “first thing Monday morning,” or late on a Friday afternoon but not reported until Monday.
  2. Employment Change: The reported accident occurs immediately before or after a strike, a layoff, the end of a big project or at the conclusion of seasonal work.
  3. Job Termination: If an employee files a post-termination claim:
    - Was the alleged injury reported by the employee prior to termination?
    - Did the employee exhaust his/her unemployment benefits prior to claiming workers’ compensation benefits?
  4. History of Changes: The claimant has a history of frequently changing physicians, addresses and places of employment.
  5. Medical History: The employee has a pre-existing medical condition that is similar to the alleged work injury.
  6. No Witnesses: The accident has no witnesses, and the employee's own description does not logically support the cause of injury.
  7. Conflicting Descriptions: The employee's description of the accident conflicts with the medical history or First Report of Injury.
  8. History of Claims: The claimant has a history of numerous suspicious or litigated claims.
  9. Treatment is Refused: The claimant refuses a diagnostic procedure to confirm the nature or extent of an injury.
  10. Late Reporting: The employee delays reporting the claim without a reasonable explanation.
  11. Hard to Reach: You have difficulty contacting a claimant at home, when he/she is allegedly disabled.
  12. Moonlighting: Does the employee have another paying job or do volunteer work?
  13. Unusual Coincidence: There is an unusual coincidence between the employee’s alleged date of injury and his/her need for personal time off.
  14. Financial Problems: The employee has tried to borrow money from co-workers or the company, or requested pay advances.
  15. Hobbies: The employee has a hobby that could cause an injury similar to the alleged work injury.

Remember, these warning signs are simply indicators. If you are suspicious of a claim, alert your insurance carrier immediately.


Employer FAQs: Responding to the Anthem Breach

Originally posted February 10, 2015 by Joseph J. Lazzarotti of Jackson Lewis LLC, an United Benefit Advisors (UBA) Partner Firm on www.workplaceprivacyreport.com.

The first massive data breach of 2015 hit one of the country's largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note from Anthem's CEO, Joseph R. Swedish, and the Anthem Facts or FAQs seek to provide helpful information to the millions of individuals affected. These communications address what is known about the incident, describe the kinds of information compromised, warn affected persons about potential email attacks, and advise that there is more information coming.

But there is not much information at this point for employers that are plan sponsors of group health plans and other welfare plans serviced by Anthem either as an insurance issuer or a third party claims administrator (TPA). Below are some FAQs about the Anthem breach for affected employers.

Isn't this really Anthem's problem?

From a legal compliance standpoint, the answer largely depends on whether the plan is insured or self-funded. For example, as discussed below, in the case of a self-funded group health plan, the HIPAA breach notification rules place the obligation to notify affected persons on the covered entity (i.e., the plan, and practically the plan sponsor) and not on the business associate (i.e., the TPA). However, contract obligations in the business associate agreement (or administrative services only agreement) have to be considered. Finally, as a practical matter, because employees and other persons covered under the plan(s) will be concerned and have questions, employers will need to have a strategy for addressing those concerns.

Is the information involved subject to HIPAA; the Anthem FAQs say Anthem does not believe diagnosis or treatment information was compromised?

According to the Anthem FAQs:

... the member data accessed included names, dates of birth, member ID/social security numbers, addresses, phone numbers, email addresses and employment information...[but its] investigation to date indicates there was no diagnosis or treatment data exposed.

Many maintain the mistaken belief that, in the case of a group health plan, a covered person's name and Social Security number, alone, is not "protected health information" (PHI) under the privacy regulations issued under the Health Insurance Portability and Accountability Act (HIPAA). The absence of diagnosis or treatment data does not make information any less PHI. This is because the regulatory definition includes not only information about a person's physical or mental health condition, but also how care is paid for and provided. Thus, data elements that relate to the payment or provision of health care, such as address and email address, could constitute PHI even if not as sensitive as a covered person's diagnosis information.

What about the state breach notification laws, do they apply?

The Anthem breach involves personal information of individuals, such as names, member ID/Social Security numbers and other data, the kind of information protected by state breach notification laws, which currently exist in 47 states. Given the massive scale of the breach, it is likely that there are affected individuals residing in all 50 states and beyond.

Some of those state laws have exceptions when HIPAA or other federal regulations apply. Some do not. According to the Anthem FAQs, all product lines have been affected, not just health insurance (medical, dental and vision). This includes life, disability, workers' compensation and other policies and products which typically are not subject to HIPAA. Thus, regardless of the Anthem policy or product at issue, the applicable state laws will need to be considered to determine their application in this case.

Our plan is/was insured by Anthem, what should we be doing?

Under HIPAA, both the employer's group health plan under ERISA and the health insurance issuer that provides the insurance for that ERISA plan are covered entities under HIPAA. Covered entities have the primary breach notification obligations. Under state breach notification laws, the primary notification obligation generally falls on the entity that owns or licenses the data, not necessarily the entity that held the data at the time of the incident. However, in the case of a breach experienced by an insurer, and not the employer sponsoring the plan, the insurer generally is considered to be responsible for responding to the breach. Even if not entirely clear in the applicable statutes or regulations, this makes practical sense because the carrier is in control of the investigation and the facts, and usually is in the best position to work with law enforcement. Carriers can typically disseminate notifications more efficiently across the affected policies, as well as to federal and state agencies, and the media.

To date, Anthem appears to be taking the lead on the investigation and notifying affected persons. For example, its FAQs inform members that they can expect to "receive notice via mail which will advise them of the protections being offered to them as well as any next steps". Because this incident affects both HIPAA-covered and non-HIPAA plans, it is likely the notices will address the applicable HIPAA and state law requirements.

Still, there are some action items for affected employers to consider:

  • Stay informed. Closely follow the developments reported by Anthem, including coordinating with your benefits broker who might have additional information.
  • Consult with counsel. Experienced counsel can help employers properly identify their obligations and coordinate with Anthem as needed.
  • Communicate with employees. Be prepared to respond to employee questions -- consider providing a short summary of the incident to employees along with links to the Anthem materials and FAQs.
  • Evaluate vendors. Use this incident as a reason to examine more closely the data privacy and security practices of all third party vendors that handle the personal information of your employees and customers, including insurance companies. Of course, a data breach is generally not a reason, by itself, to switch vendors. With breaches of all sizes affecting many companies, there is no telling whether the grass will be greener. But making inquiries and pressing vendors to do more, including by contract, is a prudent course of action, and even required in some states.
  • Revisit your own data security compliance measures. Employers should take this as an opportunity to assess or reassess their own data security compliance measures. As many have noted, it is not just large companies that are vulnerable to these kinds of attacks.

Our plan is/was self-insured and Anthem was our TPA, what should we be doing?

In this case, whether the plan is a health plan covered by HIPAA or another employee welfare benefit, as TPA, Anthem maintains the personal information of covered persons on behalf of the employer. In that case, Anthem's legal obligations under HIPAA and state law, as applicable, generally require only that it notify the employer concerning the circumstances of the breach -- how it happened, the kind of information breach, who was affected, etc. Then it is up to the employer/covered entity to carry out an appropriate investigation, provide notice to affected persons and otherwise comply with the applicable federal and state laws. However, administrative service agreements and in the case of health plans, business associate agreements, may delegate some of these responsibilities to the TPA, as well as indemnification obligations. So, in addition to some of the steps listed above, employers have a number of things to consider and steps to take:

  • Determine if plans have been affected. Employers might soon be receiving communications from Anthem concerning whether their plans have been affected. They also may want to reach out to Anthem and inquire.
  • Act quickly. HIPAA and state breach notification laws generally require that notices be provided without unreasonable delay, as well as place outside limits on when such notices can be provided -- e.g., 60 days following discovery under HIPAA, and 30 days in Florida.
  • Examine the administrative services agreement and/or business associate agreement. For plans that have been affected, employers need to review the related agreements as they could place certain obligations either on the employer or Anthem. The agreements also could be silent, in which case the plan/employer likely has the obligations to notify participants, agencies and media.If Anthem is responsible for responding, employers should consider taking certain steps to ensure Anthem's reaction is compliant -- e.g., has it protected data from further attacks, completed the investigation, identified all affected persons, crafted content-compliant notifications (HIPAA and some state laws have specific content requirements), and notified the applicable federal and state agencies.

    If the employer retained the responsibility to respond, it should be taking steps immediately to determine what happened and coordinate with Anthem concerning the response. This includes some of the steps listed above. For instance, in the case of group health plans under HIPAA, employers will need to confirm with Anthem whether Anthem or the employer/group health plan will be notifying the Department of Health and Human Services. Also, employers that have developed a data breach response plan (a good idea for all employers) should review that plan and follow it.

    However, as a practical matter and regardless of what is in the services agreement, Anthem may decide to take the lead on the response, and not give employers much choice in shaping the communications made to persons covered under the plans.

  • Communicate with covered persons. If it turns out that the employer will be notifying plan participants, in addition to the notification letters referred to above, employers also need to be prepared to address participant questions about the incident. Designating certain individuals or outside vendors to handle these questions and creating a script of anticipated questions and answers would facilitate a consistent and controlled response.
  • Evaluate insurance protections. Some employers may have purchased "cyber" or "breach response" insurance which could cover some of the costs related to responding to the breach or defending litigation that may follow. Employers should review their policy(ies) with their brokers to understand the potential coverage and what steps, if any, they need to take to confirm coverage.
  • Document steps taken. Employers should document the steps they take to investigate and respond to the incident, particularly if it affects one of their group health plans covered by HIPAA.

Some employees have complained about our data security practices, how should we respond?

Take them seriously! Data security has been recognized at the federal, state and local levels as an important public policy concern, most recently by President Obama at the recent State of Union Address. Disciplining or taking adverse action against an employee who has raised these concerns could expose the employer to retaliation claims or violations of employee whistleblower protections.

 

For employers large and small, incidents like this can be a significant disruption to the workforce. To minimize that disruption, employers may want and need to communicate with their employees, and should do so confidently, but carefully. More information can be very helpful, but too much information and information that is repetitive can be confusing and frustrating for employees. Employers should involve key persons inside their organizations and possibly seek outside expertise and counsel to reach an appropriate balance in their response strategy and communications.

Download a copy of this article here.


'Smart' Seat Could Reduce Whiplash Injuries

Originally posted on August 25, 2014 on The Globe and Mall.

Researchers at the University of British Columbia (UBC) are working to create a car seat system that can mitigate the effect of whiplash enough to significantly reduce the risk of injury from low-speed rear-end collisions. In the United States, the Insurance Institute for Highway Safety (IIHS) estimates that more than $8.8-billion (U.S.) is paid out annually for whiplash injuries, accounting for 25% of the total spent for all crash injuries.

The economic and social strain caused by these soft tissue injuries was an impetus for Daniel Mang, a kinesiology student at UBC, to develop an active "smart seat" that responds to the pulse created during a collision, and automatically adapts and adjusts the seat on impact to lessen the effect on the head and neck. Mang says that the smart seat has more time to adjust (than an airbag), so it would rely on technology similar to the airbags to sense the collision and adapt the seat in response to accelerometers (that can estimate how much you weigh.)

To see the full article, go to:www.theglobeandmail.com/


Just Say 'No' to Co-Workers' Halloween Candy

Originally posted on  October 14, 2014 by Josh Cable on ehstoday.com.

Workplace leftovers might seem like one of the perks of the job. But when co-workers try to pawn off their Halloween candy on the rest of the department, it's more of a trick than a treat.

Those seemingly generous and thoughtful co-workers often are just trying to keep temptation out of their homes.

"Not only does candy play tricks on your waistline, but it also turns productive workers into zombies," says Emily Tuerk, M.D., adult internal medicine physician at the Loyola University Health System and assistant professor in the Department of Medicine at the Loyola University Chicago Stritch School of Medicine.

"A sugar high leads to a few minutes of initial alertness and provides a short burst of energy. But beware of the scary sugar crash. When the sugar high wears off, you'll feel tired, fatigued and hungry."

Tuerk offers a few tips to help you and others on your team avoid being haunted by leftover candy:

  • Make a pact with your co-workers to not bring in leftover candy.
  • Eat breakfast, so you don't come to work hungry.
  • Bring in alternative healthy snacks, such as low-fat yogurt, small low-fat cheese sticks, carrot sticks or cucumber slices. Vegetables are a great healthy snack. You can't overdose on vegetables.
  • Be festive without being unhealthy. Blackberries and cantaloupe are a fun way to celebrate with traditional orange and black fare without packing on the holiday pounds. Bring this to the office instead of candy as a creative and candy-free way to participate in the holiday fun.
  • If you must bring in candy, put it in an out-of-the-way location. Don't put it in people's faces so they mindlessly eat it. An Eastern Illinois University study found that office workers ate an average of nine Hershey's Kisses per week when the candy was conveniently placed on top of the desk, but only six Kisses when placed in a desk drawer and three Kisses when placed 2 feet from the desk.

And if you decide to surrender to temptation and have a treat, limit yourself to a small, bite-size piece, Tuerk adds. Moderation is key.


Knowing Your Cyber Risks

Originally posted October 20, 2014 on www. Travelers.com.

To better understand the unique risks facing companies today, Travelers recently launched the Travelers Business Risk Index, a survey of business leaders from organizations of all sizes and industries. With repeated news of data breaches arising in the media, it is no surprise that American businesses large and small agree that technology-related dangers are among their top risks.

The survey polled more than 1,100 business decision makers to better understand what they believe poses the gravest threat to their business. Many leaders reported the risks they identified as their biggest concerns are also the issues their businesses are least prepared to address.

In fact, more than half (53 percent) of business leaders cited computer, technology and data-related risks as a major concern, with a particular focus on computer viruses and hacking. The top four risks survey respondents reported keeping them up at night are:

  • Viruses infecting computer systems;
  •  Security breaches by a hacker
  • Unrecoverable loss of the stored data
  • Potential theft or loss of customer and client records.

With thoughtful planning, businesses can prepare for and often avoid these risks. Some quick and easy steps a business can take include:

  • Working with an independent agent to ensure all manageable exposures are covered.
  • Ensure that employees are exhibiting behaviors that limit cyber risks.
  • Utilizing resources such as Travelers.com/cyber to help understand and navigate the growing threat of cyber risks.

The amount of coverage a business or organization needs depends on its level of risk. Travelers understands the complexity of cyber threats and has solutions to help protect businesses of all sizes, across all industries. To learn more, talk to your independent agent or visit Travelers.com/cyber.