Different businesses continue to use the term “customer insight” (CI) to mean different things. Even in a recent poll of more than 100 customer insight leaders, only half considered data management or database marketing to be part of customer insight. The majority also had only research reporting into them, not analytics. Does that ring true with your role? In June, I shared a definition of customer insight that I find useful: “A non-obvious understanding about your customers, which, if acted upon, has the potential to change their behavior for mutual benefit.” I would stress four parts of that definition: First, that insights are non-obvious. They normally require the convergence of evidence from multiple sources to help spot themes, so you can then dig deeper for motivations. Second, that true insights need to be actionable. There is no point learning something unless you can change commercial results or customer experience as a result. Third, a good test of an “insight” is whether acting on it is powerful enough to change your customers’ behavior (not just data to target those you believe will act as they have in the past). Fourth, in this “Age of the Customer,” the importance of trust should mean any insight has the goal of mutual benefit for the organization and the customer. Anything else is short-term success for long-term value erosion. You may need to wear many “hats” to achieve that kind of insight production from your team. As an earlier post listed, you may need to be a data scientist, psychologist, artist, storyteller, sales coach, economist and people leader. Quite a challenge, and perhaps one reason why leaders like that are hard to find. Some people suggest that customer insight is making use of your data, with the current buzzword being “big data." But it is possible to be drowning in data and still none the wiser about your customers. Perhaps as a result, some leaders appear to equate CI with behavioral analysis and statistical modeling (with the buzzword here being “predictive analytics”). Such analytics can be very powerful, but, without an understanding of why customers are behaving as they are, it won’t pass the test of our insight definition. You may assume that CI as a term applies to research, qualitative and quantitative activities focused on that “why” question. But with the unreliability of self-reporting and the need to behaviorally test what customers actually do, to identify any behavioral economic biases at play, can this really be relied upon by itself? So, you might conclude that the only way to know the reality is to test and learn, using targeted communications and measurement from database marketing. That is also very useful, but what understanding helps create what should be tested? As is probably obvious from my definition, I would recommend that all four of those technical disciplines are needed, to create true customer insights. However, it is not just these separate parts operating effectively in isolation, but the synergies and insights that can be realized by the working together in collaboration. As I’ve heard different experts speak on this topic over the years and seen the progress of customer insight leaders in the field, it seems to me that we are talking about an ecosystem. So, the challenge for CI leaders becomes how to nurture this ecosystem, ensuring each part fulfills its potential and acts symbiotically with others to produce the healthy fruit of actionable customer insights (in a way that feels more organic than mechanistically following a set process). Ensuring a consistent source of quality data for all the technical teams is at the heart of this ecosystem. Then using that data will need to be skilled research, analytics and database marketing teams (brought together in one CI function). Real growth, however, it appears, happens when you use these parts together. For example, converging the evidence from analysis and research to produce a more robust picture of how customers are feeling and acting and why. That should enable hypotheses to be generated as to how customers would feel and act if you did something different. Offering something different (communication/experience/product) can then be tested with experimental design using database marketing skills. Once you can see any changes in customer behavior as a result, also check out the feelings of customers and observe the touch points to get a feel for their new experience. Such research and analysis output then brings us back to the stage of converging evidence and looking for themes (a virtuous circle of continuous improvement). There is more to customer insight generation than that. Perhaps I'll post another time about applications like generating insights for proposition design. But, for now, I wanted to share what is becoming a standard model for me in helping clients. Do those themes resonate with you? Any other tips you can share?

Building on the inaugural 2012 insurance consumer study, the 2014 EY survey asked 24,000 individuals in 30 countries about their relationships with insurance providers, and what matters most across the lifecycle. Their answers show that customer-centricity has never been more important across the global industry -- and that insurers have considerable work to do in developing stronger, mutually beneficial relationships. The time has come for insurers to engage fully in all of their customer relationships and find new ways to deliver value to their customers. Key Numbers

• Only 14% of customers are very satisfied with current outbound communications from insurers.
• 44%  of customers have had no interactions with their insurers during the last 18 months.
• 80% of customers are willing to use digital and remote channel options for different tasks and transactions.

Key Findings

1. High turnover and low trust signal serious relationship issues. Insurers are less trusted than banks, supermarkets, car manufacturers and online shopping sites. The survey results also reveal that far more insurance consumers actually switch insurers than express an intention to switch — an almost unprecedented finding in market research.
2. Just because they leave you doesn't mean they don't love you. Traditional notions of loyalty and advocacy don't necessarily apply to insurance consumers. "Advocates" are not necessarily loyal, meaning that "likelihood to recommend" metrics are largely irrelevant. That "alumni consumers" may be open to purchasing new policies in the future underscores the need for deeper, more detailed customer intelligence across segments.
3. Insurers have so few interactions with their customers that each one becomes a moment of truth. Consumers have so few interactions with their insurers that even the simplest administrative tasks can become a "moment of truth" that shift the perception of insurers or brokers in the consumers' minds. How insurers perform in these instances can lead directly to coverage increases and new policy sales.
4. Consumers want more frequent, meaningful and personalized communications. A full 57% of global insurance consumers, across all product types, prefer to hear from their providers at least semi-annually. Today, only 47% receive that level of contact. In an era when many consumers feel bombarded by push communications and suffer from information overload, it is particularly interesting for survey respondents to express a desire for more communications.
5. As consumers embrace digital, insurers must rethink their distribution strategies and partner relationships. While consumers still gravitate toward traditional contact methods, digital and remote options are fast reaching parity for a range of tasks and inquiries. No matter their precise distribution strategy and service models, insurers need to offer consumers the right mix of channels to maintain healthy relationships — and prepare to manage the potential channel conflict that is likely to result.

The Right Response for Insurers

1. Long-term market success begins with stronger, deeper customer relationships.
2. Insurers must take more responsibility for the health of all customer relationships, regardless of distribution channel.
3. Insurers must master both product and customer experience design.
4. Advanced analytics will define the market-leading insurance enterprise of tomorrow.
5. There is an opportunity for insurers to become true risk mitigation partners, in addition to quantifying and pricing risk.

For the full report, click here.

The HR/safety director at a large national construction company, who was the first to use OSHA-sanctioned medical exams conducted outside the workers' comp system, said the program is "extremely successful" and may have saved the company as much as $1 million in workers' comp expenses over the past few years.

The company, which has asked not to be named, has had employees sign contracts agreeing to diagnostic tests based on OSHA medical exam regulations. But when the company wanted to us a test result in front of the New York State Workers' Comp Commission, the company's insurance lawyer strongly advised against doing so -- the insurance lawyer told the company lawyer she might go to jail!

The company contacted Ted Ronca, a leading workers' comp and disability attorney and author based in New York. Ronca said a section in OSHA record keeping regulations (attached below) allowed an employer to schedule a contemporaneous exam with a medical provider of its choice, at the same time a worker was being examined as part of the workers' comp process. The employer could then request a release of HIPAA-protected medical records from the worker. Ronca made a written request to OSHA and received an official letter of clarification and refinement, which was noted in my ITL article in October, Has OSHA Become a Friend to Insurers?

Both Ronca (reachable at medsearch7@optonline.net) and I were very surprised to learn of these regulations, which can help an employer push back against any overstatement of the injury done to the worker. But as anyone who has worked in the HR/disability world knows, there is a whole alphabet soup of federal regulations involving both occupational and non-occupational disability programs, including ERISA, SSDI, ADA, FMLA, EEOC, OSHA, DOT and both federal and state workers' comp laws, not to mention scores of management/union-negotiated disability benefit programs. None of these programs are actually aligned with one another. Most are run independently from each other by different federal agencies. And most large employers have different internal staffs and outside vendors or insurance companies that administer these various disability/paid-time-off programs.

A retired New York workers' compensation judge said that uncovering the OSHA regulations was "brilliant" and that state courts wouldn't override them. He said the first thing judges are trained to do is "not touch" any other laws in workers' comp cases. A workers' comp judge would have no authority whatsoever on federal OSHA regulations.

An employer has an unequivocal right to schedule a contemporaneous exam under OSHA record keeping regulations, outside of state workers' comp systems. How and when to use these exams is a whole other matter. Their use is not based on any case law. Case law does not exist here. Usage is based on what Ronca has done with the major construction company and other clients. In fact, OSHA exams are now formerly a part of the construction company's employee contract protocol as a union contractor.

The new employment contract includes all the typical rules and regulations but also contains a provision on how to report all work-related injuries and the requirement that the injured worker must go to a company-provided medical/diagnostic exam, paid for 100% by the employer. In addition, new employees or contractors must undergo a confidential post-hire baseline range-of-motion medical exam, which is not read but kept in a private file and used only if there is a subsequent, work-related injury reported.

Ronca and the company have headed off potentially difficult or fraudulent claims, often without ever going to court, since implementing their program in late 2011. It would typically take as long as 18 months to schedule a hearing or independent medical exam (IME) through the state work comp system. Now, the company can take a very active role from the time of injury.

Among the first test cases was a classic type involving an employee who filed a work comp claim, after being fired, for aggravation of a pre-existing back condition. The OSHA-sanctioned medical exam confirmed there was no aggravation of a pre-existing condition. Furthermore, it was discovered that the employee was working a second job "under the table."  No claim was filed.

Ronca says that, depending on results of the OSHA-sanctioned exams, he may be able to tell the employee's work comp attorney, "Your client is a liar." The client and attorney will not show up for a hearing.

In another case, the HR/safety director at the construction company said an attorney at her work comp carrier read the OSHA medical exam report and said, "I have never been so prepared for a hearing."  This was another complicated claim involving aggravation of a pre-existing shoulder and neck condition. The carrier was going to settle for $80,000. Instead, the case was settled for $12,000 when it was determined there was no aggravation of the shoulder injury, only of the neck.

Another case in California involved aggravation of a pre-existing condition, where the claimant claimed total disability as a result. The medical exam found a slight aggravation, but the employee refused to return to work. The company went as far to arrange a modified-duty job with the nonprofit Habitat for Humanity, at full pay and benefits, but the employee refused. The company pointed out the situation to the company union. After a 5 1/2-month stand- off, the employee returned to full duty and dropped his work comp claim.

Ronca feels the strongest tool offered by the OSHA regulation is the ability to obtain prior medical records. He also stressed that the whole goal is to get the employer involved in workers' comp claims from the moment of injury.  Early intervention is a well-known standard and best practice in workers' comp. An OSHA exam is tool employers may use in selected cases.

The construction company is trying to do the right thing -- that is, get the injured worker an early exam to help determine the correct diagnosis and treatment, which is in the best interest of both the employee and the employer. The OSHA exam should also be used if the employer suspects fraud or abuse, pre-existing conditions, employees working second jobs, etc.

Bob "Red" Hollingsworth, CEO of CompMinder in Salt Lake City, is now using this approach and has updated the CompMinder injury reporting tool he offers to employers. There is now a section that asks the employer if it wants to schedule an OSHA exam? If yes, Hollingsworth (reachable at Bob@buckner.com) has arrangements with a highly qualified occupational medical director to set-up a pre-planned program. It is critical that the employer do this directly with medical providers. The work comp carrier or TPA cannot pay for or schedule such an exam.

The work comp folks can't be involved, so non-believers need not apply. But the employer can!

ADDENDUM -- OSHA REGULATIONS UNDER SECTION 1904

"OSHA record keeping regulations permit an employer to request a prompt medical exam and release of HIPPA protected prior medical records outside the workers' compensation system in order to help understand the link between workplace factors and injuries and illnesses in particular cases."

Key Points

The medical exam must be paid 100% by the employer with the provider of its choice outside the workers' compensation system.

An insurance company or third party administrator cannot schedule or pay for such exams because they cannot act outside the state workers' comp system.

The costs of such medical exams are not included in a company's workers' comp costs nor experience modification calculation.

The employer can choose what medical provider's opinion they consider to be the most authoritative for record keeping purposes.

Employee must submit to a prompt medical exam when requested by the employer and release of HIPAA-protected medical records.

Medical information and records obtained through this process can be discoverable with proper procedure and subpoena in workers' comp cases.

OSHA 300 LOG Recordable Rules-1904

Key Language

In certain circumstances, OSHA record keeping requirements permit an employer to choose between two conflicting medical opinions. When an employer receives contemporaneous recommendations from two or more physicians or licensed health care professionals about the need for medical treatment, the employer may decide which recommendation is the most authoritative and record case based on that recommendation.

1904 Frequently Asked Questions

If a physician or licensed health care professional recommends medical treatment, days away from work or restricted activity as a result of a work-related injury or illness, can the employer decline to record the case based on a contemporaneous second provider's opinion that the recommended medical treatment, days away from work or work restrictions are unnecessary, if the employer believes the second opinion is more authoritative?

OSHA ANSWER IS YES

HOWEVER,  

Once medical treatment is provided for a work-related injury or illness, or days away from work or restricted work activity has taken place, the case is recordable.

"If there are conflicting contemporaneous recommendations regarding medical treatment or the need for days away from work or restricted work activity but the medical treatment is not actually provided and no days away from work or work restrictions have occurred, then the employer may determine which recommendation is the most authoritative and record on that basis."

OSHA considers that medical treatment is provided once a prescription is issued.

Key Definitions

Lost-Time: Work day (other than day of injury) when the worker is unable to return to their job.

Contemporaneous: Medical recommendations provided with no change in condition.

Most Authoritative: Best documented, best reasoned and most persuasive

Section 1904.5

Wide variety of issues do not need to be reported on OSHA log 300 but require a medical exam with prior medical records.

Employer can schedule a prompt exam and request HIPAA release for prior medical records.

A carrier or TPA would NOT be permitted to schedule such an exam, because they cannot act outside the workers' comp system.

Note the Department of Transportation (DOT) also has additional exams for drivers such as ability to load, drive etc.

These are known as intermediary exams.

In both cases, exam records and results are not part of the comp record.

Medical exam costs must be paid by employer and are not added in comp claims or the experience modifier. However, with proper procedure and use of subpoena, records may be released and used in the comp claim.

Who Makes the Determination?

OSHA agrees that medical opinions are a burden and impractical and not required in the majority of cases. "This does not mean that employers may not, if they choose, seek advice of a physician or other licensed health care professional to help understand the link between workplace factors and injuries and illness in particular cases. It simply means OSHA does not believe that most employers will need to avail themselves of such professional services in most cases."

Accordingly, OSHA concluded in the final rule that the determination of work-relatedness is "best made by the employer."

Measuring the effectiveness and impact of risk management remains a challenge, and it is difficult to convince many C-suite leaders that the discipline is more than just buying insurance. Central to this question is how effective workers’ compensation reporting is and whether anyone has a truly helpful view into workers’ comp's cost of risk (COR) and its related trends. Based on numerous meetings with key risk and HR leaders throughout the U.S., I can confirm that many need more insightful risk reporting in many areas of exposure, most particularly employee injury and disability. They want to go beyond what most consider the “standard” risk metrics to those that truly reveal the trends. Arguably, depending on your industry and the size of your company, employee injury costs may be the largest component part of the total cost of risk (TCOR). Because most risk managers measure their hazard-based risk costs using TCOR (among other techniques), it seems logical to look more closely at how worker’s compensation costs are specifically measured and how effective those data points are. We should start with that very question: What is success in this realm, and how do we get key stakeholders to care more about these costs and their impact? Hint: Think strategic priorities. In my experience, senior management in many companies pay scant attention to this area of expense, even in larger companies with lots of employees. While it may be that the entirety of risk management gets similarly limited attention in these companies, we’ll leave that debate for another time. Let’s proceed on the assumption that TCOR matters to stakeholders and that workers’ comp is often the largest component driver of this measure for many risk managers. Can companies afford to ignore the direct costs of workers’ comp — an expense that may represent anywhere from 1% to 5% of revenue? One would hope not, but we should not stop there. What about the cost of lost productivity from employees not available to perform their jobs, in whole or in part? It’s been estimated that this “indirect” cost component represents anywhere from two to nine times the “direct” costs in question. Translating that to more meaningful dollars, and using just the midpoints of those two estimated direct and indirect ranges, we’re working with 3% of revenue, with a multiplier of five and a half, giving us an estimated “total” cost impact of 16.5 cents per revenue dollar. Let’s stretch out that math and apply it to both ends of the range. On the low end, we can use an estimate of 1% of revenue in direct costs and an indirect cost multiplier of two, for a total of 2 cents per revenue dollar. But now let’s look at the other end: an estimated 5% of revenue in direct costs with a multiplier of nine — a total of 45% of revenue. The tail of this range may seem absurd to many observers, but that is the point; we don’t often take into account the full impact (direct and indirect) of disabled employees and by extension the potential maximum impact their absence has on companies’ performance. I would further suggest that key senior stakeholders, whether the C-suite, the board or operations management, often have limited understanding of the true cost of the worker’s compensation exposure risk, regardless of how often they see the typical workers’ comp metrics. Clearly, they need more information to make better decisions related to this risk. While there are, of course, those who do a fine job of parsing and reporting on a lot of workers’ comp data and allowing for some comparison and benchmarking, some of these efforts reflect a more dated historical view and focus more on how states are performing against each other, rather than how companies are performing relative to their own short- and long-term strategies for maintaining a motivated, productive workforce. Getting more to the specifics, let me suggest that the big opportunity may be to not only take full account of the indirect costs typically related to lost productivity but to find a more focused way to marry the myriad of workers’ comp cost data with the various exposure data so that, when paired and analyzed effectively, there is a more comprehensive and useful story. For example, one large national retailer has achieved much success in telling its workers’ comp story to management through a selected group of metrics that include the standard traditional measures such as ultimate, incurred or paid losses as a percentage of gross revenue or payroll coupled with more progressive metrics such as claim frequency per 10,000 hours worked (excluding claims without payments). These and other metrics are developed on an enterprise-wide basis, a regional basis and a store-by-store basis with historical comparisons for each to show trend. This approach allows for focusing on controlling frequency and severity on a specific and targeted basis, as each focus would call for distinct reduction and control techniques. The approach also enables a drill-down into significantly underperforming units and specific causes of loss that may be aggravating trends. There are many ways to measure workers’ compensation performance, and obviously the approach and design should be driven by the needs of the company, the type of industry it operates within, the culture of the company and, of course, the needs of management for information to make decisions that would support both their short- and long-term goals. This nexus between metrics and goals is often overlooked as risk managers can easily get distracted by micro-tactical issues that may not be significant to decision-makers. A claim director client recently asked me how to respond to her risk manager boss about how managing the workers’ comp unit relates to managing risk strategically. The answer is as simple and as complicated as knowing what the strategic imperatives for her company are and then assessing and informing management on those elements that most affect those goals. Keeping this sight line will minimize the risk of risk-management irrelevancy.

In 1801, Eli Whitney went before the US Congress with 10 working muskets. He proceeded to disassemble each of them, mix and scramble all the parts, then reassemble 10 working muskets. Prior to that day, most things were custommade by craftsmen using hand tools. Then, in a flash of geological time, the idea of interchangeable parts was released to the world -- it would be impossible to put the idea back in its cage. Extraordinary innovation followed in the industrial revolution. In the murky world of crypto-currencies, the financial instruments of tomorrow may not necessarily be assembled like they are today. The new applications of  decentralized currency are modeled more like “energy” flows rather than individual  units of account. Energy exists in many forms, such as electrical, chemical, thermodynamic, kinetic and nuclear, but its objective is always the same: to move something in the physical world -- to create change. The value of crypto-currency is proportional to the magnitude of change it can induce. A generalized theory is emerging to define and specify decentralized applications (DApps). This makes them easier to identify, measure and replicate. If ignored, these innovations have the potential to be extremely disruptive to the insurance industry. If adapted, they can greatly increase the efficiency, variety, precision and granularity for insurance products of tomorrow. Not unlike at the dawn of the industrial revolution, there has been an extraordinary level of innovation in crypto-currencies since the inception of Bitcoin. The objective of these efforts is to move something in computational space such as flipping a switch, verifying a data set, securing identity, establishing order, establishing ownership or verifying capacity. This may seem somewhat obscure until you realize that these “energies” can convert and combine in immeasurable combinations to form autonomous logic circuits -- i.e. complex contracts. Because all businesses are based on contracts that act upon some physical space, it is only a matter of time before crypto-contracts jump to the physical space, as well. As David Johnson, CEO of DApps Fund (a venture capital firm for decentralized innovation), says; “Everything that can be decentralized will be decentralized.” Eli Whitney was said to have uttered similar sentiments. Early DApps are little computational engines that operate autonomously and whose output is determined by an algorithm. The resulting decisions are binary and final. There are three characteristics that an application must have to be classified as a DApp. As you read these conditions, note how different they are from a traditional corporate structure.

1. The application must be completely open-source. It must operate autonomously, with no entity controlling the majority of its tokens. And its data and records of operation must be cryptographically stored in a public, decentralized block chain.

2. The application must generate tokens according to a standard algorithm or set of criteria. These tokens must be necessary for the use of the application, and any contribution from users should be rewarded by payment in the application’s tokens.

3. The application may adapt its protocol in response to proposed improvements and market feedback, but all changes must be decided by a majority of its users.

Next, there are three classes of decentralized applications that align loosely to a familiar computer analogy:

• A Type I DApp is analogous to a computer operating system such as Windows or the Mac OS X.

• A Type II DApp is analogous to a general-purpose software program such as Word, Excel or iPhoto.

• A Type III DApp is analogous to a specialized software solution like a mail merge, an expense macro or a blogging platform.

As such, we can expect that there will be fewest Type I DApps, more Type II DApps and even more Type III DApps. The more direct definition of these three classes is:

• Type I decentralized applications has its own block chain. Bitcoin is the most famous example of a Type I decentralized application, but there are others.

• Type II decentralized applications use the block chain of a Type I decentralized application. Type II decentralized applications are protocols and have tokens that are necessary for their function.

• Type III decentralized applications use the protocol of a Type II decentralized application. For example: A hypothetical cloud protocol that uses a Type II DApp to issue "cloudcoins" that can be used to buy cloud computing services would be an example of a type III decentralized application.

Taken together, we have most, if not all, of the familiar components of governance and interdependencies without the layers of management that are associated with traditional corporations. As you absorb the analogy and definitions, consider how DApps can be nested, combined and integrated with other DApps to emulate complex contracts. One particularly interesting DApp that recently launched is called Counterparty. Counterparty is a Type II DApp that  performs one single task extremely well. Counterparty is a betting platform; or we can put it politely and call it an escrow platform. Two parties may enter into an agreement about the outcome of a future event such as a horse race or football game. Each player puts his or her money into an escrow account that is sealed prior to the race. After the results are registered, the DApp autonomously transfers the money from the combined account to the winner. Now imagine 500 bettors putting their money into the escrow account before the contract event. Upon completion of the event, the money is automatically assigned by algorithm to the winners in pre-assigned proportions. It does not take too much imagination to see this as an insurance product, except without agents, executives, managers, office towers or cute little geckos. Soon, marathon runners can pool health insurance more toward sprains and falls, and less toward heart disease. Mini-van moms can pool auto insurance for number of passengers rather than miles driven. Professionals can pool E&O insurance by  peer review. In fact, any affinity group can accurately price the perils that they are also most capable to manage. DApps are massively scalable; one application can serve infinite users. The market size of binary betting (sports, insurance, coin toss, etc.) combined with complex betting (contracts for difference, hedging, options, etc.) is in the trillions of dollars. So while Counterparty has only one use case, the use case is massive. Now imagine 100,000 DApps operating autonomously, combining and integrating into complex relationships -- not unlike building a jigsaw puzzle. There was once a time when craftsmen guilds were the most powerful organization in the republic. Many of us remember the days when labor was increasingly replaced by machinery. The time may be arriving where machinery can also replace management. The insurance industry must become familiar with this environment and have the wherewithal to reorganize itself, before someone else does it for them. *** Come Join us at The Future of Money and Technology Summit in San Francisco today, Dec. 2, 2014, for my panel discussion on Fueling the Decentralization Movement.  Speakers: Paige Peterson - Maidsafe Sam Onat Yilmaz - Dapps Fund Joel Dietz - Swarm.co Christian Peel - Ethereum Moderator: Dan Robles, The Ingenesist Project

Employers trying to continue offering affordable health and welfare benefits amid the expanding costs and regulations enacted under the Patient Protection & Affordable Care Act (ACA) often are encouraged by some consultants and brokers to consider offering  coverage options pursuant to a "private exchange." While these options sound attractive, not all work for all employers. The consumer-driven healthcare and other private exchange lingo used to describe these arrangements often means different things to different people. Some "private exchanges" are little more than high-tech online cafeteria enrollment arrangements. (See, e.g., A 'Cynical' Look at Private Exchanges.) Employers need to scrutinize proposals both for compliance and other legal risks, affordability and cost and other suitability. When considering a private exchange or other arrangement, it is important to understand clearly the proposal, its design, operation, participating vendors, the charges, what is excluded or costs extra and who is responsible for delivering what. Agencies have issued a long stream of guidance cautioning employers against paying for or reimbursing premiums for individual policies or the cost of enrolling in coverage under a public health insurance exchange. (See, e.g., DOL Technical Release 2013-03; IRS Notice 2013-54;Insurance Standards Bulletin, Application of Affordable Care Act Provisions to Certain Healthcare Arrangement; IRS May 13, 2014 FAQs available here. )Most recently, the new FAQS About Affordable Care Act Implementation (XXII) (FAQ XXII) published by the agencies on Nov. 6, 2014, reiterates agency guidance indicating that tax basis for purchasing individual coverage in lieu of group health plan coverage.  FAQ XXII, among other things, states:

• Health reimbursement accounts (HRAS), health flexible spending arrangements (health FSAs) and certain other employer and union healthcare arrangements where the employer promises to reimburse health care costs: are considered group health plans subject to the Public Health Service Act (PHS Act) § 2711 annual limits, PHS Act § 2713 preventive care with no cost-sharing and other group market reform provisions of PHS Act §§ 2711-2719 and incorporated by reference into the Employee Retirement Income Security Act (ERISA) and the Internal Revenue Code (Code) but
• HRA or other premium reimbursement arrangements do not violate these market reform provisions when integrated with a group health plan that complies with such provisions. However, an employer healthcare arrangement cannot be integrated with individual market policies to satisfy the market reforms. Consequently, such an arrangement may be subject to penalties, including excise taxes under section 4980D of the Internal Revenue Code (Code).

FAQ XXII reinforces this prior guidance, stating, “Such employer healthcare arrangements cannot be integrated with individual market policies to satisfy the market reforms and, therefore, will violate PHS Act sections 2711 and 2713, among other provisions, which can trigger penalties such as excise taxes under section 4980D of the Code. Under the departments’ prior published guidance, the cash arrangement fails to comply with the market reforms because the cash payment cannot be integrated with an individual market policy.” Another potential issue arises under the various tax and non-discrimination rules of the code and other federal laws.  For instance, Code sections 105, 125 and other Code provisions against discrimination in favor of highly compensated or key employees could arise based on the availability of options or enrollment participation.  Historically, many have assumed that these concerns could be managed by treating the premiums or value of discriminatory coverage as provided after-tax for highly compensated or key employees. However, IRS and Treasury leaders over the past year have made statements in various public meetings suggesting that the IRS does not view this as a solution. Of course, FAQ XXII also highlights the potential risks of underwriting or other practices of offering individual or other coverage in a manner that discriminates against disabled, elderly or other employees. In addition to confirming that the arrangement itself doesn't violate specific Code or other requirements, employers and others responsible for structuring these arrangements also should critically evaluate and document their analysis that the options offered are suitable. Like other employee benefit arrangements, ERISA generally requires that individual or group products offered by employers, unions or both be prudently selected and managed. Compensation arrangements for the brokers and consultants offering these arrangements also should be reviewed for prudence, as well as to ensure that the arrangements don't violate ERISA's prohibited transaction rules. Eligibility and other enrollment and related administrative systems and information sharing also should be critically evaluated under ERISA, as well as to manage exposures under the privacy and security rules of the Health Insurance & Portability Act (HIPAA) and other laws. As a part of this analysis, employers and others contemplating involvement in these arrangements also will want to review the vendor contracts and operating systems of the vendors that will participate in the program for legal compliance, prudence for inclusion, prohibited transactions and other legal compliance, as well as to ensure that the contract holds the vendor responsible for delivering on service and other expectations created in the sales pitch. In reviewing the contract, special attention should be given to fiduciary allocations, indemnification and standards of performance, business associate or other privacy and data security assurances required to comply with HIPAA and other confidentiality and data security requirements and the like. The contractual commitments from the vendor also should cover expected operational performance and reliability as well as legal compliance and risk management.

“Young and old are dropping themselves from Wall Street at a pace we have not seen before” (sudden spade of suicides in 2014). “High -flying executives end up crash-landing in jail.” or “Your competitive advantage lies in the hearts and minds of your employees.” Deciding on a title for this piece was more difficult than writing it, but in the end it all comes down to thinking differently. We have to change the way we think about risk management and get away from the view that systems, processes and committees are the keys to effective risk management. Business leaders are slowly waking up to the concept of risk culture building, but it might be too late for some, and throwing money at the problem will also not help; time is what you need to invest here. The time has come for you to hospitalize the whole business and cure the disease of greed (and some others). Business success is anyway no longer measured by profits only. Many consultants and executives tried to define risk culture, but it is almost impossible because of all the worldviews, cultures, sub-cultures and generations out there in your business world. It is a lot easier to define risk culture building: the process of growth and continuous improvement in the way each and every person in an organization will respond to a given situation to mitigate, control and optimize that risk to the benefit of the organization. The biggest business failures in recent times were also not related to money; most were as a result of operational risk failures and, in particular, failures of people risk. A quick analysis of the biggest business losses in history highlights the causes as being one of two key people risk elements: “lack of management oversight” or “because of a management override.” Business leaders either did not do their jobs or completely misused their power and authority, often to cover up their personal lack of ethics or misconduct. Business (and other) leaders must fundamentally change the way they think about risk management; you cannot suddenly “bolt on” an effective risk culture. Do not make the same mistake you made when you saw risk management as an implementation project and spent a fortune on systems and processes to get a risk report that is as useful as driving a car without looking through the windshield. You can have the best dashboard and rear-view mirror (last month’s risk report), but if you make business decisions based on those you do not get very far. Organizations spent vast amounts of money to hire consultants to implement risk management as a project, believing that it can be done that way. Risk management cannot be implemented; it is a process of building and continuous improvement in an environment that is constantly changing. Business is no longer life in the fast lane; it is life in the on-coming traffic, and, sadly, some organizations still try to drive while looking in the rear-view mirror. Risk management can also not be a project; building an effective risk culture has only one possible end- date: the day you go out of business. Many organizations are heading toward this day by doing very little about risk management. If you are not good at risk management or not doing anything about building an effective risk culture, you will be exploited by those who are better at it. Many organizations are speeding up the process by working toward getting all risks “green”;  if everything is “green,” you are not taking enough risk to get enough reward and stay in business. As the famous racecar driver Mario Andretti put it:” If everything seems under control, you are just not going fast enough.” The risk profile of any organization must steadily increase over time, move from green to amber and onward to red, for those who run their businesses according to traffic lights. As you get better at risk management, you must take more risk for more reward. If you are not getting better at risk management, don’t try to get more reward. It does not work that way!

The last few years have witnessed truly astounding developments in the area of information management. We've become masters at creating, storing, analyzing and uncovering the hidden value of massive volumes of information. It seems that, every day, we're hearing about how all this big data has been used for amazing purposes, such as to improve customer service, uncover fraud, develop pharmaceutical products, predict diseases, improve airline travel and so on. Unfortunately, it also seems that, every day, we're hearing about how big data is causing big headaches arising out of improper management and security breaches. Recent headlines about cyber incidents have forced companies to analyze their risk of incurring information-related liability and to take steps to mitigate those risks. Concern over these issues, however, shouldn't stop with the IT department or even the C-suite. As Target and other companies have recently experienced, legal claims related to data-related events are now being asserted against corporate boards in the form of shareholder derivative actions. Although the legal liability of board members for information-related mishaps is an emerging area of the law, longstanding principles make clear that board members have a fiduciary duty to act on an informed basis, in good faith, for the best interests of the company. The emerging area of information governance, including privacy and data security, is no exception to this rule. Checklist of Issues to Consider Every organization is different and presents its own unique information risk profile. Corporate boards should be informed of and take steps to address the potential sources of information risk applicable to their specific organization. Those areas may include the following:

• What types of information is the entity managing, and does it include sensitive data such as health information, credit card data or intellectual property?
• How is enterprise data being managed throughout its entire life cycle, from creation or collection through final disposition or destruction?
• Are policies and procedures in place to ensure that information with no business value or compliance/legal restrictions is destroyed in a legally defensible manner?
• Have policies been implemented relating to the company's use of information, including privacy concerns and social media usage?
• Are there policies in place to manage IT assets, including mixed-use devices (those used for both personal and business purposes), while at use and at the time of disposition?
• Have reasonable data and network security policies, protocols and procedures been created, and are they regularly updated?
• Are all information-related policies actually in effect, enforced and updated, or are they just sitting on a shelf?
• If the company engages in big data projects, is the collection, storage, use and resale of data consistent with customer consents, applicable laws and regulations?
• Is there effective vetting and management of third parties that handle the company's data or have access to the company's computer network?
• Does the enterprise have up-to-date plans to address information-related incidents, such as a data breach, and are those plans vetted and practiced, before a breach ever happens?

Take-Away Message Responsibility for the management of enterprise information and mitigation of information-related liability has now reached the board level of many corporations. Active oversight by engaged and informed board members can reduce those risks to the corporation as well as to the members of the corporate board themselves.

By now, readers of this and many other outlets know that conventional workplace wellness doesn’t work. Period. It’s not that there is no evidence for it. It’s that all the evidence is against it. The “evidence” in favor of conventional wellness is easily disproven as being the result of gross incompetence or dishonesty. Occasionally, as in the American Journal of Health Promotion, investigators even manage to disprove their own savings claims without intending to. As we say in Surviving Workplace Wellness: “In wellness, you don’t have to challenge the data to invalidate it. You merely have to read the data. It will invalidate itself.” Just before Thanksgiving, both Health Affairs (with our blog post) and Soeren Mattke, the often-misquoted author of multiple RAND studies (in a comment to that post), weighed in with the same conclusion, as described in the headline: “Workplace Wellness Produces No Savings.” No longer can anyone claim with a straight face that “pry, poke, prod and punish” wellness programs saved money, or were even beneficial for employee health. And yet… Within one business day of the posting, Reuters’ Sharon Begley reported that on Tuesday, Dec. 2, the Business Roundtable’s (BRT) CEO is having a sit-down meeting with President Obama to demand exactly the opposite of what all the evidence shows: He wants more flexibility on wellness. In particular, the BRT wants the administration to call off the EEOC watchdogs, who have recently attacked Honeywell  and others for forcing employees into medical exams that appear to violate the Americans with Disabilities Act. The BRT’s goal is to allow companies to punish unhealthy workers to the limits of the Affordable Care Act’s wellness provision. (Recall from our earlier postings that the ACA wellness provision was modeled after the Safeway wellness program, which Safeway later admitted did not even exist during the period for which the company claimed it saved money.) In essence, the BRT leadership wants to make their employees love wellness whether they like it or not. This complete disconnect between the data and the BRT demands can be explained only one of two ways. (1)    The CEOs who compose the Business Roundtable have been duped into thinking wellness saves money, because they aren’t bright enough to Google it for themselves and learn that it doesn’t. (2)    The CEOs who compose the Business Roundtable are very bright and have figured out that the only way they can seriously manage their healthcare costs is by fining or shaming employees with chronic disease or obesity into leaving their companies…or at the very least collecting large fines from them. Let’s examine each possibility in turn. As to the first, people don’t get to the C-Suite by simply accepting information that their vendors tell them, especially when the numbers obviously don’t add up. Events that can be prevented by wellness programs, like heart attacks, account for only about 8.4% of  hospital spending, or less than 4% of total medical spending in the commercially insured population. The C-suite also must know that, as with the tobacco industry years ago, when the only people defending an industry are people who make their living from it, then the industry is a wholly illegitimate enterprise. The first possible explanation would therefore need to be termed an impossibility. The second alternative seems like something only a conspiracy theorist could conjure, but as Sherlock Holmes said: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” These CEOs must know that these “let’s play doctor” programs and fines are expensive, intrusive, ineffective and embarrassing for the employees…and take a major toll on morale. One organization, Penn State University, faced an employee revolt and backed down. Vik is currently in a wellness program that is eerily Penn State-like, and he is documenting his experiences. And surely someone has informed the BRT that the heart attack rate is only about 1 in 800 annually in the commercially insured population, while using wellness programs to identify all the other diseases they hope to prevent or control will merely drive up employers’ drug spending; these nascent conditions wouldn’t become debilitating until years into retirement. Guidelines promulgated by the U.S. Preventive Services Task Force (USPSTF) call for judicious use of clinical screenings in various at-risk subpopulations, (with a few exceptions, such as blood pressure). By contrast, wellness screening is done to all employees usually at least once a year. That screening frequency multiplies the odds of false positives, especially in younger populations. So why go to the mat with the president over these programs? Perhaps CEOs believe that fatter employees have lower productivity, which is probably the case – if you happen to own a package delivery service or a ballclub. Otherwise, it’s hard to imagine that weight affects one’s ability to answer the phone, conduct a meeting or handle almost any other task commonly required in today’s workplace. And these CEOs' own actions contradict any claims about how weight loss leads to greater productivity: Most of the growth in line manufacturing jobs takes place in states with high obesity rates…but lower wages. Obviously, the tangible benefit of the latter overwhelms any offset by the former, or hiring practices would be different. Unless there is an alternate explanation (or the BRT simply doesn’t understand the data), this BRT demand of the president must be interpreted more cynically: It’s the opening salvo in an attack against aging and chronically ill employees whom employers simply aren’t allowed to fire any more. Employers want to get rid of these employees because – often due to circumstances beyond these employees’ control – their healthcare expenses are believed to be higher.

As insurers increasingly collect “big data” -- think petabytes and exabytes -- it's now possible to use new data tools and technologies to mine data across three dimensions:

• Large size/long duration -- Traditional data mining usually was limited to three to five years of data. Now you can mine data accumulated over decades.
• Real-time -- With the advent of social media and the different sources, data pours in at ever-increasing speeds.
• Variety of types -- There's more variety of data, both structured and unstructured, that are drastically different from each other.

The ability to master the complexities of capturing, processing and organizing big data has led to several data-centric opportunities for carriers. Personalized marketing Big data is playing an increasing role in sales and marketing, and personalization is the hot industry trend. Gathering more information about customers helps insurance companies provide more-personalized products and services. Innovative companies are coming up with new ways to gather more information about customers to personalize their buying experience. One example is Progressive's Snapshot device, which tracks how often insureds slam on the brakes and how many miles they drive. It lets insurers provide personalized products based on customers’ driving habits. A device like Snapshot captures information from the car every second, collecting data like how often drivers brake, how quickly they accelerate, driving time, average speed, etc. According to facethefactsusa.org, U.S. drivers log an average of 13,476 miles per year, or 37 miles a day. Big data systems have to process this constant stream of data, coming in every second for however long the user takes to travel 37 miles. Even if only 10% to 15% of customers use the device, it is still a huge amount of data to process. The systems have to process all this information and use predictive models to analyze risks and offer a personalized rate to the user. People are increasingly using social media to voice their interests, opinions and frustrations, so analyzing social feeds can also help insurance companies better target new customers and respond to existing customers. Using big data, insurers can pinpoint trends, especially of complaints or dissatisfaction with current products and services. Getting ahead of the curve is crucial because bad reviews can spread like wildfire on the web. Risk management  The wealth of data now available to insurance companies -- from both old and new data sources -- offers ways to better predict risks and trends. Big data can be used to analyze decades of information and identify trends and newer dimensions like demographic change and behavioral evolution. Process improvement and organizational efficiency Another popular use is for constant improvement of organizational productivity by recording usage patterns of an organization's internal tools and software. Better understanding of usage trends leads to:

• Creation of more useful software that better fits the organization's needs.
• Avoidance of tools that do not have a good return on investment.
• Identification of manual tasks that can be automated. For example, logs and usage patterns from tools at the agent’s office are important sources of information for understanding customer preferences and agency efficiency.

Automation of manual processes results in significant savings. But in huge, complex organizations, there are almost always overlapping or multiple instances of similar systems and processes that result in redundancy and increased cost of maintenance. Similarly, inadequate and inefficient systems require manual intervention, resulting in bottlenecks, inflated completion times and, most importantly, increased cost. Using data from internal systems, systems can study critical usage information of various tools and analyze productivity, throughput and turnaround times across a variety of parameters. This can help managers understand inadequacies of existing systems and identify redundancy. The same data sources are also used to predict higher and leaner load times, so the infrastructure teams can plan for providing appropriate computing resources during critical events. These measures add up quickly, resulting in significant cost savings and improved office efficiency. Automated learning While big data technologies now help perform regular data-mining on a much bigger scale, that’s only the beginning. Technology companies are venturing into the fuzzy world of decision-making via artificial intelligence, and a branch of AI called machine learning has greatly advanced. Machine learning deals with making computer systems learn constantly from data to progressively make more intelligent decisions. Once a machine-learning system has been trained to use specific pattern-analyzing models, it starts to learn from the data and works to identify trends and patterns that have led to specific decisions in the past. Naturally, when more data -- along all of the big data axes -- is provided, the system has a much better chance to learn more, make smarter decisions and avoid the need for manual intervention. The insurance and financial industries pioneered the commercial application of machine learning techniques by creating computational models for risk analysis and premium calculation.  They can predict risks and understand the creditworthiness of a customer by analyzing their past data. While traditional systems dealt with tens of thousands of data records and took days to crunch through a handful of parameters to analyze risks using, for example, a modified Gaussian copula, the same is now possible in a matter of hours, with two major improvements. First, all available data can be analyzed, and second, risk parameters are unlimited. Predictive analytics Machine language technology can use traditional and new data streams to analyze trends and help build models that predict patterns and events with increased accuracy and convert these predictions into opportunities. Traditional systems generally helped identify reasons for consistent patterns. For example, when analysis of decades of data exposes a consistent trend like an increase in accident reporting during specific periods of the year, results indicated climatic or social causes such as holidays. With big data and machine learning, predictive analytics now helps create predictions for claims reporting volumes and trends, medical diagnosis for the health insurance industry, new business opportunities and much more. Fraud Detection The insurance industry has always been working to devise new ways to detect fraud. With big data technology, it is now possible to look for fraud detection patterns across multiple aspects of the business, including claims, payments and provider-shopping and detect them fairly quickly. Machine learning systems can now identify new models and patterns of fraud that previously required manual detection. Fraud detection algorithms have improved tremendously with the power of machine learning. Consequently, near-real-time detection and alerting is now possible with big data. This trend promises to only keep getting better. These six opportunities are just the tip of the iceberg. The entire insurance industry can achieve precise and targeted marketing of products based on history, preferences and social data from customers and competitors. No piece of data, regardless of form, source or size, is insignificant. With big data technology and machine learning tools and algorithms, combined with the limitless power of the cloud computing platform, possibilities are endless.