Hays Companies recently joined the National Safety Council’s Road to Zero initiative, a partnership focused on ending traffic fatalities – a leading cause of unintentional deaths. The goal is safe mobility for all people through a coordinated, data-driven approach. As a partner of the Road to Zero Coalition, Hays will work to develop priorities and encourage stakeholders to take action to meet the goal of eliminating traffic fatalities by 2050.
It might seem like a lofty goal, but key stakeholders believe it is possible. “The aim of Road to Zero is to get to zero deaths by 2050,” says Debbie Hersman, the president and CEO of the National Safety Council, the lead on the Road to Zero initiative. “That’s the goal. We’ve done this with aviation—there have been several years with zero deaths in commercial aviation—and a lot of people thought that was impossible.”
At Hays Companies, we have continued to make distracted driving our national safety focus as an organization.
We are committed to the safety of our employees and clients on our roadways. We’ve been incredibly moved by our VP of Risk Management Services, Tom Goeltz, and his personal story with losing his daughter due to an alleged distracted driver. Goeltz is actively building national awareness as a legislative advocate and frequent public speaker on how to help keep employees and their families safe. Our Road to Zero Coalition partnership exemplifies the importance and value we at Hays Companies place on safety, and how we can work together to combat this epidemic.
“It’s not impossible – it just hasn’t been done yet. Working together, we will find new solutions to old problems and eliminate these preventable deaths,” said Tom Goeltz.
Looking for an employer toolkit on Distracted Driving? Consider these resources:
Pandora. GPS. Radio Commercials. Drinking Coffee. Talking to your kids in the backseat. Even if you’re not texting behind the wheel, chances are high that something happens while you’re driving that prevents you from giving the road your full attention. And while most of these activities seem fairly innocent, taking only a second or two to address, they each represent a different form of distracted driving that can dramatically increase your risk of an accident.
Fully 94% of all vehicle crashes are caused by human error – a sobering fact when you consider the real life implications behind the statistics. Hays Vice President of Risk Management Services, Tom Goeltz, understands this better than most as his daughter, Megan Goeltz, was killed at the age of 22 by alleged distracted driver, leaving behind a three-year-old daughter and a loving family.
For Goeltz, distracted driving is a national epidemic. OSHA agrees, having launched a distracted driving initiative in recent months. In a supporting compliance article, the administration states “The top priority of the Occupational Safety and Health Administration (OSHA) is keeping workers safe. While workplace fatalities have been decreasing in recent years, motor vehicle crashes continue to be one of the leading causes of death among American workers.” In addition, a study conducted by the University of Utah discovered that cell phone users demonstrated higher levels of impairment then drivers who had been drinking.
To prevent distracted driving, OSHA recommends implementing policies that prevent individuals from reaching for their phones in the first place. Goeltz supports the position, arguing that breaking the habit of distracted driving requires a similar mentality shift as our approach to drinking and driving. In our society, driving under the influence has become a universal taboo, resulting in using a designated driver or a service like Uber. As Goeltz says, the same can be done with distracted driving habits.
With their most recent iOS update, Apple will be doing their part to keep the roads safe with the new “Do Not Disturb While Driving” feature. The feature, which will be triggered when a phone is connected to a car via Bluetooth or cable, will withhold all notifications while the car is moving. Users will still be able to access Apple Maps, but the majority of apps will stay locked for the duration of the drive.
Not an iPhone user? Goeltz offers some additional tips to prevent distracted driving:
Turn your phone off or put it in airplane mode.
Use a Cell Slip, which blocks all incoming and outgoing cell phone signals while the phone is in the slip or keep your phone out of reach.
Have an App installed on your phone to silence incoming texts, emails, phone calls. We recommend one of the following:
At Hays, our Private Client Group works to insure protection for every lifestyle. Whether it’s Home and Auto, Directors and Officers liability, Life Insurance, Disability or Long Term Care or unique areas of risk, such as kidnap and ransom, aviation, equine, or valuable articles, we’re here to help.
With expertise in the industry spanning 35 years, we have gathered five essential tips you need to know to protect your home and other assets:
1. Your Advisor Should Help Organize your Insurance Program.
With numerous assets acquired over time, it’s common to insure them with many different programs, often leaving your assets unorganized and expensive to manage. This can lead to gaps in coverage that will only be revealed when a claim is unexpectedly denied.
2. Be Presented With Options.
The benefit of retaining an independent insurance agent or broker is that they are working in your best interest. You should be frequently presented with options to organize your coverage.
3. Have Enough Personal Liability Insurance.
If a lawsuit puts your assets at risk, the last thing you want to worry about are insufficient limits. Make sure your liability coverage limits exceed your net worth. The Hays team can help you determine this value.
4. Be Certain of Your Insurer’s Financial Strength.
Always look for financial stability when choosing your insurer. It’s important your provider is strongly capitalized and will be able to pay your claims. Look for insurance companies rated “A” or “Excellent” by A.M. Best.
5. Work With High Net Worth Insurance Specialists.
Complex insurance situations require specialists. If you have a net worth of $2 million or more, most insurance carriers are not equipped to address your complex personal risk management needs.
Hays Private Client Group thrives at being problem-solvers in complex insurance situations. To contact us or to discover how we can keep your valuable assets protected, visit us here. Come experience The Hays Difference.
Mark your calendars! The following educational seminars have been announced for 2018.
Preparing for a DOL Audit – Deb Linder, Fredrikson & Byron, P.A.
Are you prepared for an IRS or DOL audit? In this seminar, we will review the documents and information needed to help you prepare for an audit, highlight common issues raised and discuss correction options.
Debra is a shareholder in the Compensation Planning & Employee Benefits Group at Fredrikson & Byron, P.A. Her practice involves a full range of employee benefit programs. She advises large and small public, closely- held, and tax-exempt employers on plan design, administration, and compliance issues.
Wednesday, April 18, 2018: 8:30 – 10:30 AM
Midland Hills Country Club
Managing Generational Diversity – Steve Baue, CEO of ERC: Counselors and Consulting
Teams are more diverse than ever before and, in today’s market, talent is scarce. Today’s leaders must look for ways to engage every employee, drive retention, and achieve peak performance. Seminar attendees will learn what makes our personalities tick, the generational influences, what almost every employee wants from their work, and ‘real-world’ leadership techniques that produce true results.
Steve Baue is the President / CEO of ERC, the award-winning Green Bay-based EAP and performance consulting company. ERC is known for its outstanding mental health counseling and strong reputation for organization and leadership development.
Thursday, May 17, 2018: 11:30 AM – 1:30 PM
Golden Valley Country Club
Change your focus from managing talent to activating it-Today! –Kelly Johnson with The Marcus Buckingham Company, an ADP Company
Today’s increasingly competitive marketplace paired with the low unemployment rate has made attracting, retaining and developing talent a top priority for HR as your people remain a huge differentiator for you. Join The Marcus Buckingham Company, An ADP Company to learn why HR needs to change its focus from managing talent to activating it – today.
Kelly Johnson is a Talent Executive with Fortune 30 experience. As a Strategic Consultant for The Marcus Buckingham Company, she works with organizations and teams to achieve exceptional talent performance and engagement through dynamic and strength-based strategies.
Wednesday, July 18, 2018: 8:30 – 10:30 AM
Midland Hills Country Club
Annual Review – Preparing for 2019
An annual crowd favorite! Come recap the year’s most notable legislative updates and get ready for 2019 with the Hays Research & Compliance team.
Thursday, September 13, 2018: 2:00 – 5:00 PM
Golden Valley Country Club
Registration for each seminar and complete details will be made available closer to the actual date of the event
What do they have in common? You guessed it — they’ve all experienced major data breaches that exposed tens of millions of users’ sensitive personal and/or financial data. Yahoo was actually victimized twice, each attack compromising hundreds of millions of users. (Oh, Yahoo.)
Your company is vulnerable
Big-company cyber incidents are understandably newsworthy, but they’re really just the tip of the iceberg. Most incidents go unreported in the media, even in wonky tech blogs, because they directly impact fewer people or fail to compromise critical systems.
A 2016 FBI report put the average daily number of U.S. ransomware attacks at 4,000, a 300% increase from2015.
That figure doesn’t count other types of cyber-attacks, such as phishing. Check your spam folder when you get a chance — it’s a virtual certainty that some of those sketchy emails contain malicious files or links.
Insurance can help
“Cybersecurity insurance is a misnomer,” says Dave Wasson, Vice President and Cyber Liability Practice Leader at Hays Companies in Minneapolis. “‘Privacy and security insurance’ is more accurate. Lots of claims have nothing to do with hacking — someone forgot to shred a sensitive document, maybe.”
For brevity, we’ll call it cybersecurity insurance. It exists because general commercial liability policies typically exclude digital and analog privacy and IP threats.
Cybersecurity insurance policies provide financial redress for a broad range of potential threats: the U.S. Department of Homeland Security cites “costs a from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations.”
How to approach cybersecurity insurance
Many owners and execs have only a tenuous handle on their companies’ digital and analog vulnerabilities.
“A significant portion of what we do is educational,” says Wasson. “With new clients, the key question is: ‘Is your understanding of your exposure correct?’”
Some companies mistakenly believe they’re taking adequate measures to address perceived vulnerabilities, which they may or may not fully understand. Others affirmatively avoid due diligence on the not-incorrect assumption that actively researching the threat landscape eliminates plausible deniability and increases liability.
At least one large, well-known Minnesota company takes this “head in the sand approach,” says Wasson. (He declined to identify the firm.) Wasson is not a fan: “That’s like saying you’re healthy because you haven’t gone to the doctor,” he says. Self-insuring against privacy and security threats is doable for larger companies with the resources to absorb the cost of a cyber incident, but “understanding potential threats is always better than not understanding.”
What it costs, what it covers
Needless to say, most sizable companies do carry cybersecurity insurance policies. Coverage is increasingly common among SMBs too. When resources are tight, any significant cybersecurity incident is a grave threat.
“For small businesses, you can find good quality policies, not pared down at all, for less than $1,000 per year,” says Wasson. The lower end of the market, below $50,000 per year, is growing fast. (The costliest policies, built for Fortune 1000 firms, cost more than $1 million per year.)
Like other forms of insurance, cybersecurity insurance products are highly customizable, but most policies have seven basic coverages. The devil is usually in the details. Wasson advises clients to pay close attention to three key issues:
“Failure to maintain” clause: This exclusion penalizes policyholders who fail to execute or maintain stated security practices. “It basically says, ‘If you say you have a particular safeguard in place and you don’t, we’ll deny your claim,’” says Wasson. He strongly advises against buying policies with “failure to maintain” clauses.
IP protection: Cybersecurity insurance newbies are often disappointed by policies’ anemic or nonexistent intellectual property coverages. Some policies do cover NDA-protected IP compromised in a breach. Premiums may be higher, though.
Bringing in outside experts: Does the policy let you bring in your own legal and forensic IT experts after a breach? Some force policyholders to choose from approved professionals; using non-approved experts could compromise or even void your claim. “It’s like the requirement that you select a provider in your health insurer’s network,” says Michael Cohen, head of the Global Privacy, Cybersecurity and Data Protection legal team at Minneapolis-based Gray Plant Mooty.
Data breach? Minimize exposure and get the response right
Cybersecurity insurance alone can’t prevent privacy and security incidents. Insurers require, incentivize and recommend that policyholders take steps to mitigate their exposure.
Established regulatory structures are non-negotiable. For instance, policyholders must abide by the Payment Card Industry Data Security Standard (PCI DSS), an electronic payments security framework backed by major credit card issuers. Healthcare and finance companies must follow other frameworks.
Insurers incentivize the adoption of other safeguards, like robust encryption. “Encryption is one of the few things that has an actual causal impact on policy pricing,” says Wasson.
“The better your encryption, the less you’ll pay.”
Be honest about your data security practices and degree of exposure: On your cybersecurity insurance application, honestly disclose your exposure and mitigation practices. Even absent a “failure to maintain” clause, a misleading or incomplete application could lead to inadequate coverage. Plus, says Cohen, “Being recognized as a leader in data security benefits your organization in the marketplace.”
Don’t needlessly retain data: “Most companies don’t need to collect Social Security numbers,” says Wasson, “and they certainly don’t need to keep them in unencrypted files on mobile devices.” Only collect and retain data needed for essential business functions.
Take special care with legacy systems:
Many companies run key processes on functionally obsolete, unsupported IT systems. This is sub-optimal for all sorts of reasons, but overhauling is costly and disruptive, so it happens. Unfortunately, breaches can wreak havoc on legacy systems, which typically need to be overhauled after the fact anyway. When I spoke to Wasson, he was helping a client through a catastrophic ransomware attack made worse by the forensic impenetrability of its ancient IT. With no backup, the client had to shut down for a month to upgrade its systems and get out from under the attack. (Also relevant: Back everything up!)
Know your obligations under the law:
Legally mandated notification requirements may greatly increase post-breach costs. Firms must abide by notification rules in affected individuals’ home jurisdictions. Said rules vary widely, so firms typically adhere to standards in the strictest state in which they operate. Still, you need an attorney to work through dense regulatory language. To handle high notification volumes, you’ll need to retain a specialized firm.
Create an incident response team:
Don’t wait until it’s too late to build an incident response team. The point person (“breach coach”) should be an attorney experienced in handling data breach matters, whether in-house counsel or an outside expert like Cohen. Add at least one member from HR, IT (inside or outside), marketing or PR (inside or outside), finance, and upper management. Define each member’s role in the event of an incident. Mind insurance company restrictions — remember Cohen’s attorney networks.
Have an incident response plan ready:
Different scenarios call for different responses, but your first call should always be to your designated attorney. They’ll quickly assess the situation’s severity and determine what needs to happen next. If the situation warrants, “next” means a call to the FBI, which has a first-rate cyber forensics team. “The FBI is very discreet,” says Cohen. “Your business won’t leak just because they’re involved.” They may also know about other incidents that hold clues to your own.
You should do these six things “even if you choose to forgo cybersecurity insurance,” says Cohen. After all, fortune favors the prepared. And the careful.
WHAT CYBERSECURITY INSURANCE COVERS:
Privacy Regulatory Defense and Penalties: Covers regulator-assessed penalties and fees, where allowed by law, as well as costs associated with “complying with or defending against a privacy related regulatory investigation” by certain state and federal agencies or authorities.
Breach Costs: Covers costs directly associated with breach response, including notification to potentially affected parties, computer forensics, legal expenses, public relations campaigns,
and ongoing identity theft protection and monitoring.
Multimedia Liability: Covers “claims alleging intellectual property infringement [copyright infringement, defamation and libel, common law privacy rights, plagiarism or piracy, misappropriation of ideas] arising out of the advertising of a company’s goods or services, either online or offline.”
Business Interruption: Covers loss of income if the insured party is unable to conduct business “due to a malicious third party hacking event.”
Data Recovery: Covers costs associated with digital asset replacement, such as software licenses and proprietary software. May be combined with business interruption coverage.
Cyber Extortion: Covers costs associated with ransomware attacks, including investigations to determine whether the threat is credible and the cost of complying with the attackers’ demands (e.g., paying the ransom).
2017 was another eventful year for Employee Benefits and Compliance:
• The House passed an ACA repeal and replace bill but the Senate failed to do so – we will discuss what this means.
• Employers and health insurance carriers went through a second round of reporting of health care offers and coverage for 2016 – the reporting requirements are still “on the books.” What is the IRS doing about it?
• The ACA and HSA out-of-pocket maximums for 2018 were updated – we will review these requirements and why plans need to know how these two laws interact.
• Self-insured plans, essential health benefits (EHB) and benchmark plans are still tied to the ACA’s prohibition on lifetime and annual limits – maybe this is an area ready for a bipartisan update?
This webinar is an opportunity to get ready for 2018 and ensure you are in compliance with the laws and changes for the upcoming year.
Provided via the link below is a recorded presentation of the Hays Benefits Research and Compliance Department’s presentation Annual Review and Preparing for 2018. Feel free to watch the recorded presentation at your convenience by clicking on the link, below. The presentation is approximately 40 minutes long.
The IRS recently released the 2017 draft versions of the 1095-C, 1094-C, 1095-B and 1094-B forms for use in reporting coverage offers under the Affordable Care Act.
Generally, employers will use the Form 1095-C to report offers of health plan coverage to the individual and will also use Form 1094-C, which is then provided to the IRS.
There are a few changes to the forms and instructions from previous years, none of which are too drastic. Here is what has changed:
· Section 4980H Transition Relief. Several forms of transition relief were available to some employers under Section 4980H for the 2015 plan year (including any portion of the 2015 plan year that fell in 2016). However, no Section 4980H transition relief is available for 2017. Form 1094-C has been revised to remove references to this transition relief.
Specifically, the two sections on Form 1094-C and 1094-B related to this transition relief have been designated as “Reserved” and should not be used. They are:
Part II, in the “Certifications of Eligibility” Section on Line 22, Box C
Part III, in the “ALE Member Information – Monthly” table, column (e).
· Instructionsfor Recipient. The Form 1095-C and the 1095-B include an “Instructions for Recipient” section which states: “Additional information. For additional information about the tax provisions of the Affordable Care Act (ACA), including the individual shared responsibility provisions, the premium tax credit, and the employer shared responsibility provisions, see www.irs.gov/Affordable-Care-Act/Individuals-and-Families or call the IRS Healthcare Hotline for ACA questions (1-800-919-0452).”
· Updated Penalty Amounts. The adjusted penalty amount for 2017 is $260 per violation, with an annual maximum of $3,218,500 (up from a maximum of $3,193,000, for 2016).
· Code Series 2 (Section 4980H Safe Harbor Codes and Other Relief). The 2017 draft instructions for Forms 1094-C and 1095-C clarify that there is no specific code to enter on line 16 to indicate that a fulltime employee who was offered coverage either did not enroll or waived the coverage.
· Corrected Forms 1095-C. The 2017, the draft instructions indicate that Forms 1095-C filed with incorrect dollar amounts on line 15, Employee Required Contribution, may fall under a safe harbor for certain de minimis errors. The safe harbor generally applies if no single amount in error differs from the correct amount by more than $100.
If the safe harbor applies, employers will not have to correct Form 1095-C to avoid penalties. However, if the recipient elects for the safe harbor not to apply, the employer may have to issue a corrected Form 1095-C to avoid penalties. For more information, see Notice 2017-9.
· Formatting Returns Filed with the IRS. Both sets of 2017 draft instructions clarify that all returns filed with the IRS must be printed in landscape format.
Remember, Forms 1095-C and/or 1095-B must be provided to individuals by January 31, 2018. Form 10945-C and/or 1094-B must be filed by February 28, 2018 if filing a paper copy. If filed electronically, it must be sent no later than March 31, 2018.
Please contact your Hays Companies representative for more information on reporting under the Affordable Care Act.
MINNEAPOLIS, MN – Frank Bacon has been named as a National Pharmacy Consultant within Hays Companies. The Pharmacy Practice serves employee benefits clients to better manage the effective delivery of prescription benefits while maximizing cost efficiencies within organizations.
Bacon joined Hays Companies in 2016, bringing over ten years of pharmacy experience with him. Prior to coming aboard the Hays team, Bacon served as a PBM Network Pricing Consultant for one of the nation’s largest Pharmacy Benefit Managers. He draws on that experience while advising Hays’ clients on how to best manage and mitigate prescription related costs. Bacon’s unique insights are invaluable in navigating the complicated pharmacy benefits systems.
His new responsibilities will include advising Hays clients in PBM contracting and pharmacy benefit design.
Approximately 3,000 state and local agencies are responsible for inspecting more than one million food establishments in the United States, according to the Food and Drug Administration (FDA). Health inspectors investigate a company’s food handling, preparation and storage procedures to ensure that food is fresh and the environment in which it is prepared is sanitary. The Center for Disease Control (CDC) reports that approximately 48 million Americans get sick, 128,000 are hospitalized and 3,000 die of foodborne illness each year.
On average, state health departments conduct health inspections two to four times per year.
There are three types of inspections:
1. Routine inspections are usually unexpected. The inspector examines of all aspects of your restaurant to ensure compliance with state health codes.
2. A complaint inspection happens after customers observe unsafe food practices or complain they got sick as a result of dining at an establishment.
3. A follow-up inspection occurs after a restaurant was issued a violation and was given a certain amount of time to correct the violation.
Mandated by law, health inspections cannot be avoided. Take a proactive approach and you’ll always be prepared for an unexpected inspection. While consistent readiness may not always be feasible, it’s an important goal to work towards.
Having preventative measures in place will help you during a health inspector’s visit. Here are some ways to stay on top of inspections:
· Research your local and state laws regarding health inspections. Laws vary from state to state. Know what laws are applicable to your establishment.
· Obtain a copy of the food service inspection checklist for your state and regularly conduct your own health inspections to ensure your business is ready for the day when the real inspector shows up.
· Consult the FDA website for a current copy of the Food Code, which offers suggestions and best practices for food safety and health inspections. Many state laws have been modeled after this document.
· Join your state’s restaurant association to stay on top of state regulations regarding food safety, foodborne illness and health inspections.
· Require employees to take food safety courses and make safe food handling and preparation a priority in your company’s culture. Display food safety posters and other relevant safety information in the kitchen, at hand washing stations and in the employee break room so information is readily available to all employees.
For more information about health inspections, managing your risks and obtaining insurance for your business, please visit https://www.hayscompanies.com/contact-us/ to get in touch with your local consultant.
As of Monday, Irma has officially been downgraded to a tropical storm.
After battering its way up Florida over the weekend, Irma has moved through Georgia and South Carolina, leaving nearly fifteen million without power as flooding and winds continue to produce damage. Currently, officials are predicting that it could take up to ten days for all of the affected areas to have full power restored.
And although the storm is over, it does not mean that the danger has subsided. If you or a loved one is in an area that was affected by Irma, please follow these safety tips as provided by the Centers for Disease Control and Prevention to keep safe as rebuilding efforts begin:
Track all expenses you incur to mitigate your loss and continue business.
Exercise caution when inspecting damage. Do not try to inspect damaged utilities and appliances; contact a professional to do so.
Do what you can to prevent further damage to your property, (e.g., putting a tarp on a damaged roof), as insurance may not cover additional damage that occurs after the storm.
Secure Inventory – prior to a storm’s arrival, you should have compiled an inventory of all of your possessions at your home or business. If you did not create one, start as soon as possible.
File a Claim Immediately – it is in your best interest to file a claim as quickly as possible. Insurance adjusters may not be able to access the property right away, but it helps insurers to know where to look for damage and how to contact you in the coming weeks.