Buying Cyber – Consider Carefully
The threat arising from cyber security is real. If it is not already, I suspect this threat will shortly be one of the most significant risks that companies face.
Given its significance, the cyber threat needs a comprehensive integrated response with risk transfer being just one element.
As a risk manager I cringed when I heard another risk manager declare at a RIMS annual conference session, “Yep, I bought cyber risk insurance last year. I did so because everybody else is doing it and also because my director thought it was a good idea. To be honest, I must admit that I am not really sure exactly what I bought.”
That risk manager may have done the right thing but definitely for the wrong reasons.
Some risk managers adopt a “risk flavor of the month” approach when considering, indeed purchasing new insurance products.
When you purchase an insurance product you are, as we all know, actually engaged in the practice, or should I say, sometimes the art form of transferring risk to the marketplace. This seems pretty clear, or is it? You should only engage in the practice of risk transfer after you have:
1. Carried out a thorough investigation of your business in order to identify all relevant original or “raw” risk(s).
2 Identified the controls that exist within your business to mitigate the risks identified. In doing so, you also need to assess the effectiveness of the controls in place to treat the identified risks.
3. Considered what other new or augmented existing controls could be established to deal with the risks on a cost effective basis.
4. Assessed the residual risks arising after applying steps 1 – 3 above and determined whether they are within your risk appetite or not.
Some risk managers adopt a “risk flavor of the month” approach when considering, indeed purchasing new insurance products. Cyber risk insurance is one such product that has been flavor of the month for quite some time.
The social/peer pressure to buy “cyber” is unrelenting. It is egged on by the myriad of studies that for example state, x percent of entities now buy cyber insurance and that this will grow to y percent within 12 months.
Do you want to be the brave insurance manager who bucks this trend? I am not suggesting that you be that person; what I do suggest is that you go about the process of evaluating whether or not this risk in your company needs to be insured against in a very disciplined, dispassionate manner.
The advantage of adopting the above is that you will end up with:
1) A very detailed description of the risks you face.
2) A comprehensive assessment of your suite of controls.
3) Absolute clarity as to which element of your risk you will seek to transfer to the insurance marketplace because by doing so, and if you do buy you will end up with a product that precisely fits your needs.
When you make that decision to buy cyber you will feel better as a risk management professional for having done so after following the above.
Recall Mitigation Relies on Risk Managers
This is turning out to be a record year for auto-related recalls and, with the astronomical costs associated with them, insurance companies that offer accidental contamination or malicious product tampering policies are on alert.
This type of insurance is primarily used by food manufacturers, distributors, retailers and auto parts suppliers to cover business expenses related to a recall. And in light of recent events, you can be sure that parts suppliers are working closely with their insurers to see what losses are covered and what the damage will be to their bottom line.
Those with insurance are the lucky ones, as the costs associated with a recall can be significant, but even for those organizations, the results of the recall and subsequent insurance coverage rely heavily on the assessments of risk managers.
One of the key concerns for risk managers is cost containment.
Typically, an insurance company becomes engaged with the manufacturer when the recall is about to happen or has just happened. To get started on remediation, the insurer must determine the total loss of product and what services are needed.
Then, the insurer will pull impacted lots and have them tested by an independent company to confirm that a full recall is necessary. Risk managers must ensure that lot sizes and distribution channels are optimized to minimize the impact on the bottom line depending on the likelihood of a recall.
Throughout a recall event, a lack of effective risk management can cause manufacturers to make missteps that cost millions of dollars and negatively impact insurers.
For example, if organizations don’t have the ability to identify and isolate contaminated products from safe ones, they may end up crediting a retailer for the full lot and not just the impacted products – resulting in a cash loss.
Also, manufacturers may incur compliance fines as they scramble to meet all of the regulatory requirements surrounding recalls. Lastly, the complex logistics involved in a recall may prolong the process and expose the brand to greater risk.
Here are some best practices for risk managers to consider when faced with a recall:
• Ensure access to good data and tracking on impacted products, including information on where it is located and what the value of lost product is.
• If the origin of the recall is known, contact the source to see what damages they will pay and determine if legal action is needed.
• Encourage the organization to be recall-ready with a designated recall team and plan, and an understanding of the supply chain partners’ recall protocol.
As the global supply chain continues to become more complex, risk managers need to be vigilant when preparing for internal and supplier issues.
And for companies of all sizes, product contamination is a loss exposure that cannot be ignored. It’s occurring with alarming frequency in the U.S. and globally catching many organizations by surprise.
Companies that fall victim to these incidents often incur staggering costs in damage control and significant lag time in restoration of profits and reputation.
Achieving More Fluid Case Management
Risk management practitioners point to a number of factors that influence the outcome of workers’ compensation claims. But readily identifiable factors shouldn’t necessarily be managed in a box.
To identify and discuss the changing issues influencing workers’ compensation claim outcomes, Risk & Insurance®, in partnership with Duluth, Ga.-based Healthcare Solutions, convened an April roundtable discussion in Philadelphia.
The discussion, moderated by Dan Reynolds, editor-in-chief of Risk & Insurance®, featured participation from four tenured claims management professionals.
This roundtable was ruled by a pragmatic tone, characterized by declarations on solutions that are finding traction on many current workers’ compensation challenges.
The advantages of face-to-face case management visits with injured workers got some of the strongest support at the roundtable.
“What you can assess from somebody’s home environment, their motivation, their attitude, their desire to get well or not get well is easy to do when you are looking at somebody and sitting in their home,” participant Barb Ritz said, a workers’ compensation manager in the office of risk services at the Temple University Health System in Philadelphia.
Telephonic case management gradually replaced face-to-face visits in many organizations, but participants said the pendulum has swung back and face-to-face visits are again more widely valued.
In person visits are beneficial not only in assessing the claimant’s condition and attitude, but also in providing an objective ear to annotate the dialogue between doctors and patients.
“Oftentimes, injured workers who go to physician appointments only retain about 20 percent of what the doctor is telling them,” said Jean Chambers, a Lakeland, Fla.-based vice president of clinical services for Bunch CareSolutions. “When you have a nurse accompanying the claimant, the nurse can help educate the injured worker following the appointment and also provide an objective update to the employer on the injured worker’s condition related to the claim.”
“The relationship that the nurse develops with the claimant is very important,” added Christine Curtis, a manager of medical services in the workers’ compensation division of New Cumberland, Pa.-based School Claims Services.
“It’s also great for fraud detection. During a visit the nurse can see symptoms that don’t necessarily match actions, and oftentimes claimants will tell nurses things they shouldn’t if they want their claim to be accepted,” Curtis said.
For these reasons and others, Curtis said that she uses onsite nursing.
Roundtable participant Susan LaBar, a Yardley, Pa.-based risk manager for transportation company Coach USA, said when she first started her job there, she insisted that nurses be placed on all lost-time cases. But that didn’t happen until she convinced management that it would work.
“We did it and the indemnity dollars went down and it more than paid for the nurses,” she said. “That became our model. You have to prove that it works and that takes time, but it does come out at the end of the day,” she said.
The ultimate outcome
Reducing costs is reason enough for implementing nurse case management, but many say safe return-to-work is the ultimate measure of a good outcome. An aging, heavier worker population plagued by diabetes, hypertension, and orthopedic problems and, in many cases, painkiller abuse is changing the very definition of safe return-to-work.
Roundtable members were unanimous in their belief that offering even the most undemanding forms of modified duty is preferable to having workers at home for extended periods of time.
“Return-to-work is the only way to control the workers’ comp cost. It’s the only way,” said Coach USA’s Susan LaBar.
Unhealthy households, family cultures in which workers’ compensation fraud can be a way of life and physical and mental atrophy are just some of the pitfalls that modified duty and return-to-work in general can help stave off.
“I take employees back in any capacity. So long as they can stand or sit or do something,” Ritz said. “The longer you’re sitting at home, the longer you’re disconnected. The next thing you know you’re isolated and angry with your employer.”
“Return-to-work is the only way to control the workers’ comp cost. It’s the only way,” said Coach USA’s Susan LaBar.
Whose story is it?
Managing return-to-work and nurse supervision of workers’ compensation cases also play important roles in controlling communication around the case. Return-to-work and modified duty can more quickly break that negative communication chain, roundtable participants said.
There was some disagreement among participants in the area of fraud. Some felt that workers’ compensation fraud is not as prevalent as commonly believed.
On the other hand, Coach USA’s Susan LaBar said that many cases start out with a legitimate injury but become fraudulent through extension.
“I’m talking about a process where claimants drag out the claim, treatment continues and they never come back to work,” she said.
Social media, as in all aspects of insurance fraud, is also playing an important role. Roundtable participants said Facebook is the first place they visit when they get a claim. Unbridled posts of personal information have become a rich library for case managers looking for indications of fraud.
“What you can assess from somebody’s home environment, their motivation, their attitude, their desire to get well or not get well is easy to do when you are looking at somebody and sitting in their home,” said participant Barb Ritz.
As daunting as co-morbidities have become, roundtable participants said that data has become a useful tool. Information about tobacco use, weight, diabetes and other complicating factors is now being used by physicians and managed care vendors to educate patients and better manage treatment.
“Education is important after an injury occurs,” said Rich Leonardo, chief sales officer for Healthcare Solutions, who also sat in on the roundtable. “The nurse is not always delivering news the patient wants to hear, so providing education on how the process is going to work is helpful.”
“We’re trying to get people to ‘Know your number’, such as to know what your blood pressure and glucose levels are,” said SCS’s Christine Curtis. “If you have somebody who’s diabetic, hypertensive and overweight, that nurse can talk directly to the injured worker and say, ‘Look, I know this is a sensitive issue, but we want you to get better and we’ll work with you because improving your overall health is important to helping you recover.”
The costs of co-morbidities are pushing case managers to be more frank in patient dialogue. Information about smoking cessation programs and weight loss approaches is now more freely offered.
Managing constant change
Anyone responsible for workers’ compensation knows that medical costs have been rising for years. But medical cost is not the only factor in the case management equation that is in motion.
The pendulum swing between technology and the human touch in treating injured workers is ever in flux. Even within a single program, the decision on when it is best to apply nurse case management varies.
“It used to be that every claim went to a nurse and now the industry is more selective,” said Bunch CareSolutions’ Jean Chambers. “However, you have to be careful because sometimes it’s the ones that seem to be a simple injury that can end up being a million dollar claim.”
“Predictive analytics can be used to help organizations flag claims for case management, but the human element will never be replaced,” Leonardo concluded.