Susannah Levine

Susannah Levine writes about health care, education and technology. She can be reached at [email protected]

Public Sector Safety

Safe Places for Risky Outdoor Play

Smart design, regular maintenance, and proper surface materials are the keys to minimizing playground injuries.
By: | August 31, 2016 • 6 min read
09012016_07_Liability

Children inevitably suffer cuts, scrapes and other “boo-boos” in the course of swinging, sliding and climbing, but many of the 200,000 annual emergency room visits from playground accidents are preventable, according to insurance and playground experts.

Advertisement




Many factors contribute to eliminating known hazards so children can stretch their wings as safely as possible.

Best practices include ensuring good sight lines for supervisors, isolating bigger kids from toddlers to avoid collisions, soft surfacing under equipment, sound S-hook connectors on swings, the elimination of head and torso entrapments, coatings to seal splinters, signage to alert caregivers to remove the strings from hoodies that can result in strangulation … the list goes on.

Even with the most vigilant design and maintenance, though, “we can’t and shouldn’t eliminate all risk,” said Bill Hooker, risk manager and training program supervisor, Park District Risk Management Agency in Chicago.

“Even if we could, no child would ever want to play in a risk-free playground.”

James D. Smith, director, risk control services, Arthur J. Gallagher & Co.

James D. Smith, director, risk control services, Arthur J. Gallagher & Co.

A playground cleansed of hazards — no moving parts or heights to fall from, for example — may be so boring that resourceful children will use the equipment in a manner the manufacturer never intended, said James D. Smith, director, risk control services, Arthur J. Gallagher & Co.

“Children make up their own games on equipment, and then you have new dangers you can’t plan against.”

This creativity calls for close supervision, Smith said.

The way a community regards its playgrounds, the kind of apparatus it provides and the diligence with which it inspects and maintains them, awakens philosophical questions, said Kenneth Kutska, executive director, International Playground Safety Institute LLC.

“We ask, ‘What is our goal?’ That starts a discussion about what risk is acceptable.” On the one hand, he said, play teaches critical developmental skills, with the risk of injuries along the way.

“If we take the risk out of playgrounds, we also take out the challenge and learning opportunities. When our primary goal is to meet financial goals, we fail our children.”

Minimal Legal Oversight

Communities benefit from the multitude of programs and standards that eliminate known hazards, said Timothy L. McCarty, risk control manager for Trident Public Risk Solutions.

These include the Consumer Product Safety Commission’s “Public Playground Safety Handbook,” which gives guidance on safety features such as shock-absorbent surfacing materials and safe arrangement of equipment; the American Society for Testing and Materials’ voluntary consensus standards on age-appropriate equipment, fencing, sight lines and recommended outerwear, among many other hazards; and The National Recreation and Park Association’s Playground Safety Inspector Certification.

Advertisement




While these programs offer “great guidance,” said McCarty, they are not law. Only 15 states regulate playgrounds. Only California, with the most robust oversight, mandates inspections. “It’s not illegal in most places to have uninspected playgrounds,” said McCarty, which puts children and communities at risk.

We can’t and shouldn’t eliminate all hazards. Even if we could, no child would ever want to play in a risk-free playground. — Bill Hooker, risk manager and training program supervisor, Park District Risk Management Agency.

Maintenance failures are the single greatest risk of loss and credibility, said Kutska, contributing to 40 percent of injuries. The other major contributors are noncompliant surfacing, failure to train or hire trained inspectors, failure to document inspections and corrections, and inadequate supervision.

Municipal and school district liability varies from state to state, said Thom Rickert, vice president, head of marketing, Trident Risk Solutions, and some states have immunity laws for owner-operators of recreational spaces. New York City has municipal regulations that require adults to be accompanied by a child to keep predators away. “Liability depends on the venue,” he said.

Heavy Wear and Tear

About 75 percent of nonfatal injuries related to playground equipment occur on public playgrounds, according to the Centers for Disease Control and Prevention, and most of those occur at schools and daycare centers — which have far fewer certified playground inspectors on staff than municipal parks, said AJG’s Smith.

Thom Rickert, vice president, head of marketing, Trident Risk Solutions

Thom Rickert, vice president, head of marketing, Trident Risk Solutions

School playgrounds get a disproportionate share of wear and tear, said Greg Hennecke, risk management representative, Hylant Administrative Services, and spokesperson for the National Recreation and Park Association as well as one of its certified playground safety inspector instructors.

They’re used hard for the three-odd hours of recess on the 180 days per year school is in session, then do double duty after school and on weekends, especially in communities where municipal parks are scarce.

“That puts more pressure on school districts to maintain them,” he said.

How much use a playground gets is one of many factors driving the frequency of inspections, Hennecke said. The insurer also considers whether the state has sovereign immunity laws. Exception clauses to the laws, which may strip immunity in the presence of physical defects, should put yet more emphasis on maintenance programs.

Current design standards are much different, and much safer, than they were 15 to 20 years ago, when wood parks with elevated ramps and turrets were the style, but they splintered and cracked as they aged. “Most installers know and adhere to the standards we inspect against,” said Smith.

Layout is also important, such as allowing sufficient room between the shoot of a slide or a swing and the next piece of apparatus or a fence. In addition, the composite material from which most equipment is now built stands up to weather and very hard wear better than the wood and metals of yore.

To minimize injuries and liability, Hooker recommended a “diamond of care” — four interrelated steps that together identify and minimize safety hazards:

1) Knowledge of standards and best practices.

2) Inspections by trained inspectors.

3) Corrections, including routine and preventive repairs, and if necessary, removal of hazardous equipment.

4) Documentation of action taken.

Surfacing Materials Matter

Falls onto hard surfaces account for about half of the injuries serious enough to warrant an emergency room visit, according to the CDC, but a serious injury doesn’t necessarily call for removal of the apparatus from which the child fell, Smith said.

Although removing the apparatus will remove its risk and liability, he said, the better option is more and better absorbing material, such as wood chips, gravel, sand, rubber pads, bark mulch or engineered wood fiber. In several cases, families claim “spinning disc” rides threw their toddlers to the ground, which wasn’t buffered by absorbing material.

Advertisement




“Insufficient surfacing material is the direct reason we have more serious injuries,” said Kenny Smith, risk control manager, OneBeacon Government Risks. He often sees “big divots” scooped out under swings.

Many entities, such as the Richland (Washington) School District, are removing swings from playgrounds on the advice of their insurance carriers but also because they use space inefficiently.

Experts said large modular play structures, or even a “return to nature,” installing big rocks with absorbent materials as flooring, are more efficient yet fun uses of playground space. &

Susannah Levine writes about health care, education and technology. She can be reached at [email protected]
Share this article:

Insurance Industry

The Government Beckons

Insurance carriers can create the best defenses in the world to protect customer data. But the government may ask them to give it up regardless.
By: | August 31, 2016 • 7 min read
R9-1-16p51-52_10Privacy.indd

Like Apple, insurance carriers and brokers hold an enormous amount of sensitive client information.

Unlike Apple, they are unlikely to find themselves in a highly public battle with the FBI should they resist demands for that data, as the tech giant did last spring in a dispute with the agency over the information in a terrorist’s locked iPhone.

Advertisement




But in the future, companies in the insurance space should be on the lookout for requests from regulators in other circumstances. Not necessarily in the wake of a mass shooting, but in the aftermath of any number of cyber hacks, the course of investigating a car crash or as part of the effort to secure crucial energy infrastructure.

And according to at least one expert, they should consider dumping the use of smartphones for conducting any kind of company business.

Investigators may request insurance company client data collected or transmitted through smartphones, said Theodore P. Augustinos a partner with Locke Lord LLP. Although for now, he said, the dilemma is more theoretical than actual.

“The government could subpoena geolocation data collected through a fitness app,” he said, and that data could come into play if the insurance company received it.

Theodore P. Augustinos, partner, Locke Lord LLP

Theodore P. Augustinos, partner, Locke Lord LLP

Investigators could also be interested in insurer-collected behavioral data, such as drinking and driving habits recorded by one or more apps that measure telematics and geolocation, said Hart Brown, vice president, organizational resilience, HUB International.

“That real-time data could be very powerful in a crime or accident investigation,” Brown said.

The crucial difference between the insurance community and Apple is that “Apple’s technology prevented access to the data,” Augustinos said.

In contrast, the insurance industry erects no technology barriers to the data it collects for its own use.

After 2015’s spate of cyber attacks that compromised 100 million records in health care — now the top industry for cyber attacks, according to recent IBM research — insurers should be “concerned” about federal investigators possibly seeking information, said Adam Cottini, a managing director in the cyber-liability practice with Arthur J. Gallagher & Co.

He predicts more and varied attacks, and more investigations, in industries involved in national security and critical infrastructure.

“We’ll see a level of investigative activity that rivals what we saw with the iPhone. Marine, utilities, water companies, the power grid — insurers house information from these industries, and the information they provide may rise to the level of national security and critical infrastructure.”

“An attacker who has your business card knows who you are, your employer, your position and the address to the device in your pocket during meetings and conversations.” — Michael Nash, president, Privacy Research, Inc.

For now, those records don’t usually involve locked technology such as smartphones. As they have historically, investigators such as the FBI may request or subpoena that data as they see fit, Augustinos said, and “companies will continue to release client data as they see fit.”

Investigators fish for data wherever they can, and insurers may be the source of last resort for that kind of information.

“If they meet resistance from the telecom providers and device manufacturers, they may go to the carrier next,” Brown said.

Whether investigators request information from insurers, and whether insurers release it, will play out on a case-by-case basis, Brown said.

“Information has value, and protecting it creates brand value. Insurers want to be good citizens and will cooperate with an investigation of an identified threat, but we won’t see companies sharing information in a blanket manner.”

Hackers Know: To Err Is Human

Human behavior that leaves data and networks vulnerable to hackers is a bigger and more immediate problem than government intrusion, said Michael Nash, president, Privacy Research, Inc.

R9-1-16p51-52_10Privacy.indd

He is unequivocal about the dangers the widespread use of smartphones pose for all companies, not just insurance carriers.

“Smartphones are not appropriate for business use. People don’t understand that their trusted personal devices are computers — computers unprotected by effective antivirus software and firewalls, which makes them inherently untrustworthy.”

Advertisement




Smartphones can be compromised over the cellular network, he said, and also through Wi-Fi, Bluetooth, and NFC (Near Field Communication, the technology that allows transferring photos between phones by tapping their backs together).

“Your phone can be compromised anywhere — your home, the train, a coffee shop.” Some countries, especially China and Turkey, are notorious for attacks on travelers’ phones, he said.

Even locked networks, such as those in hotels, can be “spoofed” by opportunistic hackers waiting to prey on gullible users. Once the device is brought back to the office and joins the company’s network, the devices can be used as an entry point for network penetration.

“All an attacker needs is a cell phone number,” Nash said in an interview conducted on his own cell phone, which rang through a landline number, sparing him the necessity of divulging his cell phone number.

He recommends omitting cell phone numbers from business cards.

“Your cell phone number is an address for the device. An attacker who has your business card knows who you are, your employer, your position and the address to the device in your pocket during meetings and conversations.”

Not only can hackers access data on the phone, they can turn on the camera and microphone remotely without the owner’s knowledge — a great espionage tool in corporate meetings and secured areas. And turning the phone off provides no protection, Nash said.

Cottini sees risks when employees use the same device for business and personal use.

“Employees can slip up and send business emails from their Gmail accounts,” he said.

“Then the confidential business information is stored on the device, which isn’t secure, and the provider’s cloud system, which may have fallible security.”

 Adam Cottini, managing director, cyber-liability practice, Arthur J. Gallagher & Co.

Adam Cottini, managing director, cyber-liability practice, Arthur J. Gallagher & Co.

Whether or not the information has value to an intruder, Cottini said, the corporation’s intellectual property is vulnerable. Despite the high financial or reputational cost to corporations of smartphone-related losses, he doesn’t see corporations abandoning smartphones or returning to the outdated two-device model, one for personal use and one for business.

The solution, he said, and an imperfect one because it depends on human behavior, resides in training and technology.

“Ideally, you want a culture of security and awareness built into training programs that would check an employee’s habits of using a Gmail account,” Cottini said.

Employees can also use encryption apps, “but they’re useless — not if, but when — people use traditional cloud email to transmit corporate messages.”

Although it isn’t yet commonplace, Cottini said, virtualization technology exists now to separate employees’ personal assets on their phones from corporate assets, which when used correctly prevents corporate assets from residing on the phone.

Companies would have to approach those solutions delicately so employees don’t feel bullied, Cottini said.

“Employees will ask, ‘Why am I being told what to do with my own device?’”

No Fix in Encryption Alone

Long before the Israeli company Cellebrite Mobile Synchronization broke into the San Bernadino terrorist’s encrypted iPhone, a YouTube search for “how to break into iPhone” produced more than 6 million results, confirming what hackers and risk managers already knew: any encryption can be broken, inviting speculation that the iPhone-breaking incident may have been political theater to create a legal precedent for investigations involving locked technology.

“If you can make the technology, someone with enough resolve can break into it,” said Cottini.

Breaches of encrypted data are so routine that states are toughening their data breach laws; in July, Tennessee will become the first state to remove its encryption safe harbor.

Advertisement




This game of whack-a-mole calls for vigilance.

“You need multiple rings of security,” Cottini said, not just encryption.

“If hackers get to the other side of your firewall, you need to change all the failed protections that let them in. You need access controls, so only highly vetted people have access to sensitive data.

“Companies run the risk of complacency around their data,” said Kristen Gaebel, director, financial services regulatory practice, PricewaterhouseCoopers. Take a long, hard look at privacy and data protections, she advised.

“Perps are getting more sophisticated, and companies need to constantly evolve training, governance and risk assessment to identify susceptibilities.”

“Catch the bad guys by surprise,” Cottini said. “Rotate your defenses to be random. If they’re static, the bad guys will catch you.” &

Susannah Levine writes about health care, education and technology. She can be reached at [email protected]
Share this article:

Foreign Travel Risk

Overseas Employees at Risk

Undisciplined insurance purchasing practices leave dangerous gaps for expats.
By: | May 24, 2016 • 6 min read
062016_02_Travel_Risk

A rogue wave pulled a vacationing military contractor walking on a foreign beach into the ocean. He hit his head on a rock and was paralyzed.

Advertisement




Because his employer sent him on the trip for some R&R, the contractor’s Foreign Voluntary Workers’ Compensation insurance responded for his medical injuries even though he was vacationing instead of at a job site.

Luckily for the worker, his employer had the right coverage in place to forestall painful financial and health consequences.

But a substantial risk for employees and the companies they work for is that how and when coverage responds overseas often doesn’t track how coverage responds stateside, said Mary Quillen, manager, international workers’ compensation, AkesoCare.

Multinationals tend to carry many overlapping lines of insurance for their overseas business travelers, which is a help.

“You may have six or seven lines of insurance responding to a single claim,” said Logan Payne, assistant vice president, international practice, Lockton.

The primary policies are Foreign Voluntary Worker’s Compensation, Business Travelers Accident, and Kidnap, Ransom and Extortion, Payne said. Purchased effectively the coverages can be powerful. Purchased without the proper consideration, they may suffer from gaps as well as redundancies. Such gaps can cost employees dearly at a desperate time of their lives, Payne said.

To prevent that, he recommends centralizing insurance purchasing for expats instead of delegating it piecemeal to departments or regional offices. “Get all the insurance buyers in the same room to reach one comprehensive answer,” he said.

“Who does the traveler call if he loses his prescription drugs or needs medical evacuation? Who does he call if he hears gunshots outside his hotel?” — Chris Chao, senior vice president, Aon

International benefits from domestic health care insurance can range from nonexistent to “pretty good,” said Arno Chrispeels, owner, Health Insurance International. “A plan might cover emergency medical treatment but not evacuation or repatriation,” he said.

Since these are hefty expenses — $20,000 to $100,000 for a helicopter evacuation and $15,000 to $25,000 for repatriation — companies should review their domestic policies and fill in gaps by using international insurance for short- and long-term travelers.

Chris Chao, a senior vice president at Aon, said it is generally the travel assistance provider that keeps expats safe.

“Who does the traveler call if he loses his prescription drugs or needs medical evacuation? Who does he call if he hears gunshots outside his hotel?” Chao asked.

Duties of Care and Loyalty

When companies send workers out of the country, they have a “duty of care” to keep employees safe and healthy, while the expat workers have a “duty of loyalty” to follow their employers’ safety practices. Sometimes this requires workarounds and major effort. For example, said Denise Buckland, senior vice president, operations, International Medical Group, if a worker is diagnosed with an autoimmune disease, doctors will try staged medications.

Denise Buckland, senior vice president, operations, International Medical Group

Denise Buckland, senior vice president, operations, International Medical Group

“You try one, and if it doesn’t work, you try another,” she said. But the options can be very limited.

Let’s say a U.S. employee working in Thailand requires the injectable Humira to manage her condition, and no other drug gives her the relief she needs. Humira is illegal in Thailand, however. The carrier could contact the Thai and U.S. governments to help the employee get an importer’s license, but in the meantime, Buckland said, “the worker may get so sick that she has to go home.”

Especially in regions where the medical infrastructure is underdeveloped by Western standards, an acute but treatable event, such as a compound bone fracture, could quickly escalate into a life-threatening medical issue, said Alison Swanz, senior consultant, Arthur J. Gallagher & Co.

Advertisement




Duty of care is still an “unregulated philosophy,” said Hart Brown, senior vice president, practice leader, organizational resilience, HUB International. It depends on a number of interrelated steps, beginning with a vetted travel assistance provider and adequate insurance.

An employer “hasn’t met its duty of care” if its travel assistance provider does not have the right protocols or its expats don’t know the provider’s toll-free number, he said.

“Compliance is hard to enforce. You can’t sit on an adult to make him take his meds.” — Alison Swanz, senior consultant, Arthur J. Gallagher & Co.

Coverage gaps and potential risks should be exposed in a thorough pre-trip screening, said Rob Howard, director of corporate sales, GeoBlue, a major provider of international insurance for expatriates.

When employees need medical help while on assignment, carriers will tap their provider networks to find care equivalent to what they would get at home, said Howard.

Pre-assignment evaluations should extend beyond known health issues, said Nick Dobelbower, vice president, global benefits practice, Lockton, to include language training if necessary, and alert the traveler to cultural differences and sensitivities.

Chris Chao, senior vice president, Aon

Chris Chao, senior vice president, Aon

The onus is on the employee to make a responsible decision whether to go on an overseas assignment. Sometimes, employees should decline assignments, Swanz said. A worker with asthma probably shouldn’t accept an offer in Beijing, where air pollution is a health hazard.

“An executive expat assignment is a huge investment for the company,” Howard said, and may include high compensation, language training, housing, security, a driver and private schools.

To recoup that investment, companies expect an executive assignment to last three to five years, but more than 50 percent end in failure after six to nine months. Among the top reasons for failure are the expat’s benefits package and health care, according to Cigna’s “2015 Global Mobility Survey.”

Duty of care and duty of loyalty should align during pre-trip planning, said Howard. He recommends a sit-down orientation with travelers as a group before they leave to review the size and scope of risks.

Other issues such as domestic employees can arise, Chrispeels said. “Employees may think they have international coverage for the entire household [such as nannies], but they don’t.”

The organization should also consider issues such as family mental health problems. A one-on-one meeting or a follow-up phone call may bring issues to light when travelers have medical issues they don’t want to share with a group.

One aspect of an employee’s duty of loyalty applies to medical compliance, especially to taking prescribed medications for common diseases such as heart conditions or asthma.

Alison Swanz, senior consultant, Arthur J. Gallagher & Co.

Alison Swanz, senior consultant, Arthur J. Gallagher & Co.

“Compliance is hard to enforce. You can’t sit on an adult to make him take his meds,” Swanz said.

U.S. companies that send U.S. citizens overseas are subject to the Affordable Care Act, but the law is so complex — despite Congress’ attempt at guidance in the Expatriate Health Coverage Clarification Act of 2014 (EHCCA) — that “people get glassy-eyed looking at it,” said Mark Holloway, senior vice president, co-director, compliance services, Lockton.

Holloway recommends that companies write their expat coverage on U.S. paper as a practical way to satisfy the individual mandate — but to work with professionals who deal in expatriate insurance every day.

“Companies will want to work with a broker or counsel who plays in the sandbox because it’s such an arcane area of the law.”

Susannah Levine writes about health care, education and technology. She can be reached at [email protected]
Share this article: