Archive for March, 2015

Good Housekeeping Yields a Safe Workplace

The manufacturing environment is often a busy and hectic one with high potential for injuries or accidents to occur.

Good housekeeping habits can help reduce these hazards. Housekeeping is also an essential part of any effective safety program and a safe workplace can reduce the risk of injuries, which not only put employees in danger but also can affect your workers’ comp premiums as well as force you to incur other costs.

Depending on the type and scope of work, it is important that you have staff to perform housekeeping duties such as picking up trash and cleaning work areas as often as is required to reduce and eliminate safety hazards.

In manufacturing and warehouse facilities, it’s imperative that you keep floors, walkways and other high-traffic areas uncluttered and clear of hazards.

Every year, about 17% of all workplace fatalities are the result of slips, trips and falls. Many of these occur due to tools, hoses, cords, trash, debris or slips on spilled liquids or fluids.

Part of housekeeping duties should include making sure the work areas are always kept free from tripping hazards and that any liquid or slippery surface is cleaned and dried immediately.

Cleaning items such as mops, buckets, brooms and dustpans should be easily accessible and stored in different areas, close to the workspace.

When mopping to clean a floor, make sure to use a “wet floor” sign to warn others that the surface could be slippery. Respecting “wet floor” signs along with immediately cleaning up spills helps prevent slip and fall injuries.


Trash and debris

Your staff should also understand the importance of picking up trash and debris that often accumulates throughout the workday. Trashcans and trash bins should be kept in easy-to-reach locations and should be placed near brooms and dustpans.

Here are some tips:

  • Sweep smaller debris such as broken glass, nails and other trash into a dustpan, before placing it into the trashcan.
  • If sharp objects such as nails, broken glass or metal fall onto the floor, use leather gloves in addition to using the dustpan and broom to dispose of the trash.
  • Trashcans should be emptied into dumpsters frequently so that they do not become too heavy


Other useful housekeeping practices include:

  • Keeping tools and equipment clean and properly stored when not in use.
  • Wrapping up and storing hoses, cables and wires when not in use.


Be aware of open cabinet drawers, electric wires, sharp corners or protruding nails. Correct any such unsafe conditions immediately, but only if it is safe to do so. If the situation is too dangerous to correct, your workers should be instructed to notify their supervisor or the person responsible for overall facility maintenance.

The workplace appearance makes an impression on employees and visitors alike. Good facility housekeeping will help reduce workplace accidents, lower insurance costs, improve employee morale – and ultimately increase business profits.

When a workplace is neat and clean, everyone will feel better as they complete their daily work and production quality is improved.


clean workplace

Managing Your Internal Supply Chain Risk: Equipment Failure

We’ve had articles about how to protect against and plan for external supply chain risks. These risks are often out of your control as they can affect suppliers or transportation providers, as well as transportation networks and infrastructure.

However, you also have internal supply chain risks, which you are better able to control. These risks can affect a variety of businesses from manufacturers to retailers and restaurants – and any business that has some type of revolving stock.

It could be vital to the survival of your business that you are aware of and prepare for internal risks such as machinery and equipment breakdowns.

Knowing the right steps to take ahead of time can save you from making a bad situation worse or significantly delaying the resumption of operations. All of that, of course, amounts to extra costs for your operation, including the potential for lost revenues.

If you prepare for a failure of a key piece of equipment or machinery, you also won’t be scrambling trying to figure out your next step in times of internal disruption or crisis. Making decisions at such times can often lead to more problems and costs.

Your risk management plan to deal with such failures should include:


1. A list of key equipment

·         Production machinery, including gear sets, motors, compressors, belts and fans.

·         Boilers and pressure vessels.

·         IT and communications systems, including wiring and cables.

·         Electrical equipment or system, including transformers, switch boxes, cables, wiring and motors.


2. An inventory of spare parts

Optimally, you should keep all the key spare and replacement parts for your main systems on site. You can ask the manufacturers or service companies of those systems to assist you in having an emergency inventory on hand.

Still, it may not be feasible to have all items on site. In that case, you should compile a list of the other parts that could break and need replacement, and how to quickly order them from the correct supplier. You should include on this list the cost of those items and delivery times – and update the list at least every year.


3. Plan for renting replacement equipment

As part of your planning, you should obtain quotes from companies that rent out the same type of equipment or machinery that you use, and update the quotes every year. The quotes should include all pricing like transportation and set-up fees, as well as estimated time from ordering to delivery and start-up.

Don’t forget to include alternative suppliers.


4. Repair firms

You should also have at the ready information on the various contractors that are able to repair the equipment that’s broken down. The information should be listed by equipment item and should include contractor capabilities, contact information and availability.

Again, you should update this information every year.


5. Inventory

The dilemma for many businesses is how much inventory to carry. You don’t want to get caught short when it’s time for deliveries, and you don’t want too much of your money tied up unnecessarily in inventory that will go unused for some time.

That said, a certain reserve of inventory to help you continue to supply your customers is a smart move if you want to minimize the disruption of an equipment failure.

You need to analyze your order and delivery schedules and identify an optimum amount of spare inventory to keep on hand to fulfill orders in case of an equipment failure.

Make sure to keep in mind perishability of inventory, if applicable.

 broken cog


Avoiding Claims for Invasion of Staff Privacy

Thanks to the information age, advanced testing and technology, it’s easier than ever for employers to monitor their employees to ensure they are doing their jobs.

While many employers ask prospective employees to submit to drug testing, physicals and even background investigations, others take employee surveillance to a whole new level by searching their workstations and lockers and monitoring their outside activities. Although the latter three items are highly questionable conduct for the average employer, employers must be careful how they react to information they glean from these methods, particularly if it’s used to fire or discipline someone.

If methods are questionable it could easily prompt an aggrieved employee to sue for invasion of privacy.

This is important to know, particularly in light of findings in a study by the American Management Association and The ePolicy Institute:

  • 66% of employers monitor their workers’ Internet connections;
  • 65% use software to block employees from surfing certain websites;
  • 45% monitor how much time employees spend on phone calls and which numbers they dial;
  • 16% record employee telephone conversations;
  • 9% monitor employees’ voice mail messages;
  • 7% monitor employees’ job performance using video surveillance.

To avoid being on the receiving end of an invasion of privacy lawsuit by one of your workers, you need to know what is permitted and what is not. The best way to protect your company is to:

  • Establish a policy about phone and Internet for personal use, and include it in the employee manual. The policy should describe the extent to which you will monitor phone and Internet use, if at all. The policy should spell out the consequences of violating this policy. To make sure your employees are aware of the policy, you should cover the policy (both verbally and in writing) at a staff meeting and have them sign a sheet acknowledging that they have read it.
  • Watch out for taping or tapping into employees’ phone calls. Most state and federal laws allow companies to use video cameras to monitor employees, but many have restrictions on making audio recordings or listening to conversations. Employees should expect to have the right to privacy on any personal phone conversations at work. If you’re still considering audio taping, you’d be wise to consult counsel and familiarize yourself with your state’s wiretapping laws.
  • Keep employee e-mails confidential. While you are generally within your rights to monitor your employees’ work e-mails on your company’s e-mail system, you should avoid making any of those messages public.
  • Formulate a written policy on searches of desks, workstations and lockers. You should touch on the company’s right to conduct searches and the reasons for doing so, as well as the consequences for an employee that refuses to submit to such a search. But beware, these types of searches can backfire on you and build an image of being a draconian employer, which is terrible for morale. You should only conduct a search if you have serious suspicions of what they may be hiding. Also, if you must conduct a search do so out of sight from other employees.
  • Only conduct drug tests for legitimate business reasons and at appropriate times, such as during the hiring process and following a workplace accident. If you decide to perform random drug tests, you need to spell this out in your employee manual. Again, it’s not wise to make any findings public or discuss them with the rank and file. And above all, avoid embarrassing any employee or making an example out of them.
  • During the hiring process you must obtain a job applicant’s written consent for a background check or drug test, and investigate only those factors relevant to the position. For example, a credit history examination might be suitable for a person applying for a position that involves handling money or paying company bills.
  • Safeguard all employee information you gather to ensure people outside the company cannot access it.
  • Instruct managers and staff not to discuss personnel matters with outsiders and employees who do not need to know the information.

If you follow these steps, you will greatly reduce the chance of invasion of privacy lawsuits.


Improve Your Cyber Defense: Trim Your Data

As companies spend more money on cyber defense, they are often protecting vast amounts of data that is of little or no business use and some information which, if exposed, could be potentially embarrassing.

And if you are like most companies, you have a certain amount of “zombie data” – or information that you may not even realize you had, but that could be harmful if discovered and abused by an outside party.

One of the biggest challenges today is to keep intruders away from your most sensitive files, as well as from files that could be potentially embarrassing if they were leaked.

Worse, if your business is hacked, you will have to sift through troves of data, much of it information that’s never accessed, to find out what the hackers may have breached.

Think about all of the files you have that are of little value to your business: drafts of reports, duplicates, personal communications, and more. What’s important and what’s not? You’ll have to look through it all to find out if sensitive information was compromised.

This is why businesses should manage and cull their data regularly – or at least remove data not integral to their operations from their main database. That way, your business can reduce its “cyber perimeter” to reduce the infrastructure that you have to focus on securing and protecting.

A recent blog post by the law firm of Pillsbury Winthrop Shaw Pittman recommends taking the shears to your electronic data. It reasons that the less data you have to secure, the more you will be able to manage and protect the information that is the most important to your company.

Doing this will also make it easier to monitor who has accessed which data.

Trimming the amount of data you store reduces the chances of information being exposed that may not be high value or protected personal information, but communications that might be embarrassing to your company.

Think you don’t have that kind of content? Just think back to the Sony Pictures breach when its president’s e-mails criticizing certain movie stars were leaked and exposed to the public. What if you or one of your staff made flippant, derogatory comments about a customer in an e-mail? That could be there.

As to the issue of zombie data – the enormous amount of data most organizations keep that lacks both purpose and insight – this information, which usually originates from former employees, has no business value or valid reason to be retained but is still being preserved, backed up and maintained on corporate networks.

It’s zombie in that the user no longer exists, and the data is inactive.

Most zombie data comes from files and file shares which IT organizations routinely dump off of devices when employees leave companies.

Zombie data poses two problems. It takes up storage space, which costs money, and you would have to try to retrieve it if you are embroiled in a lawsuit and the opposing lawyer files for discovery.

So now zombie files would need to be queried, which is not an easy process like reading a directory, for the appropriate employee or user. The process is tedious and may turn up significantly more information than the company needs to review and potentially produce. In short, it’s expensive to do this.

To avoid this scenario, you may want to consider culling your records, but make sure you comply with your preservation obligations as well as applicable regulations and laws.


The brass tacks

Obviously the less harmful the information is that exists on your servers, the better off a company is.

One other benefit from trimming the amount of data you store is that it allows you to better focus your current cyber defense efforts on the information that matters most.

It may also free up some of your budget, which you could use to encrypt the data so that hackers might not able to use it, or on other techniques designed to make it more likely that hackers will gain access to wrong or useless information.

data cut

Clinton E-mail Scandal a Wake-up Call for Businesses

There are lessons for businesses in the scandal regarding former U.S. Secretary of State Hillary Clinton using her personal e-mail account to conduct government business.

And while the jury is still out on just how damaging this was (notwithstanding any legal issues) in Clinton’s case, there are clear and present dangers to any firm that allows its staff to use their own e-mail accounts to conduct the company’s business.

There are three reasons you should set a usage policy that bars your staff from using their personal e-mail for work:

  • The danger of your employee’s e-mail being infected by a virus, malware or similar attack that spreads into your own computer systems.
  • Hampering your records retention.
  • It makes it difficult to comply with electronic discovery if you are embroiled in a legal matter.


A portal to infection

Everyone likes to be able to access their personal e-mail account at work through web-based e-mail accounts such as Gmail or Hotmail.

When employees access their e-mail through websites, this can create a dangerous “back door” through your company’s security firewall so that viruses, trojans, worms and hackers can potentially exploit your network.

If you don’t already have an Internet usage policy in place, develop one now. And if you do have a policy that doesn’t forbid the use of webmail and web-based accounts, talk to your IT support staff about how to best implement such a policy.


Records retention

The Federal Records Act requires government officials to preserve e-mails on department servers rather than sift through personal correspondence to decide what to archive and what to trash.

While the act does not apply to the private sector, your company could still need your e-mail records at some point in the future. In this case, it’s obviously better to have all of those messages on a company account rather than having to sift through all of the conversations in your personal e-mail to locate the exchanges.

Worse than that, if you’ve deleted e-mails, it may appear as if you are conducting the electronic version of shredding documents.

You need to make sure that your important documents are properly preserved and archived so that they can be found quickly later when needed. You need to make sure that e-mails containing sensitive business information are secured and can be accessed only by those who have the authority to view them. Using a private e-mail account circumvents this entirely and is not in the best interest of your organization.

Also, if you’ve invested in developing your company’s records retention policy, your e-mail system and database, those efforts could be wasted if employees circumvent the system by using personal e-mail accounts and devices to create and store work-related information.


Electronic discovery

Storing work-related e-mails in a personal e-mail account can result in a significant and costly burden to your company in case of electronic discovery.

During litigation it’s common practice for attorneys to file discovery motions in order to produce relevant documentation. These days that includes searching through your computer systems and e-mails.

But if one of your employees or managers stored any potentially salient information in their personal e-mail accounts, your business could be required to search their personal e-mails, as well.

This can result in a challenge, since potentially important company information has been comingled with the employee’s personal information. Not only that, but the time involved and concerns about outsiders rifling through a personal e-mail account is not palatable for anybody.

Finally, the costs of performing e-discovery increase with each new data source. This can result in additional expenses and more time.


Violation of best practices

The Wall Street Journal noted in an article titled “Hillary Clinton’s Email-Risk Lessons for CEOs” that executives who employ the same practices as Clinton would do so at risk of legal and security best practices.

“If a [chief executive] of a corporation subject to Sarbanes-Oxley had conducted business affairs this way it would have most certainly been a violation of that legislation,” Bill Solms, CEO of Wave Systems, a data security firm, told the Wall Street Journal.

And Kevin Bocek, vice president of security strategy & threat intelligence at Venafi Inc., told the newspaper: “Control over executive communications, intellectual property, and financial data have been the hallmarks of corporate governance regulations passed over the last decade. Using a home e-mail server takes data outside of the corporations’ control and possibly exposes that data to compromise by hackers.”

email danger

ACA Could Spur More Cost-Shifting to Workers’ Comp

As the Affordable Care Act prompts more health plans to use the capitation payment model for health care providers, more treatment costs may be shifted to the workers’ comp system, according to a new study. That would mean higher premiums for employers.

The Worker’s Compensation Research Institute (WCRI) analyzed health plans in 30 states and noted in its research that as more health plans use capitation, doctors will try to get more patients treated under workers’ comp.

This expected cost-shifting, which the institute said is already underway, will end up increasing workers’ comp claims and costs, which will be passed on to employers in the form of higher premiums.

Claims-shifting is already taking place in states where capitated plans are popular, especially California, California, New York, Pennsylvania, Michigan and Massachusetts. That’s because workers’ comp pays physicians more than they receive under capitated health plans.

In the workers’ comp system doctors are paid a fee for service, while capitated health plans pay them a monthly fee per patient regardless of whether they treat them or not.

The other factor contributing to the trend is the formation of accountable care organizations (ACOs), which follow the capitation model. The Affordable Care Act encourages the creation of these organizations, in which doctors and hospitals share financial and medical responsibility for coordinating services to patients.

In an ACO, doctors and hospitals are rewarded for the quality of medical outcomes and for keeping costs low. In addition to rewarding doctors with higher payments, shifting cases to workers’ compensation has the possible benefit of removing these cases from an ACO’s accountability formula, the study notes.

The report predicts that the expected trend will result in tens of millions of dollars in additional costs flowing into the workers’ comp system.

Richard Victor, executive director of the Cambridge, Massachusetts-based WCRI, told the media on a conference call that under capitation doctors are indirectly incentivized to move treatment into workers’ comp because they’ve already been paid the capitated rate from the health insurer. They get paid whether they treat the payment or not.

But if the patient is treated under workers’ comp, they can generate additional revenues because they’ll get paid for the services they provide.

“If it’s work-related, then the provider gets the same fee for service as what’s paid by workers’ comp,” Victor said. “If it’s not work-related, the provider’s already been prepaid for any care that they give.”

The doctor typically determines if an injury is work-related. If a patient comes in complaining of back or joint pain, those could be caused by a combination of their job or factors outside of work.

Victor emphasized that he’s not alleging fraud on the part of providers, just that they will ask more questions to determine if there is any causality from the patient’s work.

While it’s usually obvious if an injury is work-related, like broken bones, cuts or impact injuries from falls, soft-tissue injuries to the back, a knee or shoulder aren’t as clear-cut. The injuries could be the result of years on the job performing the same task, or sitting every day.

This ambiguity creates an opportunity for financial incentives to influence a doctor’s decisions, the study says.

Preliminary findings from the study found that in states where most group health plans are fee-for-service (like workers’ compensation) and where capitation plans serve less than 10% of the market, there was no case-shifting effect.

But in states where capitated health plans have a market share of more than 22%, there was a 30% increase in soft-tissue workers’ comp claims.

The WCRI provided the following examples:

  • If capitation increased from 30% to 55% in Pennsylvania (a state with high capitation), there would be an 8.5% shift of soft-tissue claims to workers’ comp.
  • In Illinois (which has a low capitation rate), if capitation jumped from 12% to 27%, there would be a 12% increase in soft-tissue workers’ comp claims.

The Anthem Breach and Employer Liability

By now you’ve surely read about the massive cyber breach at the second-largest health insurer in the country, Anthem Inc.

Hackers breached the insurer’s database with information on its 40 million customers and employees in the US. It’s still not clear just how much information the hackers got their hands on and if that data includes personally identifiable information that could be used for identity theft.

The hack illustrates not only the escalating threat of cyber attacks on the health care community, but also raises questions of employer liability if a company has purchased its group health policy from an insurer that is hacked.

Security experts say cyber criminals are increasingly targeting the health care industry. They say that many of these companies are easy pickings because they are using aging computer systems that don’t include the latest security features.

Anthem is not the first to be hit. Community Health Systems Inc. last year said Chinese hackers had broken into its computer network and stolen information on 4.5 million patients.

According to the Ponemon Institute, the percentage of health care organizations that have reported a criminal attack rose to 40% in 2013 from 20% in 2009.

The information that the hackers breached in Anthem’s case included current and former customers and employees.


What’s an employer to do? 

Whether an employer using Anthem as an insurer has a notice-of-breach obligation to its affected employees depends on a few factors.

The obligation to provide notice of a breach of “personally identifiable information,” (names, Social Security numbers, addresses and more) and “protected health information” – such as certain enrollment information and individually identifiable health information related to past, present or future medical care – is governed by both federal and state laws.

Because it holds troves of information on its enrollees, Anthem is primarily responsible for specific notification obligations and it has announced that it will inform affected individuals by e-mail or letter, or both.

Whether an employer using Anthem as an insurer has a notice obligation to its affected employees depends on a variety of factors.

The federal Health Insurance Portability and Accountability Act (HIPAA) imposes specific notice and disclosure obligations on health plans in the wake of a breach of protected health information.

In cases where Anthem is acting as an insurer, and the employer does not maintain or transmit protected health information, the notice and disclosure obligation is Anthem’s. Anthem’s notice efforts now underway appear to reflect the company’s understanding that it has the obligation.

If a health plan is fully insured by Anthem, the employer may not actually acquire, maintain or transmit the plan’s protected health information.

Generally, it is the insurer’s responsibility to notify affected individuals. That said, health plans and their business associates may agree upon who will actually supply the notice.

The federal Department of Health and Human Services, which oversees federal enforcement of HIPAA, encourages plans and their business associates to consider which of the two is in the best position to provide notice to affected individuals.


Financial consequences for employers

Cyber-security experts say the cost of responding to a breach of this magnitude can range from $100 to $230 per affected individual. In the case of Anthem’s breach, based on statements by the insurer, it will bear the costs of notification.

If an employer does incur costs from a breach, it may or may not be reimbursed by insurance.

Direct costs, such as notification, legal, public relations, call center, or credit/identity monitoring cost, would likely be covered if the employer has a cyber-liability insurance policy, especially if it is determined that the employer is legally obligated to respond to the breach.

If a lawsuit or other claim is filed against the employer for damages related to the Anthem breach, the privacy liability insuring agreement in the employer’s cyber policy may provide coverage for defense costs and damages associated with the claim.

Other policies, such as directors and officers and general liability coverage, may also provide some cover. But that would be determined by the policy language and any exclusions the policy has.

If you ever do experience a claim in this regard, you should contact us to help you determine which policy could be tapped for coverage.

cyber bomb

Malingering, the Gray Area in Workers’ Comp Fraud

Nearly 25% of all lost-time workers’ compensation claims are exaggerated, according to the National Insurance Crime Bureau.

While only a small percentage of workers’ comp claims are fraudulent, quite a few claims include employees staying away from work even after they’ve been cleared to return by their doctor and when they feel able to work. The term for this is malingering.

When injured workers malinger, the claim lasts longer than the medical disability. The employee has recovered enough to return to work, but has not returned to work.

This can be due to employee intent, medical provider lack of knowledge about the job requirements, employer disinterest, or other reasons. As you can see, it’s not always the employee’s fault.

However, some people take advantage of the system by:

  • Staging accidents
  • Faking injuries
  • Claiming that an injury sustained while not at work occurred on the job
  • Inflating the degree of an injury to get more time off from work
  • Claiming that an old injury is a new work-related one
  • Pretending they are injured more seriously than they are
  • Staying on benefits and away from work even after the worker has healed (malingering)


Here are 20 indicators of malingering or fraud:

  1. Tips from neighbors, relatives, friends or co-workers that a claimant is actually more active than alleged.
  2. The injury coincided with a company’s reduction of the workforce.
  3. Nurse case manager, doctor and therapist report a healthier and more active claimant than what is alleged.
  4. The lack of organic basis for the disability; most of the complaints and allegations are subjective.
  5. Premature or excessive demands for compensation.
  6. The claimant works in a seasonal occupation.
  7. The claimant often misses their therapy and/or doctor appointments.
  8. Having “dueling doctors,” with one physician stating that the claimant is disabled while another reports a completely different prognosis indicating they are not disabled.
  9. No witnesses to the reported accident.
  10. The claim was reported after the claimant was terminated, suspended or had resigned.
  11. The claimant had only been employed for a short while when the alleged accident occurred.
  12. The claimant is often not home when you try to contact them.
  13. The claimant is disabled longer than is normally associated with the reported injury.
  14. The claimant has a history of workers’ comp claims or short-term employment.
  15. The claimant’s job performance has been below average, or they were disciplined at some point.
  16. The claimant’s Facebook or other social media page shows they are more active than they claim they can be.
  17. The claimant has financial problems.
  18. The course of treatment seems to be too much for the injury, like extensive treatment and testing for a minor injury.
  19. If it was a car accident, the damage to the vehicle is inconsistent with the claimed injuries.
  20. Documentation of treatment is suspect – for example, photocopies of bills, no record of dates of treatment, no itemisation.


While some of these red flags don’t necessarily mean that there is fraud or malingering, if you do suspect it, you should contact the claims administrator handling your employee’s case.

If you can provide evidence to back up your suspicions, the insurance company may initiate an investigation that could include surveillance. All workers’ comp carriers are required to have fraud units, as per state regulations.

malingering dog yai