+ All Categories
Home > Documents > Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Date post: 27-Mar-2015
Category:
Upload: joshua-schultz
View: 214 times
Download: 0 times
Share this document with a friend
Popular Tags:
90
Risk Management Risk Management User Group User Group October 18, 2007 October 18, 2007
Transcript
Page 1: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management User Risk Management User GroupGroup

October 18, 2007October 18, 2007

Page 2: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

WELCOMEWELCOME

Michael L. Hay, CRM, CGFM, Michael L. Hay, CRM, CGFM, CPPMCPPM

Page 3: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

MEETING AGENDAMEETING AGENDA

8:30 – 9:008:30 – 9:00 Legislative Update Jonathan BowLegislative Update Jonathan Bow 9:00 –10:00 9:00 –10:00 Claims Update Gordon LeffClaims Update Gordon Leff 10:00 – 10:15 10:00 – 10:15 BREAKBREAK 10:15 – 11:00 10:15 – 11:00 Document Restoration Tom McGuire, Document Restoration Tom McGuire,

Munters Munters 11:00 – 11:15 11:00 – 11:15 Training System Erin ThompsonTraining System Erin Thompson 11:15 – 12:00 11:15 – 12:00 Cyber Risk Neeraj SahniCyber Risk Neeraj Sahni

AIG AIG

Page 4: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

LEGISLATIVE UPDATELEGISLATIVE UPDATE

Jonathan BowJonathan BowExecutive DirectorExecutive Director

Page 5: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

CLAIMS UPDATECLAIMS UPDATE

Gordon LeffGordon Leff

Deputy Director Deputy Director

Claims OperationsClaims Operations

Page 6: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Bills may be obtained from the Texas Bills may be obtained from the Texas Legislature Online Website at:Legislature Online Website at:

http://www.capitol.state.tx.ushttp://www.capitol.state.tx.us

Page 7: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 34 By: Solomons, LeibowitzH.B. 34 By: Solomons, Leibowitz

The bill amends the Labor Code to prohibit The bill amends the Labor Code to prohibit certain payments or inducements certain payments or inducements regarding a workers' compensation claim regarding a workers' compensation claim and provide an administrative violation for and provide an administrative violation for such a payment or inducement. such a payment or inducement.

Page 8: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 34 By: Solomons, Leibowitz H.B. 34 By: Solomons, Leibowitz cont.cont.

ADMINISTRATIVE VIOLATION BY PERSON ADMINISTRATIVE VIOLATION BY PERSON PERFORMING CERTAIN CLAIM PERFORMING CERTAIN CLAIM MANAGEMENT SERVICES. (a) This section MANAGEMENT SERVICES. (a) This section applies to an insurance adjuster, case manager, applies to an insurance adjuster, case manager, or other person who has authority under this title or other person who has authority under this title to request the performance of a service to request the performance of a service regarding the management of a workers' regarding the management of a workers' compensation claim, including peer review, compensation claim, including peer review, performance of a required medical examination, performance of a required medical examination, or case management. or case management.

Page 9: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 34 By: Solomons, Leibowitz H.B. 34 By: Solomons, Leibowitz cont.cont.

For purposes of this section, a violation is For purposes of this section, a violation is committed if the adjuster, manager or committed if the adjuster, manager or other person offers to pay, pays, solicits, other person offers to pay, pays, solicits, or received an improper inducement or received an improper inducement relating to the delivery of benefits to an relating to the delivery of benefits to an injured employee; or improperly attempts injured employee; or improperly attempts to influence the deliver of benefit to an to influence the deliver of benefit to an injured employee, including through the injured employee, including through the making of improper threats. making of improper threats.

Page 10: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

S.B. 1627S.B. 1627

This bill provides that a person who This bill provides that a person who commits an offense of fraud under the commits an offense of fraud under the Texas Labor Code Chapter 418 (Criminal Texas Labor Code Chapter 418 (Criminal Penalties) may be prosecuted under that Penalties) may be prosecuted under that chapter or any other applicable state law, chapter or any other applicable state law, including the Texas Penal Code.  These including the Texas Penal Code.  These changes became effective June 15, 2007. changes became effective June 15, 2007.

Page 11: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

SB 458SB 458 by: Senator Watson by: Senator Watson

If an orthotic or prosthetic device is If an orthotic or prosthetic device is damaged in a workers' compensation damaged in a workers' compensation injury, the insurance carrier must repair or injury, the insurance carrier must repair or replace that device. replace that device.

Page 12: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 472 By: SolomonsH.B. 472 By: Solomons

The bill prohibits a third-party administrator from knowingly referring a claim or loss for adjustment to a person acting as or claiming to be an insurance adjuster without the appropriate license and prohibits an insurer from referring a claim or loss for administration to a person acting as or claiming to be an administrator without the appropriate certificate of authority. It sets out an insurer's responsibilities when using an administrator's services and requires the insurer to conduct regular reviews and on-site audits of the administrator's operations.

Page 13: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 473 BY: SolomonsH.B. 473 BY: Solomons

Voluntary or Informal Networks Voluntary Voluntary or Informal Networks Voluntary or informal networks are now regulated or informal networks are now regulated until January 1, 2011 when they will be until January 1, 2011 when they will be eliminated and forced to operate only as a eliminated and forced to operate only as a certified workers' compensation health certified workers' compensation health care network This bill outlines certain care network This bill outlines certain contractual duties under a voluntary contractual duties under a voluntary network.network.

Page 14: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 473 BY: Solomons H.B. 473 BY: Solomons contcont..

Oh and by the way…House Bill 473 Oh and by the way…House Bill 473 requires that the benefit review officer requires that the benefit review officer presiding at a benefit review conference, presiding at a benefit review conference, rather than other division staff designated rather than other division staff designated by the workers' compensation by the workers' compensation commissioner, consider a request for an commissioner, consider a request for an interlocutory orderinterlocutory order and give the and give the opposing party the opportunity to respond opposing party the opportunity to respond before issuing such an order. before issuing such an order.

Page 15: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 724 By: SolomonsH.B. 724 By: Solomons

Allows for CCHAllows for CCHregarding determination of regarding determination of

the retrospective medical the retrospective medical necessity for a health necessity for a health care service for which the care service for which the amount billed does not amount billed does not exceed $3,000; and exceed $3,000; and

3)  an appeal of an 3)  an appeal of an independent review independent review organization decision organization decision regarding determination regarding determination of the concurrent or of the concurrent or prospective medical prospective medical necessity for a health necessity for a health care service. care service.

(1)  a medical fee dispute in which the amount of reimbursement sought by the requestor in its request for medical dispute resolution does not exceed $2,000; (2)  an appeal of an independent review organization decision

Page 16: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 724 By: Solomons H.B. 724 By: Solomons Cont.Cont.

Allows for SOAHAllows for SOAH

A party to a medical A party to a medical dispute, other than a dispute, other than a medical dispute regarding medical dispute regarding spinal surgery subject to spinal surgery subject to Subsection (l) and a Subsection (l) and a dispute subject to Section dispute subject to Section 413.0311, that remains 413.0311, that remains unresolved after a review unresolved after a review of the medical service of the medical service under this section is under this section is entitled to a hearing.entitled to a hearing.

A hearing under this A hearing under this subsection shall be subsection shall be conducted by the conducted by the State State Office of Administrative Office of Administrative HearingsHearings not later than not later than the 60th day after the the 60th day after the date on which the party date on which the party notifies the division of the notifies the division of the request for a hearing. request for a hearing. The hearing shall be The hearing shall be conducted in the manner conducted in the manner provided for a contested provided for a contested case under Chapter case under Chapter 2001, Government Code.2001, Government Code.

Page 17: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 724 By: Solomons H.B. 724 By: Solomons Cont.Cont.

If an accident or health insurance carrier If an accident or health insurance carrier or other person obligated for the cost of or other person obligated for the cost of health care services has paid for health health care services has paid for health care services for an employee for an injury care services for an employee for an injury for which the workers' compensation for which the workers' compensation insurance carrier or the employer has not insurance carrier or the employer has not disputed compensability, disputed compensability,

Page 18: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 724 By: Solomons H.B. 724 By: Solomons Cont.Cont.

the accident or health insurance carrier or the accident or health insurance carrier or other person may recover reimbursement other person may recover reimbursement from the insurance carrier in the manner from the insurance carrier in the manner described by Section 409.009 or described by Section 409.009 or 409.0091, as applicable. 409.0091, as applicable.

Page 19: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 724 By: Solomons H.B. 724 By: Solomons Cont.Cont.

The health insurance carrier failed to seek The health insurance carrier failed to seek reimbursement from the health care provider or reimbursement from the health care provider or the insured, the insured,

the-health care provider does not have to seek-the-health care provider does not have to seek-preauthorization from the workers' compensation preauthorization from the workers' compensation carrier, and carrier, and

the health care provider did not bill the workers‘ the health care provider did not bill the workers‘ compensation carrier within 95 days of the date compensation carrier within 95 days of the date of service. of service.

(

Page 20: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 724 By: Solomons H.B. 724 By: Solomons Cont.Cont.

A surviving parent, under certain conditions, to be eligible for death

benefits in a workers' compensation case for a benefit period not to exceed two years.

Page 21: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 886 By: GiddingsH.B. 886 By: Giddings

Instituted a pre authorization program for the return-to-work pilot

program for small employers

Page 22: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

HB 1003HB 1003 by Giddings by Giddings

House Bill 1003 amends the Labor Code and the Insurance Code to provide that an independent review organization using doctors to review health care services relating to workers' compensation claims may use only doctors licensed to practice in this state

Page 23: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

HB 1006HB 1006 by Giddings by Giddings

House Bill 1006 amends the Labor Code and the House Bill 1006 amends the Labor Code and the Insurance Code to limit the performance of such Insurance Code to limit the performance of such reviews to doctors licensed to practice in this reviews to doctors licensed to practice in this state, to specify that the reviews include state, to specify that the reviews include utilization and retrospective reviews, and to utilization and retrospective reviews, and to extend these requirements to an insurance extend these requirements to an insurance carrier. The bill also amends the Insurance Code carrier. The bill also amends the Insurance Code to provide that the limit on the amount a health to provide that the limit on the amount a health care provider can charge for providing medical care provider can charge for providing medical information to a utilization review agency is the information to a utilization review agency is the cost of copying records relating to a workers' cost of copying records relating to a workers' compensation claim. compensation claim.

Page 24: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

H.B. 1005 By:H.B. 1005 By: GiddingsGiddings

Amends the Labor Code to provide for Amends the Labor Code to provide for reimbursement if the claim is filed in a timely reimbursement if the claim is filed in a timely manner but is erroneously filed with the wrong manner but is erroneously filed with the wrong insurer or if the commissioner of workers' insurer or if the commissioner of workers' compensation determines that the failure to compensation determines that the failure to submit a timely claim was due to a catastrophic submit a timely claim was due to a catastrophic event that substantially interfered with the event that substantially interfered with the provider's normal business operations.  The bill provider's normal business operations.  The bill also allows for an extension of the deadline for also allows for an extension of the deadline for submission upon agreement of the parties.submission upon agreement of the parties.

Page 25: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

S.B. 1169 By: Janek S.B. 1169 By: Janek

require the subsequent injury fund to require the subsequent injury fund to reimburse an insurance carrier for any reimburse an insurance carrier for any overpayment of benefits made by the overpayment of benefits made by the insurance carrier under Subsection (f) insurance carrier under Subsection (f) based on an opinion rendered by a based on an opinion rendered by a designated doctor if that opinion is designated doctor if that opinion is reversed or modified by a final arbitration reversed or modified by a final arbitration award or order, or decision of the award or order, or decision of the commissioner of workers' compensation commissioner of workers' compensation (commissioner) or a court (commissioner) or a court

Page 26: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

S.B. 1169 By: Janek S.B. 1169 By: Janek contcont

Interlocutory Orders:Interlocutory Orders:

Requires the benefit review officer who presides Requires the benefit review officer who presides at the benefit review conference to consider a at the benefit review conference to consider a written or verbal request for an interlocutory written or verbal request for an interlocutory order for the payment of benefits and, if the order for the payment of benefits and, if the benefit review officer determines that issuance benefit review officer determines that issuance of an interlocutory order is appropriate, to issue of an interlocutory order is appropriate, to issue the interlocutory order not later than the third the interlocutory order not later than the third day after the date of receipt of the request day after the date of receipt of the request

Page 27: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

HB 2004 by: GiddingsHB 2004 by: Giddings

Amends the Labor Code to require certain health Amends the Labor Code to require certain health care professionals who review a workers' care professionals who review a workers' compensation case to hold a professional compensation case to hold a professional certification in a health care specialty certification in a health care specialty appropriate to the type of health care that the appropriate to the type of health care that the injured employee is receiving.  The bill includes injured employee is receiving.  The bill includes similar provisions applicable to dentists and similar provisions applicable to dentists and chiropractors who review services provided in a chiropractors who review services provided in a workers' compensation case, requiring them to workers' compensation case, requiring them to be licensed to engage in their respective be licensed to engage in their respective practices as a condition for performing a peer practices as a condition for performing a peer review, utilization review, or independent review review, utilization review, or independent review of a case.  of a case. 

Page 28: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

S.B. 908 By: Brimer S.B. 908 By: Brimer

Senate Bill 908 amends the Labor Code to Senate Bill 908 amends the Labor Code to continue the State Office of Risk continue the State Office of Risk Management to September 1, 2019, to Management to September 1, 2019, to incorporate various new and revised incorporate various new and revised across-the-board sunset provisions across-the-board sunset provisions relating to the office, and to provide for the relating to the office, and to provide for the confidentiality of state employees' workers' confidentiality of state employees' workers' compensation claim files.   compensation claim files.  

Page 29: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

What’s Hot In Comp ?

Page 30: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

•Medical Fees for Hospitals

•Supplemental Income Benefits (SIBs)

•Medical Disability Rules

•Return to work

Page 31: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

BREAKBREAK

See you in 15 minutesSee you in 15 minutes

Page 32: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Document Recovery: Document Recovery: Ensuring SuccessEnsuring Success

Presented By:Tom McGuire: Catastrophe Operations Manager – Document Recovery Manager – Munters Corp. Region Americas

Page 33: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

IntroductionIntroduction

We create 30% more than we discard!

Nearly 4.5 billion boxes of files stored in North America Alone!

Paperless society?

Introduction

Paperless society?

We create 30% more than we discard or digitize!

There nearly 4.5 billion boxes of documents stored in North America Alone!

Page 34: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

IntroductionYou’ll learn how to ensure success by understanding:

The different types of media.

How to Evaluate situations

How to set the proper expectations

Different Drying Techniques

Page 35: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 36: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 37: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 38: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 39: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 40: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 41: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 42: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 43: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 44: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 45: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

• Records need to be accessible.

• Records need to remain onsite.

Page 46: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 47: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 48: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 49: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 50: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

• All books!

Page 51: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Phase Transition Diagram – Phase Transition Diagram – HH22OO

-100 -50 0 50 100

Temperature (oC)

Pre

ssu

re (

torr

s)

Solid Liquid

Gas760

4.5

Sublimation Curve

Evaporation Curve

Fusion Curve

Vacuum Freeze Drying

Desiccant Air Drying

Thermal Vacuum Drying

Triple Point

Sublimation occurs at 4.5 torr

Page 52: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 53: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 54: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 55: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Books : Blast freeze, the colder the better

Film Keep: cold and wet for restoration

Page 56: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

• Remove High Humidity Damaged materials

Page 57: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 58: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 59: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Helpful Notes: Documents

- Documents will expand by 10 – 15% if Thermal or Desiccant Air dried. However there is no expansion if Vacuum Freeze Dried.

- There are approximately 2,000 pages per cube

Page 60: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 61: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 62: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Control Ambient conditions

Documents – Freeze ASAP

Remove documents from damage

Inventory and discard

Quick Recap

Water Damage

Page 63: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Water damaged X Rays and filmWater damaged X Rays and film Keep the film Cold.Keep the film Cold. Freezing is not necessary, (only for Freezing is not necessary, (only for

long term storage).long term storage). Keep the film Wet.Keep the film Wet. Best dried with desiccant Air.Best dried with desiccant Air.

Quick Recap…

Page 64: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Water damaged filesWater damaged files

Stabilize (freeze) ASAP.

Inventory and discard.

Can be Vacuum Freeze dried or Desiccant Air dry.

Normal moisture content for paper is 6-8%

Quick recap…

Page 65: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Quick Recap..Quick Recap..

Are the Books Clay coated?

How long have they been wet?

What is the status of the environment?

Water damaged Books

Page 66: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Garbage in Garbage OutGarbage in Garbage Out Underwater for more than 24hrs. = Underwater for more than 24hrs. =

questionablequestionable Rebinding and re-casing?Rebinding and re-casing? How many books are affected by high How many books are affected by high

humidity? humidity?

Quick Recap…

Water damaged books

Page 67: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Desiccant Drying

MOST EFFECTIVE WAY TO DRY:

Paper Files

Stock paper

Film Media

Electronic Media

Quick recap..

Page 68: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Vacuum Freeze drying

MOST EFFECTIVE WAY TO DRY:

ALL Books

Clay coated papers

Some Art Work

Quick recap..

Page 69: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.
Page 70: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management: Network SecurityPrivacy Risks

Neeraj SahniAIG Executive Liability

[email protected]

Insurance underwritten by member companies of American International Group, Inc. Any description herein is a summary only. It does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for complete details of coverages and exclusions. Coverage may not be available in all jurisdictions. Issuance of coverage is subject to underwriting.

Page 71: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Identity Theft

In the News…

Data Breach

Computer Hacking

Lost Backup Tapes

Stolen Laptop

Insurance underwritten by member companies of American International Group, Inc. Any description herein is a summary only. It does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for complete details of coverages and exclusions. Coverage may not be available in all jurisdictions. Issuance of coverage is subject to underwriting.

Page 72: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Common Causes

What Caused 181 Data Breaches?

Stolen Equipment

26%

Dishonest Insider

7%

Other Security Failure22%

Missing or Lost Data

9%

Hacking35%

Insurance underwritten by member companies of American International Group, Inc. Any description herein is a summary only. It does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for complete details of coverages and exclusions. Coverage may not be available in all jurisdictions. Issuance of coverage is subject to underwriting.

*Source of Data: http://www.privacyrights.org/ar/ChonDataBreaches.htm,June 28 2006

Page 73: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Key Exposures

Insurance underwritten by member companies of American International Group, Inc. Any description herein is a summary only. It does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for complete details of coverages and exclusions. Coverage may not be available in all jurisdictions. Issuance of coverage is subject to underwriting.

1. Credit card information

2. Healthcare information

3. Personally identifiable information

- customers- employees

4. Business information of others

- Trade secrets

Page 74: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Typical Claim Costs

• Costs to notify consumers: $1 to $2 per individual

• Credit Monitoring Services:$10 to $20 per person per year approx 20% of

individuals accept

• Defense Costs:Typical class action defense costs: $XXX,XXX+

• Legal Liability?

Page 75: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Hospital System: target of class action suit

CD’s containing as many as 260,000 patient records lost as a result of alleged contractor negligence

Suit seeks $1,000 in damages for each class member

Allegations include failure to take reasonable corrective actions as well as a failure to notify

Source: Man sues hospital system over security lapseOctober 31, 2006Associated Press

Specific Incidents

Page 76: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Cost of Incidents…

Major Retailer: $16 Million Charge

Banks and credit unions sue to recover costs of re-issuing cards and fraud losses resulting from a theft of credit card information

Sources:

Breaches of customers' data trigger lawsuits

July 21, 2005

The Wall Street Journal

Big-time ID theft symptom of database culture August 9, 2004

Associated Press

Page 77: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Fast Food Chain: $5.6 Million

The company loses 91% of 2004 profits, & experiences bad publicity as a result of a data leakage incident.

Source: Private Data Leakage Costs Chipotle $5.6M April 11, 2005Denver Post

Cost of Incidents…

Page 78: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

National Retailer: $6.5 Million

Data stolen from computers systems results in charges of $6.5 million

Source: Private Data Leakage Costs DSW Shoe Warehouse $6.5MJune 20, 2005www.infowatch.biz

Cost of Incidents…

Page 79: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

• $715,000: Wrongful release of trade secrets (customer list)

• $2,400,000: theft of personal credit information by employee

• $9,400,000: Wrongful access to database records (class action settlement)

• $5,000,000: Theft of credit card information from server (policy limits loss)

• ???: FACTA Class Action Litigation

Other Incidents

Page 80: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management

• Risk Assessment• Risk Control• Risk Financing

Golden Rule of Risk Management:For each exposure to loss, an organization should employ at least one risk control, and at least one method of risk financing.

Risk Management

Page 81: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Assessment• Information Inventory & Classification

• Policy: What is our policy?

– Elements of a good policy…• What information is maintained?• Why do we collect this information?

– Have a business need for what you collect!• Where/how is it maintained?• Who is authorized to use it?• How is the information controlled?

– Don’t treat all information the same!

• Tools: Compliance Audits and Checklist

Risk Management

Page 82: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Controls

• POLICY!– Implement a comprehensive policy– Assign responsibility for enforcing policy– Train employees on how the policy applies to them

• IT-Security– Firewalls– Anti-virus – Encryption – System Access Policy– Passwords

Risk Management

Page 83: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Controls (continued)

• Physical Security– Access cards/badges– Visitor procedures – File Storage

• Vendor Management– Responsibility– Hold harmless/indemnification– Contract Termination Rights

• Record Disposal Procedures

Risk Management

Page 84: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Controls

• Incident Response Planning– Incident Reporting

• Human Controls– Hiring– Training– Clean Desk Policy

Risk Management

Page 85: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Financing:• Goal: avoidance of unplanned retention!

• Retention:– Cash on hand– Accounting Reserves

• Funded or unfunded

• Contractual Transfer– Vendor Indemnify

• Insurance

Risk Management

Page 86: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management

Security & Privacy Insurance:

Third party liability coverage resulting from a disclosure or breach of private or confidential data, including:

• A failure of an insured’s computer network security;

• Wrongful release or disclosure of information by the insured, the insured’s employee or another third party;

• Failure to protect personally identifiable information from misappropriation and;

• A violation of any federal, state or local privacy statute - HIPPA Privacy Rule

Page 87: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management

Security & Privacy Insurance (Continued)

Crisis Management Expenses• Costs to notify consumers of a data breach to maintain customer goodwill.• Costs to provide credit monitoring• Reasonable and necessary printing, advertising, mailing of materials

Page 88: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Conclusions:

Significant claims, loss and incident activity• Increasing public concerns

Frequency of class action claims is increasing• Plaintiff attorneys focusing on proof of damages• Minor damages for large groups = significant potential loss

$1,000 X 260,000 = $260 million!!!

Risk Management – 3 critical steps• Risk Assessment, Risk Control & Risk Financing

Page 89: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Thank you

Neeraj [email protected]

Insurance underwritten by member companies of American International Group, Inc. Any description herein is a summary only. It does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for complete details of coverages and exclusions. Coverage may not be available in all jurisdictions. Issuance of coverage is subject to underwriting.

Page 90: Risk Management User Group October 18, 2007. WELCOME Michael L. Hay, CRM, CGFM, CPPM.

Risk Management Risk Management User GroupUser Group

Thank you for attendingThank you for attending

Happy Holidays!!Happy Holidays!!


Recommended