3 New Unintended Consequences of Health Care Reform
As the Affordable Care Act (ACA) continues its gradual and bumpy rollout, health care providers are utilizing various strategies to comply and adapt. Many of these approaches, some of which include M&A activity, IT upgrades and shared service agreements are now creating new risks of their own.
1. Continuity of Care
Many aspects of the ACA and other healthcare trends are driving M&A or shared service agreements among hospitals, physicians and other providers. These new relationships can present serious challenges for managing a patient’s treatment across different organizations.
“There’s a risk that one organization might not provide care consistent with the other,” said Dan Nash, national healthcare practice leader, Zurich in North America. “Oftentimes, it’s not contractually required for them to do so.”
Patients being transferred from system to system might be exposed to different approaches to care and different levels of treatment.
Care managers can do a lot to help alleviate risks associated with continuity of care. Having a “concierge” that knows how each system operates can make transitions much easier for patients and explain why treatments differ from system to system.
“There’s a risk that one organization will not provide care consistent with the standards of the other. Oftentimes, it’s not contractually required for them to do so.”
– Dan Nash, National Healthcare Practice Leader, Zurich North America
“It creates a feeling that they’re working together,” said Dan Nash, national healthcare practice leader, Zurich in North America. “If you have a care manager through the process, it can give the patient a level of comfort that takes away anxiousness,” said Nash. “Then they feel like they’re being taken care of.”
Between the Health Insurance Portability and Accountability Act, the U.S. Department of Health and Human Services and a long list of other government organizations and mandates, there are serious demands on health systems.
“Real estate may be all about location, location, location but healthcare is all about compliance, compliance, compliance,” said Nash.
A lot of risk managers are focused on digital-related exposures, but a significant amount of serious data breaches are still the result of “paper losses.”
“One example happened on a subway in 2009 when a hospital worker left records for 192 patients on a train,” said Nash about an incident involving a mid-Atlantic hospital “It led to the hospital paying $1 million to the government in 2011 to settle the potential HIPAA violations.”
Despite the risks, health care providers are still reluctant to buy coverage around it.
“People used to look at banks with an eye toward their brick-and-mortar locations. ‘My money is safe because it’s housed within those walls,’ they’d think. While that thinking is antiquated when dealing with finances, it still rings true in the health care world,” said Nash.
“Often customers we talk to say it’s important, but not in budget this year,” said Nash. Furthermore, their IT departments seem to think they’ve got the problem figured out on the digital side and companies generally don’t pay enough attention to the possibility of paper losses.
To help combat the risk, Zurich offers to qualified customers a Breach Coach consulting service, during which an experienced cyber breach risk engineering consultant can assess where businesses are most vulnerable to a data loss.
3. Outpatient Treatment
Currently, 60% of hospital services are delivered inpatient with 40% of care delivered through outpatient facilities. Under the Affordable Care Act, the proportion will likely be reversed, so that 60% of care is delivered through outpatient facilities.
“It’s risky because patients generally see hospitals as places where they are safer in the event of an adverse reaction,” said Nash. “They might not have that same sense of security with an outpatient facility.
Nash compared that notion to the way many Americans thought about banks 20 or 30 years ago.
“People used to look at banks with an eye toward their brick-and-mortar locations. ‘My money is safe because it’s housed within those walls,’ they’d think. While that thinking is antiquated when dealing with finances, it still rings true in the health care world,” said Nash. “People feel safer and think they’re getting better care if they’re in a large hospital. At an outpatient facility, that comfort level isn’t the same.”
Another risk of having more outpatient procedures is that the health care provider has less time for observing patients. With patients going home after their procedure, it becomes even more important for the patient to carefully follow instructions: like taking medicine at scheduled times and doing proper rehab. Any health care provider can tell you that’s never guaranteed. But even if they don’t follow the care instructions, the hospital is still responsible.
This article was produced by Zurich and not the Risk & Insurance® editorial team.
Note: This content is provided for informational purposes only. Please consult with qualified legal counsel to address your particular circumstances and needs. Neither Risk & Insurance® nor Zurich are providing legal advice and assume no liability concerning the information set forth above.
Coping with Cancellations
Airlines typically can offset revenue losses for cancellations due to bad weather either by saving on fuel and salary costs or rerouting passengers on other flights, but this year’s revenue losses from the worst winter storm season in years might be too much for traditional measures.
At least one broker said the time may be right for airlines to consider crafting custom insurance programs to account for such devastating seasons.
For a good part of the country, including many parts of the Southeast, snow and ice storms have wreaked havoc on flight cancellations, with a mid-February storm being the worst of all. On Feb. 13, a snowstorm from Virginia to Maine caused airlines to scrub 7,561 U.S. flights, more than the 7,400 cancelled flights due to Hurricane Sandy, according to MasFlight, industry data tracker based in Bethesda, Md.
Roughly 100,000 flights have been canceled since Dec. 1, MasFlight said.
Just United, alone, the world’s second-largest airline, reported that it had cancelled 22,500 flights in January and February, 2014, according to Bloomberg. The airline’s completed regional flights was 87.1 percent, which was “an extraordinarily low level,” and almost 9 percentage points below its mainline operations, it reported.
And another potentially heavy snowfall was forecast for last weekend, from California to New England.
The sheer amount of cancellations this winter are likely straining airlines’ bottom lines, said Katie Connell, a spokeswoman for Airlines for America, a trade group for major U.S. airline companies.
“The airline industry’s fixed costs are high, therefore the majority of operating costs will still be incurred by airlines, even for canceled flights,” Connell wrote in an email. “If a flight is canceled due to weather, the only significant cost that the airline avoids is fuel; otherwise, it must still pay ownership costs for aircraft and ground equipment, maintenance costs and overhead and most crew costs. Extended storms and other sources of irregular operations are clear reminders of the industry’s operational and financial vulnerability to factors outside its control.”
Bob Mann, an independent airline analyst and consultant who is principal of R.W. Mann & Co. Inc. in Port Washington, N.Y., said that two-thirds of costs — fuel and labor — are short-term variable costs, but that fixed charges are “unfortunately incurred.” Airlines just typically absorb those costs.
“I am not aware of any airline that has considered taking out business interruption insurance for weather-related disruptions; it is simply a part of the business,” Mann said.
Chuck Cederroth, managing director at Aon Risk Solutions’ aviation practice, said carriers would probably not want to insure airlines against cancellations because airlines have control over whether a flight will be canceled, particularly if they don’t want to risk being fined up to $27,500 for each passenger by the Federal Aviation Administration when passengers are stuck on a tarmac for hours.
“How could an insurance product work when the insured is the one who controls the trigger?” Cederroth asked. “I think it would be a product that insurance companies would probably have a hard time providing.”
But Brad Meinhardt, U.S. aviation practice leader, for Arthur J. Gallagher & Co., said now may be the best time for airlines — and insurance carriers — to think about crafting a specialized insurance program to cover fluke years like this one.
“I would be stunned if this subject hasn’t made its way up into the C-suites of major and mid-sized airlines,” Meinhardt said. “When these events happen, people tend to look over their shoulder and ask if there is a solution for such events.”
Airlines often hedge losses from unknown variables such as varying fuel costs or interest rate fluctuations using derivatives, but those tools may not be enough for severe winters such as this year’s, he said. While products like business interruption insurance may not be used for airlines, they could look at weather-related insurance products that have very specific triggers.
For example, airlines could designate a period of time for such a “tough winter policy,” say from the period of November to March, in which they can manage cancellations due to 10 days of heavy snowfall, Meinhardt said. That amount could be designated their retention in such a policy, and anything in excess of the designated snowfall days could be a defined benefit that a carrier could pay if the policy is triggered. Possibly, the trigger would be inches of snowfall. “Custom solutions are the idea,” he said.
“Airlines are not likely buying any of these types of products now, but I think there’s probably some thinking along those lines right now as many might have to take losses as write-downs on their quarterly earnings and hope this doesn’t happen again,” he said. “There probably needs to be one airline making a trailblazing action on an insurance or derivative product — something that gets people talking about how to hedge against those losses in the future.”
5 & 5: Rewards and Risks of Cloud Computing
Cloud computing lowers costs, increases capacity and provides security that companies would be hard-pressed to deliver on their own. Utilizing the cloud allows companies to “rent” hardware and software as a service and store data on a series of servers with unlimited availability and space. But the risks loom large, such as unforgiving contracts, hidden fees and sophisticated criminal attacks.
ACE’s recently published whitepaper, “Cloud Computing: Is Your Company Weighing Both Benefits and Risks?”, focuses on educating risk managers about the risks and rewards of this ever-evolving technology. Key issues raised in the paper include:
5 benefits of cloud computing
1. Lower infrastructure costs
The days of investing in standalone servers are over. For far less investment, a company can store data in the cloud with much greater capacity. Cloud technology reduces or eliminates management costs associated with IT personnel, data storage and real estate. Cloud providers can also absorb the expenses of software upgrades, hardware upgrades and the replacement of obsolete network and security devices.
2. Capacity when you need it … not when you don’t
Cloud computing enables businesses to ramp up their capacity during peak times, then ramp back down during the year, rather than wastefully buying capacity they don’t need. Take the retail sector, for example. During the holiday season, online traffic increases substantially as consumers shop for gifts. Now, companies in the retail sector can pay for the capacity they need only when they need it.
3. Security and speed increase
Cloud providers invest big dollars in securing data with the latest technology — striving for cutting-edge speed and security. In fact, they provide redundancy data that’s replicated and encrypted so it can be delivered quickly and securely. Companies that utilize the cloud would find it difficult to get such results on their own.
4. Anything, anytime, anywhere
With cloud technology, companies can access data from anywhere, at any time. Take Dropbox for example. Its popularity has grown because people want to share large files that exceed the capacity of their email inboxes. Now it’s expanded the way we share data. As time goes on, other cloud companies will surely be looking to improve upon that technology.
5. Regulatory compliance comes more easily
The data security and technology that regulators require typically come standard from cloud providers. They routinely test their networks and systems. They provide data backups and power redundancy. Some even overtly assist customers with regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS).
1. Cloud contracts are unforgiving
Typically, risk managers and legal departments create contracts that mitigate losses caused by service providers. But cloud providers decline such stringent contracts, saying they hinder their ability to keep prices down. Instead, cloud contracts don’t include traditional indemnification or limitations of liability, particularly pertaining to privacy and data security. If a cloud provider suffers a data breach of customer information or sustains a network outage, risk managers are less likely to have the same contractual protection they are accustomed to seeing from traditional service providers.
2. Control is lost
In the cloud, companies are often forced to give up control of data and network availability. This can make staying compliant with regulations a challenge. For example cloud providers use data warehouses located in multiple jurisdictions, often transferring data across servers globally. While a company would be compliant in one location, it could be non-compliant when that data is transferred to a different location — and worst of all, the company may have no idea that it even happened.
3. High-level security threats loom
Higher levels of security attract sophisticated hackers. While a data thief may not be interested in your company’s information by itself, a large collection of data is a prime target. Advanced Persistent Threat (APT) attacks by highly skilled criminals continue to increase — putting your data at increased risk.
4. Hidden costs can hurt
Nobody can dispute the up-front cost savings provided by the cloud. But moving from one cloud to another can be expensive. Plus, one cloud is often not enough because of congestion and outages. More cloud providers equals more cost. Also, regulatory compliance again becomes a challenge since you can never outsource the risk to a third party. That leaves the burden of conducting vendor due diligence in a company’s hands.
5. Data security is actually your responsibility
Yes, security in the cloud is often more sophisticated than what a company can provide on its own. However, many organizations fail to realize that it’s their responsibility to secure their data before sending it to the cloud. In fact, cloud providers often won’t ensure the security of the data in their clouds and, legally, most jurisdictions hold the data owner accountable for security.
Risk managers can’t just take cloud computing at face value. Yes, it’s a great alternative for cost, speed and security, but hidden fees and unexpected threats can make utilization much riskier than anticipated.
Managing the risks requires a deeper understanding of the technology, careful due diligence and constant vigilance — and ACE can help guide an organization through the process.
To learn more about how to manage cloud risks, read the ACE whitepaper: Cloud Computing: Is Your Company Weighing Both Benefits and Risks?