Rising Threats in the Public Sector
In Orange, Texas, a March public meeting to review storm surge suppression options for the Gulf Coast Community Protection and Recovery District had to be rescheduled to April 14 because of — wait for it — widespread flooding.
Irony aside, nearly 140 miles of the Sabine River flooded for four days, closing down almost all major roads that crossed this watery Texas-Louisiana border.
The flood and delayed meeting are a clear example about the very real impact climate change is having on low-lying areas all around the U.S. coasts. The Texas Governor’s Commission for Disaster Recovery and Renewal program estimates that it may cost as much as $11 billion to protect that area of the Gulf Coast.
“Nobody is sticking their head in the ground as far as I can see.” — William F. Becker, national public sector practice leader, Aon Risk Solutions
That’s a good investment, however, since Hurricane Ike in 2008 wrought $29 billion in property damage, making it the most expensive storm in the state’s history and the third costliest in the country, according to the Texas Engineering Extension Service report.
Texas officials are not alone in facing such challenges.
Coastal communities such as New York City, Norfolk, Va., Miami-Dade County, and Seattle lie at or below sea level, making them vulnerable to storm surges and flooding, especially in the face of the rising sea levels and increased storm activity predicted for the coming decades.
The key question for the public sector is how to affordably protect both residential and business properties as well as public infrastructure such as roads, bridges, utilities, water treatment plants, and other assets.
For many communities, the answer is to do more accurate risk modeling; do short- and long-term planning; build traditional “gray” defenses such as dams, levees, walls, and sea gates as well as natural “green” defenses to reduce storm surge impact; and work with insurers and reinsurers to rebound from losses made inevitable by climate change.
“Nobody is sticking their head in the ground as far as I can see,” said William F. Becker, Aon Risk Solutions’ national public sector practice leader. Instead, communities are balancing what can be done over the next few decades with current engineering and technology, while keeping an eye out for what may be possible with new technology by the year 2100.
However, budgetary pressures make many large-scale projects unaffordable, so public entities are maintaining the current infrastructure as best they can for now, said Becker, whose company also helps to administer the National Flood Insurance Program (NFIP).
Some cities have begun implementing protective strategies with a lower price tag, such as prohibiting land clearing near flood-prone areas, planning for public green spaces to absorb water, elevating streets over time, providing dunes on the coast, and heightening sea walls, among other solutions.
Tackling the problem with small, affordable strategies will give public sector organizations more time “until new and highly technical strategies can save these critical vital communities going forward,” Becker said.
Others are looking to partnerships to broaden their access to solutions.
One example is Miami-Dade County, which launched an innovative program in partnership with The Nature Conservancy (TNC), catastrophe modeler Risk Management Solutions (RMS), engineering company CH2M, and the American Red Cross/Red Crescent’s Global Disaster Preparedness Center.
The collaborators will work on various aspects of two demonstration projects that will measure the effects of green defenses such as salt marshes and mangrove forests in protecting the region from the severe storms that arise in the Atlantic’s Hurricane Alley.
This is the latest research project that RMS undertook to help model the protective impact of biological defenses. Working with communities on both coasts — including Norfolk, Va., and the Seattle region’s Puget Sound — “RMS has begun showing how we can quantify the reduction in risk using our storm surge modeling capability for coastal risks,” said the modeler’s Chief Research Officer Robert Muir-Wood.
“Our [modeling looks at] the full sweep of potential hurricanes and the storm surges they generate, and takes it all the way through to the damage and the quantified loss to property, which may be inland of the coastal areas,” Muir-Wood explained.
“We can actually quantify the benefits of one form of coastal defense [marshes]. That opens up a much bigger conversation to not only other classes of biological defenses but also to think through how can you combine a mixture of biological and gray defenses to provide really good protection.”
This kind of assessment is critical for communities to understand the complete impact of storms on local government budgets, noted Kathy Baughman McLeod, managing director of TNC’s coastal risk and investment.
“We have found that local governments and governments in general don’t know what their risk is,” said McLeod. “And then, when they make [storm-related] repairs, they pay for it out of all different buckets [such as public works, parks and recreation, etc.].
“When we ask, ‘What are you spending each year?’ they don’t know. They have the awareness but the [quantitative analysis] is not there.”
Impact on Rates
TNC’s project will help develop trusted metrics about both green and gray defenses that can eventually be adopted to set more accurate NFIP prices and quantify total risk. In addition, on April 1, the Federal Emergency Management Agency (FEMA) implemented more rigorous guidelines for accurately assessing flood risk to help set more appropriate insurance rates.
While property owners and local governments in some communities will pay higher rates that are more commensurate with the actual risk, communities that adopt better defense strategies will see their rates decrease.
While climate change may have the greatest impact on coastal communities, the interior of the U.S. will face changing weather patterns as well.
For example, New Orleans got good news from FEMA in April, nearly 11 years after Hurricane Katrina devastated the city. With about $14.6 billion in improvements made by the U.S. Army Corps of Engineers, the below-sea-level area now has a new defensive ring of protective levees, floodwalls, and floodgates.
Work is continuing on renovations to the city’s drainage system as well. For many residents and businesses, the new maps mean lower insurance rates.
Muir-Wood said expect to see more municipalities and other public organizations create the position of chief resilience officer, just as Miami-Dade County, Norfolk, San Francisco, New Orleans and other cities have done with the support of the Rockefeller Foundation as part of its 100 Resilient Cities project.
This new office will coordinate work across departments and jurisdictions as well as with outside organizations to plan for and respond to weather-related events as well as other threats, such as fire, tornadoes or civil unrest.
Another trend, he said, is that catastrophe modeling tools previously used solely for insurance risk assessment will become more commonplace for big cities, letting them conduct a cost-benefit analysis for various alternative actions to reduce that risk.
Finally, understanding weather-related exposures is still going to be critical for public sector entities, said Joe Caulfield, chief underwriting officer for OneBeacon’s government risk operation.
“Some information is presented in a highly dramatic fashion,” he said. “The feedback we hear is that risk managers and city managers are overwhelmed by [threats] and don’t see them as actionable … but we don’t encounter too many climate change deniers.”
Instead, public sector organizations are studying their exposure for critical assets such as wastewater management facilities and 911 communications centers. They’re making plans for protection and upgrading, especially if the facilities are right on the edge of FEMA flood map outlines that may not have been updated in 40 years.
One thing to remember about climate change, Caulfield noted, is that while it may have the greatest impact on coastal communities, they are not the only areas that will have to contend with climate threats.
The interior of the U.S. will face changing weather patterns as well, especially with greater temperature variations between severe cold and increased heat. That equals a more severe spring tornado season. &
Health, Higher Ed Most Vulnerable to Cyber Attacks
As cyber risk management comes of age, more data and better analysis are leading to new realizations. One is that health care and higher education are the most vulnerable sectors, followed closely by financial services.
Another is that the vast majority of security breaches could be forestalled using simple measures, such as ensuring all updates and patches to software are installed and tested.
However, studies are starting to show that cheap, low-tech email attacks remain stubbornly effective despite expensive, high-tech protections.
All of those ideas were advanced and detailed at a fast-moving panel discussion May 11 in New York, sponsored by brokerage Crystal & Company.
Actuarial data is still thin in cyber, but Christopher Liu, head of cyber risk in the financial institutions group at AIG, said that “institutions in health care and higher education are the most hazardous classes of insureds. That is because they have the most sensitive information and that there is high turnover. Also, they usually do not have big budgets, so security is often not well supported.”
Financial institutions, especially asset managers, are the second-most hazardous class, Liu added.
“They have the same attractive information, plus they have money.”
Mitigating that, they also tend to have better funded and supported security, and they have heavy government regulation. That both keeps them on their toes, and also means greater external surveillance. Several panel members noted that firms became aware of breaches when regulators noticed unusual activity.
“We find that we deal primarily with three areas,” said Austin Berglas, senior managing director at K2 Intelligence.
“Those are: unpatched vulnerabilities in software, misconfiguration of internal systems, and misplaced trust by employees. We get called in to handle a breach, and 99 percent of the time we find the vulnerability is unpatched.”
Berglas explained that the software companies race each other to send out new versions that often are not completely functional or secure. So they send out patches. “Windows does it every week on ‘patch Tuesday.’ But users don’t have any regular schedule or system for installing and testing patches. We find unpatched vulnerabilities dating back as far as 1999.”
“I have been to meetings of the cyber response team, and everyone in the room is introducing themselves. This is the response team. Everyone in the room has to know everyone in the room.” — John F. Mullen, managing partner, Lewis Brisbois Bisgaard & Smith
The challenge of unsecured configurations between systems was dramatically demonstrated with the infamous attack on retailer Target, which came through the air-conditioning vendor. But Berglas emphasized the persistent and pernicious problem of simple phishing.
“It is estimated that 30 percent of individuals within a company will open an email, and 13 percent will click on an attachment, even if they have been warned not to,” Berglas warned.
“You spent half a billion dollars on security systems and firewalls, and one click on one phishing email by someone with elevated system privileges, and the bad guys have just defeated your half-billion-dollar defense. Now they are inside, with credentials, and you can’t detect them.”
The quickest and easiest thing that any company can do, “is to look for unpatched vulnerabilities in public-facing systems,” Berglas urged.
On the same theme, John F. Mullen, managing partner of the law firm Lewis Brisbois Bisgaard & Smith, stressed that “security goes way beyond IT.
“This is not just about the tech guys. Cyber security tends to get pushed downhill.” And that tends to mean lack of coordination on all fronts.
“I have been to meetings of the cyber response team, and everyone in the room is introducing themselves. This is the response team. Everyone in the room has to know everyone in the room.”
Similarly, “insureds have to know the coverage that they have bought. Is there a mandated forensics group? Outside counsel? If so, go meet with them. If you have options, vet them,” Mullen exhorted.
“You spent half a billion dollars on security systems and firewalls, and one click on one phishing e-mail by someone with elevated system privileges, and the bad guys have just defeated your half-billion-dollar defense.” — Austin Berglas, senior managing director, K2 Intelligence
He expects the cyber insurance business to triple or quadruple in the next five years, in terms of premium spending.
Cycling back to the theme of internal responsibility, Paul Miskovich, senior vice president and global practice leader of cyber and technology errors and omissions coverage at Axis, said that 67 percent of cyber claims presented to his firm involved insider activity of some kind: clicking on a phishing email or failing to install a patch or use a firewall. Further, 25 percent of claims involved third parties such as vendors.
For all the focus on the breach itself, Miskovich added that “regulatory costs can be more than the costs of the breach, especially if you don’t have documentation of your security policies and protocols.” That includes documentation that the policies are in place and are rehearsed.
Noting previous comments that many losses are traced to breaches that have gone undetected for years, Miskovich said that a new area within cyber insurance is full coverage for prior acts.
Compounding: Is it Coming of Age?
The WC managed care market has generally viewed the treatment method of Rx compounding through the lens of its negative impact to cost for treating chronic pain without examining fully the opportunity to utilize “best practice” prescription compounds to help combat the opioid epidemic this nation faces. IPS stands on the front lines of this opioid battle every day making a difference for its clients.
After a shaky start cost-wise, prescription drug compounding is turning the corner in managing chronic pain without the risk of opioid addiction. A push from forward-thinking states and workers’ compensation PBMs who have the networks and resources to manage it is helping, too.
Prescription drug compounding has been around for more than a decade, but after a rocky start (primarily in terms of cost), compounding is finally coming into its own as an effective chronic pain management strategy – and a worthy alternative for costly and dangerous opioids – in workers’ compensation.
According to Greg Todd, CEO and founder of Integrated Prescription Solutions Inc. (IPS), a Costa Mesa, Calif.-based pharmacy benefit manager (PBM) for the workers’ compensation and disability market, one reason compounding is beginning to hit its stride is because some states have enacted laws to manage it more effectively. Another is PBMs like IPS have stepped up and are now managing compound drugs in a much more proactive manner from an oversight perspective.
By definition, compounding is a practice through which a licensed pharmacist or physician (or, in the case of an outsourcing facility, a person under the supervision of a licensed pharmacist) combines, mixes, or alters ingredients of a drug to create a medication tailored to the needs of an individual patient.
During that decade, Todd explains, opioids have filled the chronic pain management needs gap, bringing with them an enormous amount of problems as the ensuing addiction epidemic sweeping the nation resulted in the proliferation and over-consumption of opioids – at a staggering cost to both the bottom line and society at large.
As an alternative, compounded topical cream formulations also offer strong chronic pain management but have limited side effects and require much reduced dosage amounts to achieve effective tissue level penetration. In fact, they have a very low systemic absorption rate.
Bottom line, compounding provides prescribers with an excellent alternative treatment modality for chronic pain patients, both early and late stage, Todd says.
Time for Compounding Consideration
That scenario sets up the perfect argument for compounding, because for one thing, doctors are seeking a new solution, with all the pressure and scrutiny they’re receiving when trying to solve people’s chronic pain problems using opioids.
Todd explains the best news about neuropathic pain treatment using compounded topical analgesic creams is the results are outstanding, both in terms of patient satisfaction in VAS pain reduction but also in reduction potentially dangerous side effects of opioids.
The main issue with some of the early topical creams created via compounding was their high costs. In the early years, compounding, which does not require FDA approval, had little oversight or controls in place. But in the past few years, the workers compensation industry began to take notice of the solid science. At the same time, medical providers also were seeing the same science and began writing more prescriptions for compounding – which also offers them a revenue stream.
This is where oversight and rigor on the part of a PBM can make a difference, Todd says.
“You don’t let that compounded drug get dispensed when you’re going to pay for it without having a chance to approve it,” Todd says.
Education is Critical
At the same time, there is the growing, and genuine, need to start educating the doctors, helping them understand how they can really deliver quality pain management to a patient without gouging the system. A good compounding specialty pharmacy network offering tight, strict rules is fundamental, Todd says. And that means one that really reaches out to work with the doctors that are writing the prescriptions. The idea is to ensure that the active ingredients being chosen aren’t the most expensive sub-components because that unnecessarily will drive the cost of overall compound “through the ceiling.”
IPS has been able to mitigate costs in the last couple years just by having good common sense approach and a lot of physician outreach. Working with DermaTran Health Solutions and its national network of compounding pharmacies, IPS has been successfully impacting the cost while not reducing the effectiveness of a compounded prescription.
In Colorado, which has cracked down on compounding profiteering, Legislative change demanded no compound could be more than $350.00 period. What is notable, in an 18-month window for one client in Colorado, IPS had 38 compound prescriptions come through the door and each had between 4 and 7 active ingredients. Through its physician education efforts, IPS brought all 38 prescriptions down 3 active ingredients or less. IPS also helped patients achieve therapeutic success (and with medical community acceptance). In that case, the cost of compound prescriptions was down to an average of $350, versus the industry average of $788. Nationwide IPS has reduced the average cost of a compound prescription to $478.00.
Todd says. “We’ve still got a way to go, but we’ve made amazing progress in just the past couple of years on the cost and effective use of compound prescriptions.”
For more information on how you can better manage your costs for compound prescriptions, please call IPS at 866-846-9279.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with IPS. The editorial staff of Risk & Insurance had no role in its preparation.