Is Integration the Answer to Compliance?
Addressing worker health has many parts – health care, wellness, disability management and workers’ comp. Managing them as a whole instead of discrete components can help reduce costs while improving outcomes, which is why more and more employers are moving toward an integrated approach to employee health and safety. But streamlining administration of these programs and making decisions that go across the board can also have the added benefit of tightening up regulatory compliance.
The Americans with Disabilities Act (ADA) – and amendments made in 2008 – present employers with a thorny trail to blaze. Especially after the implementation of the Affordable Care Act, employers are shouldering a greater responsibility for employees’ health and wellness, and rules imposed by the ADA can complicate matters as companies and organizations strive to improve worker health without overstepping boundaries.
The intersection of the ADA with other regulations like the Family and Medical Leave Act (FMLA) and the Pregnancy Discrimination Act (PDA) also creates gray areas for employers when it comes to deciding what benefits an injured or disabled employee is entitled to, if any. In a National Law Review article, labor and employment attorney Melvin Muskovitz called the intersection of ADA, FMLA and workers’ comp issues the “‘Bermuda Triangle’ of employee health-related statutes.”
Leave and benefits provided by workers’ compensation can overlap with what employees may be entitled to under the ADA and FMLA; carriers can benefit from more open communication with administrators of health plans and wellness and safety programs to ensure the right program responds to a request for accommodation or benefits.
One issue they all have in common is “the potential for claims of discrimination or retaliation,” Muskovitz wrote. “An employer must be sure the employee does not suffer any adverse employment action as a result of the leave of absence or condition necessitating the leave.”
“Integration is the only way to go with all these regulations coming at employers,” said Tamara Blow, principal consultant at TYB Global Business Consultants, LLC. “You need all the key players involved.” That includes human resources, safety managers, risk managers, and legal counsel, as well as the payroll department or others in charge of tracking attendance. With multiple perspectives weighing in on decisions, it should be easier to identify where clashes with different statutes could occur.
Take for example the case of Peggy Young, a female UPS delivery worker who sued the company in 2007. When Young became pregnant in 2006, her doctor ordered her not to lift more than 20 pounds; UPS delivery workers sometimes have to lift packages of up to 70 pounds. Young brought the doctor’s note to her supervisor and requested a temporary reassignment, which was denied because pregnancy is not covered under the ADA. She was placed on unpaid leave for the duration of her pregnancy.
Young, whose case is currently being heard by the Supreme Court, argued that UPS violated the PDA, which states that pregnant women must be treated the same, in terms of receipt of benefits, as “others not so affected but similar in their ability or inability to work.” In other words, if UPS provides accommodations for an injured worker with the same physical limitations as Young, she should also receive benefits even though she is not technically disabled.
Could an integrated approach have helped UPS avoid this regulatory tangle?
“Absolutely,” Blow said. “Any HR professional who’s worth their salt knows that the Pregnancy Discrimination Act would be the first to come into play with a pregnant employee.” A cross-functional team that included the legal department might have been able to anticipate potential violations.
“If their system was integrated, they would see that impairments that arise out of being pregnant would qualify as temporary disability covered under the ADA and FMLA,” she said.
For larger employers, though, there are structural hurdles blocking integration. Health care, disability management and workers’ comp tend be viewed as separate programs, so decision-making around them also remains separate.
“Workers’ comp is handled by risk management, which report up to either treasury or general counsel,” said Russell Johnston, casualty president for the Americas at AIG. “Disability benefits and medical tend to be human resources or the administration side. So within larger employers, in terms of their governance model, there are structural disconnects.”
Bringing everyone together from different departments is a time-consuming effort that can also be constrained by office politics, Blow said. “Some departments want to be in charge. They may bash heads over who wants to take this initiative, especially with senior management’s eyes on it.”
Another structural hurdle Johnston pointed to was the way in which companies access these products on the market.
“Larger employers access the workers’ comp market through agents and brokers,” he said. “On the benefits and medical side, agents and brokers tend to be very different from the P/C side. They tend to operate completely separately. And in some cases it’s provided directly by the medical providers to employers.”
For these reasons, smaller employers have an easier time implementing an integrated approach to employee health. “They don’t have the luxury of having large infrastructure, so decisions are made across the totality of their business,” Johnston said.
Despite the obstacles, larger companies can still benefit in the long run from a unified employee health front because of cost savings. However, Johnston believes it won’t necessarily ease compliance issues.
“I struggle to see where it will make a material impact on the compliance side,” he said. “But is there a compelling reason for employers to look at this and try to implement it? Absolutely.”
Social Media: A Double-Edged Sword
Something as simple as a hashtag can launch an event onto a national stage in a matter of hours. For companies and organizations harnessing social media as a business tool, that kind of attention can go both ways.
In Target’s massive cyber breach last year, customers unleashed their fury on Facebook and Twitter, at a pace too overwhelming for a corporate response to counter. The company has slashed its profit outlook for 2014 as it struggles to regain consumer trust.
Earlier this year, the New York Police Department started the hashtag #myNYPD, encouraging people to tweet friendly photos of themselves with officers. The marketing ploy backfired, however, when people shared photos of police brutality instead.
The pendulum can swing the other way, like the ALS Ice Bucket Challenge. The Facebook campaign prompting users to donate to the ALS Association — or record themselves dumping a bucket of ice water over their heads — raised more than $100 million and boosted awareness of the debilitating disease, according to the association.
While Facebook, Twitter and LinkedIn are the most common channels used by companies, more social media forums are emerging, and executives and risk managers must consider how to deal with the reputational and legal risks of those new channels while taking advantage of the communication breadth and speed of social media.
The top social media risks are brand reputation; disclosure of proprietary information; corporate identity theft; and legal, regulatory or compliance violations, according to a survey and report by audit and advisory firm Grant Thornton, “Social Media Risks and Rewards.”
Of the 111 executives surveyed, 38 percent said their companies use social media to raise brand awareness, while 27 percent use it for recruiting. Fifty-five percent said social media will be an important component of future corporate efforts.
However, only one-third had a defined social media policy, and only 36 percent provided social media training for employees.
“A number of companies are adopting social media policies,” said Melissa Krasnow, certified information privacy professional and corporate partner with Dorsey & Whitney LLP.
But the language within those policies must comply with state and national regulations. For example, states have different laws governing whether employers can demand log-in information for employees’ private accounts.
In addition, the National Labor Relations Board has been aggressive in scrutinizing employer social media policies that appear too restrictive of employees’ speech and the “right to come together to discuss work-related issues for the purpose of collective bargaining or other mutual aid or protection.”
University Risk Managers Share Concerns
Higher education risk managers converged on Louisville, Ky., this fall for the annual conference of the University Risk Management and Insurance Association, where several themes emerged as key areas of focus.
“ERM seemed to be the biggest theme, but there was a enough variety in the sessions to cover all the basics,” said Mark Logel, director, administrative services & risk management at the University of Evansville and a first-time conference attendee.
More than six in 10 (61 percent) survey respondents said they have not conducted an enterprise risk management process at their institution in the past two years, or don’t know if such work was done, according to data shown during one session, “Managing Risk Intelligently: A New Normal.”
And yet, nearly three-fourths (73 percent) said they are more focused on institutional risk now than five years ago, and 63 percent reported having more full board discussions about institutional risk.
Paradoxically, only 39 percent of respondents said they were getting enough information about their exposures, down from 43 percent in 2008.
However, according to Gary Langsdale, university risk officer at Pennsylvania State University (PSU) and a session speaker, these statistics are not as negative as they appear. Such conflicting opinions may demonstrate that institutions are growing more aware of the complex web of risks they face and therefore asking for more information, not necessarily receiving less.
“There’s an impetus for thinking more holistically about risk,” said Andre LeDuc, executive director, enterprise risk services at the University of Oregon. “It’s a continual struggle to promote a risk-aware culture.”
Such a culture needs to be built from the top down, with buy-in from board members and more communication between academic and student affairs offices. The publicity surrounding the Sandusky scandal at PSU revealed a need for greater board involvement, Langsdale said.
But, he noted, there is a limit.
“Board members should have their noses in but fingers out,” he said, meaning the board’s role is to be informed but not overly involved in risk management.
Langsdale identified ways risk managers can help set the culture for a true ERM effort:
• Look for leadership opportunities.
• Break down organizational silos.
• Understand the analytical tools and methodologies available.
• Elicit views from across the organization.
“Establishing ERM is an evolution,” LeDuc said. “Check back in two or three years to see what works and what doesn’t. Every institution is unique. … We have to take lessons learned back to our home institutions and help the thematic thread spread.”
Changing demographics and enrollment challenges, lack of funding and regulatory compliance are three major strategic risks faced by universities.
According to Christine Eick, executive director, risk management and safety at Auburn University, some schools saw hundreds of millions of dollars’ worth of cuts in government funding during the recession.
That is compounded, Langsdale said, by a lack of funding on students’ end as well. As costs rise, fewer students and their families are able to contribute much from their own pockets.
“We have to make choices about which programs to support,” he said.
Many attendees acknowledged that funding for sports programs, while ultimately accounting for a very small percentage of a school’s overall budget, should be the first to take cuts because of their high visibility.
Enrollment has also fallen as demographics shift. There are simply fewer 18-year-olds in the prospective student pool now than there were a decade or more ago, which increases competition among schools vying to keep classrooms full.
“One help has been recruiting returning military members,” Eick said, “who often come with the support of government funding” and have incentives to obtain a degree as they re-enter the mainstream workforce.
Compliance has also risen as a priority, especially with adherence to Title IX and the handling of sexual assault cases coming under tighter scrutiny.
Along with the increased risk, however, comes the benefit of putting “risk managers at the right tables,” said LeDuc, as universities need to discuss such risks among different offices and with board members.
Like any other organization that collects personally identifiable information, higher education institutions are more concerned with cyber threats.
“Data, data, data. Are we fully aware of our exposures?” LeDuc asked, picking out cyber security as a risk to watch related to students’ personal and financial records, as well as the potential for theft of intellectual property, especially at research institutions.
“Cyber is an increasing threat,” Eick agreed. “There has to be a shift in culture that mandates security training for all faculty to be completed by a certain date. Schools should be employing more privacy officers and CIOs to handle those challenges.”
Universities may have a higher exposure for data breach, Langsdale said, because networks are “designed to be open” to allow access for prospective and current students, alumni, faculty, and researchers from other facilities.
“You need to be on top of your cloud providers and know where your servers are located,” he said. “There should be no deemed export of information.”
Along with the increase in study abroad programs comes the increased need for colleges and universities to do more to ensure the safety of students in such programs, including keeping track of their whereabouts and the conditions of the countries they visit.
Until recently, schools have had limited ways to track and communicate with students abroad, and have kept limited records of incidents. Both nonprofit organizations and businesses offer resources to help risk managers expand their efforts.
One way to conduct due diligence is through site visits, which “are not terribly expensive,” according to Eick, but which usually are only done by larger, better-funded schools.
In addition to scoping out the conditions of hosting school and the surrounding communities, site visits allow risk managers an opportunity to analyze local coverage and ensure that the right policies are in place. Language barriers can result in improper coverage.