Few complaints about the U.S. healthcare system are as common as the claim that we spend too much on healthcare and get too little in return, especially compared with other industrialized nations. A new Commonwealth Fund report is the latest to indict U.S. healthcare. It pegs the American system dead last in a survey of 11 developed countries. But, like virtually every other study that trashes the U.S. healthcare system, Commonwealth’s rankings rely on questionable assumptions, like giving weight to those systems that treat people equally rather than well. At the same time, Commonwealth ignores the problems that countries with socialized healthcare systems have with treating people once they’re sick. And on that metric — that is, actually delivering care to those who need it — the U.S. is without peer. The Commonwealth Fund report begins by asserting that the U.S. healthcare system “is the most expensive in the world.” It’s true that the U.S. spends a larger share of its gross domestic product — 18%, or almost $3 trillion – on healthcare than other countries do. But by itself that statistic means nothing. The U.S. also happens to be one of the richest countries in the world. Once basic needs are taken care of, an increasing share of each extra dollar will go to what were once considered luxuries. You can only spend so much on food, after all. That assertion is borne out by national spending data. Between 1990 and 2012, for example, spending on healthcare climbed 290%, significantly faster than GDP growth of 171%. But household spending on pets climbed 353% over those same years; on live entertainment, it went up more than 500%. Americans spend 639% more on telephones and 900% more on computers. By the Commonwealth Fund’s logic, America also faces a pet-care spending crisis. In contrast, spending on staples like food, clothing, housing and furnishings all climbed more slowly than GDP. The Commonwealth Fund concludes that the U.S. “underperforms relative to most other countries on most other dimensions of performance” despite having the most expensive healthcare system in the world. But a closer look at those “dimensions” calls that claim into question. Take infant mortality rates, where the U.S. typically places far down the list behind France, Greece, Italy, Hungary, even Cuba. This comparison is notoriously unreliable because countries either use different definitions of a live birth — or fudge their numbers. The U.S. counts every live birth in its infant mortality statistics. But France only includes babies born after 22 weeks of gestation. In Poland, a baby has to weigh more than 1 pound, 2 ounces to count as a live birth. The World Health Organization notes that it’s common practice in several countries, including Belgium, France and Spain, “to register as live births only those infants who survived for a specified period beyond birth.” What’s more, the U.S. has significantly more pre-term births than other countries. That fact alone accounts for “much of the high infant mortality rate in the U.S.,” according to a report from the Centers for Disease Control and Prevention (CDC). The CDC found that if the U.S. had the same pre-term birth rate as Sweden, our infant mortality rate would be cut nearly in half. What about life expectancy, where the U.S. ranks below its peers, as well? International measures of longevity typically fail to account for differences in obesity, accidental deaths, car accidents, murders and the like, all of which shorten lives no matter how good a nation’s healthcare system is. The U.S. murder rate, for example, is more than four times the United Kingdom’s — and far higher than all the other countries in the Commonwealth Fund study. The U.S. has a worse highway death rate than all but one of them. And U.S. obesity rates are more than double Canada’s and more than four times Switzerland’s. A far more meaningful comparison of international health systems would take stock of how people afflicted with diseases such as cancer fare in different countries. And on this measure, there’s no question the U.S. stands above the rest. Five-year survival rates for breast cancer are higher in the U.S. than in England, Denmark, Germany and Spain, according to the American Cancer Society. In the U.S., the survival rate for prostate cancer is 99%. In Denmark, it’s 48%. For kidney cancer patients, the survival rate here is 68%. It’s just 46% in England — which the Commonwealth Fund ranked as the No. 1 healthcare system in the world. Finally, the Commonwealth Fund study also ignores massive problems with actual access to care in the countries it heralds. Every citizen of a country with socialized medicine may have insurance. But that doesn’t mean they can get the care they need. Treatment delays were so chronic in the United Kingdom, for example, that the government had to issue a formal requirement that patients shouldn’t have to wait more than four months for treatments authorized by their general practitioner. The Royal College of Physicians found that poor care — including doctors trying to keep costs down — caused nearly two-thirds of asthma deaths in the U.K. in 2012. In Canada, the average patient seeking an elective medical service has to wait four-and-a-half months between being recommended for treatment by their primary care physician and actually receiving it. Waiting for care is the norm in Canada, even though Madam Chief Justice Beverley McLachlin of the Canadian Supreme Court declared nine years ago, in a ruling holding a ban on private health insurance in Quebec illegal, “Access to a waiting list is not access to healthcare.” The Commonwealth Fund is right about one thing — the U.S. healthcare system is too expensive. But rationing care — as Commonwealth’s favored systems do — is not the answer.

An industry known for embracing paper and shunning change, the property and casualty insurance market struggles to keep pace with the modern business world, which is full of personally owned mobile and other portable devices, and concepts such as advanced persistent threats (APTs), the Internet of Thingsand the “cloud.” While insurance companies are known for creating bespoke policies to address new risks not initially contemplated within the confines of traditional property and liability policies (see Y2K, environmental legal liability and employment practices liability), insureds are within their right to see how those current programs address 21st-century risks. If only one of Target, Snapchat, Facebook, Google, Twitter, Yahoo! Adobe and so on and so forth had suffered a serious data breach within the last few months, that would be sufficiently troubling. Yet data breaches have become so ubiquitous that a single week (if not days) without one hitting the headlines seems almost strange. By now every organization should appreciate that—no matter how robust and sophisticated its network security is—it remains a vulnerable target for cybersecurity breaches and the host of negative consequences that typically follow, including class action lawsuits (so far, dozens of suits have been filed against Target), substantial breach notification costs, and other “crisis management” expenses, including forensic investigation, credit monitoring, call centers and public relations efforts, as well as potential regulatory investigations, fines and penalties. This article will briefly look at how an organization’s commercial general liability—specifically, the personal and advertising injury coverage—may currently address privacy risks. Although there can be substantial overlap between the concepts of cybersecurity, network security liability and privacy, as they typically are understood in the industry, this article will focus on those risks associated purely with privacy risks, or the “unauthorized access, collection, use or disclosure of personal information.” Therefore, we will not be covering those issues related to cyber liability, or “breach-related expenses, including forensic investigations, outside counsel fees, crisis management services, public relations experts, breach notification and call center costs.” This article will also not be addressing the recent first-party bodily injury, property damage and business interruption coverage associated with the damage attributable to unauthorized access of operational technology (SCADA systems). We will first summarize the current industry standard form key coverage grant, definitions and exclusions. We will then discuss the recent Sony decision and the new 2014 industry form exclusionary endorsements targeted at eliminating coverage for data breaches under standard-form CGL coverage. Current standard-form CGL coverage The Coverage B “Personal and Advertising Injury Liability” coverage section of the current standard-form Insurance Services Office, Inc. (ISO) CGL policy states that the insurer “will pay those sums that the insured becomes legally obligated to pay as damages because of 'personal and advertising injury,' which is caused by an Id. §1.b.offense arising out of [the insured’s] business.” “Personal and advertising injury” is defined in the ISO standard-form policy to include a list of specifically enumerated offenses, which include the “offense” of '[o]ral or written publication, in any manner, of material that violates a person’s right of privacy.'” The policy further states that the insurer “will have the right and duty to defend the insured against any ‘suit.’” The CGL Coverage B can indemnify and provide a defense against a wide variety of claims, including claims alleging violation of privacy rights, such as data breach cases. Coverage disputes have generally focused on whether there has been a “publication” that violates the claimant’s “right of privacy”—both terms are left undefined in standard-form ISO policies. Courts generally (although certainly not universally) have construed the language favorably to insureds and have found coverage for a wide variety of claims alleging breach of privacy laws and regulations, including, for example, in respect of claims alleging violations of the Telephone Consumer Protection Act (TCPA), claims alleging violations of the Fair Credit Reporting Act (FCRA), claims alleging violations of the Fair and Accurate Credit Transactions Act (FACTA), claims alleging violations of the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, claims alleging violations of the California Confidentiality of Medical Information Act (CMIA), and claims alleging violations of the California Lanterman-Petris-Short Act. Courts have found in favor of coverage in data breach cases, although the recent decision in Zurich American Insurance Co. v. Sony Corp. of America et al. highlights the issues that insureds may face in obtaining coverage for data breaches under CGL policies. Zurich v. Sony Arguably the most visible legal case surrounding the applicability of the CGL personal and advertising injury coverage to claims alleging data breach came about because of Sony’s massive 2011 PlayStation data breach. Zurich American and Mitsui Sumitomo had issued primary CGL policies to Sony. In April 2011, hackers broke into Sony networks and stole personal and financial information of more than 100 million users. Sony was named as a defendant in numerous class actions immediately following the breach. Mitsui denied coverage, and Zurich responded by filing a declaratory relief action seeking a declaration that Zurich had no duty to defend. At issue in the case is whether Sony or the hackers were responsible for the actual “publication” of the personally identifiable information (PII). A New York court recently held that there was no coverage, essentially because it was the perpetrators of the breach who ultimately “published” the private information, rather than Sony itself. Legal experts have argued both in favor of and against the court’s decision, arguing, among other things, that the trigger for the personal and advertising injury coverage must be an affirmative act by Sony or, conversely, that coverage is triggered to the extent Sony has liability. The case is currently under appeal, and its final decision will potentially be an indicator of how insurers and courts will view data breach coverage under the personal and advertising injury coverage. In the meantime, however, the decision underscores the difficulties that insureds can face in pursing data breach coverage under their traditional CGL policies. Although this endorsement appears to have quietly flown in under the radar, it in reality is even more sweeping than the 2014 data breach exclusionary endorsements because it entirely eliminates coverage in the first instance. Conclusion Over the years, the commercial general liability policy has been the proverbial “catch all” for claims subsequently determined to be outside the intent and scope of the underwriters. Past examples have included pollution liability, asbestos, employment practices liability and professional liability. Cyber and privacy liability may well be heading in the same direction. Insurers are stating publicly that this exposure was never contemplated when the policy language was drafted. And, of course, cybersecurity and privacy liability has recently risen to potentially catastrophic levels of potential liability (e.g., Target). Insurers, therefore, are increasingly seeking to separately insure the risk, subject to separate underwriting criteria. In the end, before a cybersecurity or privacy incident, companies should take the opportunity to carefully evaluate and address their risk profile, potential exposure to cyber and privacy risks, their risk tolerance, the sufficiency of their existing insurance coverage and the potential role of specialized cyber risk coverage.

Imagine the unimaginable – you accidentally injure a passenger or pedestrian with your car. How much insurance do you carry to protect them or yourself? Like many, you may carry only $15,000 per individual injury (the minimum, unchanged since 1967, required by California). If your income is low enough to qualify, you may carry a Low Cost Auto policy with only a $10,000 limit. Such minimum limits are a compromise. Insurance is expensive, and states try to balance the utility of car use against insurance costs that, if too high, would reduce that utility. You may, of course, carry higher limits. Or, perhaps, you are like approximately one in seven California drivers, and you illegally drive with no insurance. Now assume that you are among the many auto owners who have joined the “sharing economy.” You use a smartphone app to match yourself and your car with others willing to pay you for a lift. Uber, Lyft, Sidecar and others (“Transportation Network Companies,” or TNCs) offer these apps, share the fees with you and make this popular service available to thousands. Again, imagine the unimaginable – a collision injuring your passenger or a pedestrian. Keeping in mind that any insurance cost is ultimately passed on to the passenger, how much insurance should be required for a TNC driver?  $10,000? $15,000? $50,000 (the maximum required for private autos in any state and the minimum required in California if you allow others to rent your auto)? Or perhaps $106,841 (the value in 2014 dollars of $15,000 in 1967)? $750,000 (the minimum required of limousine companies)? Some other figure? Put another way, the question about how much insurance to carry is asking: How much should those who benefit from the sharing economy share the burden when the activity damages them or others? Unlike most driving for personal reasons, TNC driving generates cash flow. To many, it seems only fair that some of that be used to extend additional protection to those injured by the activity. What should trigger the additional protection – when one turns on the TNC’s app to seek a fare, when a “match” is made or when a passenger enters the vehicle? Also, who should carry the insurance - the TNC, the TNC driver or some combination? Currently, these questions are debated among legislators, regulators (such as the California Public Utilities Commission, or CPUC), TNC operators and others. Requiring lots of insurance by setting a high limit may chill innovation; setting the limit too low unnecessarily burdens injured parties or others (e.g., taxpayers, who support Medi-Cal or Medicaid and may end up paying for expenses not covered by private insurance) and may unfairly create a disadvantage for competing sources of transportation that may be subject to higher insurance limits. Raise the price of insurance, and the price of a ride goes up. (This issue is hardly unique to TNCs. Congress is also debating whether to raise the federally mandated $750,000  truckers’ minimum insurance limit.) Not only might an increase in insurance costs for TNCs stifle a popular and convenient form of transportation, but it may lead some less safe drivers back into their vehicles (e.g., teenagers, intoxicated drivers, impaired drivers, poorly insured drivers, uninsured drivers or drivers with unsafe driving records). This, in turn, may lead to the unintended result of even more unnecessary injuries and deaths. Much of the debate about TNCs is colored by a New Year’s Eve accident in San Francisco that occurred when a TNC driver with his app on (there is some evidence he may have been looking at it) struck and killed a pedestrian and injured several others. This is a tragic accident, but it also gives the debate an emotional overtone that may make it difficult to strike the correct balance. This accident could also have happened while a non-TNC driver was texting or talking, and there may have been minimal or no insurance available in that case. In this author’s view, comprehensive legislation or regulation shaping the future of TNCs is premature. These fast-moving innovations are new enough that insurers, legislatures and regulators have been caught on the back foot. At the same time that policy makers are moving forward with regulations, insurers and TNCs are developing new products and strategies to address these issues. While there is no shortage of those eager to express their opinions (perhaps this author included), there is little credible data on which to base sound policy decisions. Here are some of the many open questions: --On average, how much would different limits add to the cost of a 10-mile ride? Ten cents? Ten dollars? --How much will new insurance products cost? --As the use of TNCs expands, will overall accident rates rise, or will they fall? --If you drive to a ballgame with your daughter and a fare, will your daughter’s injuries be covered if you have an accident? (Your liability would not be covered under most personal auto policies – surprise!). Put another way, what terms and conditions will appear in any new insurance products or endorsements? --Does the display of a TNC’s trade dress (essentially, its visual appearance) create ostensible or apparent authority should a passenger suffer injury? Would liability extend to an injured passenger who hailed a car displaying the TNC’s trade dress, even though the driver did not engage the TNC's app so he could keep the entire fare? If the TNC is liable, could it seek reimbursement by claiming indemnity against the driver? --If you drive 12,000 miles a year, but 2,000 of those miles are driven as a TNC driver and are insured by some form of TNC policy, should your personal auto insurer base your rate on 12,000 miles or on 10,000 miles? If the latter, how are the different miles to be confirmed? --If you carry higher limits on your personal auto policy (e.g., $300,000 plus a $1 million umbrella), will the protection for you and anyone you injure drop to a lower TNC policy limit when you act as a TNC driver? --One current bill in California (AB 2293 -- Bonilla) provides that the TNC must assume ALL of the driver’s liability, without limit. By contrast, the CPUC’s proposed rules do not provide for unlimited liability. When is it appropriate to impose liability on the provider of an app as if users of apps were employees or agents of the app provider? Would the operator of an app that matches homes with those who want accommodation (e.g., Airbnb) be liable should a guest trip on an unsafe carpet or step? Would the operator of an app that matches car sellers and buyers be liable for an accident during a test drive? Would an app marketing tickets be liable if the bleachers collapse or the cruise line runs aground? --Should liability turn on whether the app provider is more than passive? If so, what more is required? A profit motive? This would sweep up many apps. What if the app provider imposes rules on its users (e.g., vetting drivers for their safety record, adopting a zero-tolerance alcohol policy and reviewing ratings by customers)? If so, then forcing app providers to assume unlimited liability may discourage them from taking measures that could enhance safety. For these reasons, this liability provision in AB 2293 could have enormous implications and should be carefully considered. --If, under AB 2293, the operator of the app is liable without limit, what purpose is served by mandating policy limits? If the operator of the app has sufficient net worth, it would be liable regardless of any policy limits that might be imposed. --How, if at all, should one weigh the evolving existence of near-universal healthcare under the Affordable Care Act (Obamacare)? Covered parties who suffer injuries will at least have access to healthcare without limit and regardless of fault. Depending on any number of factors, the bulk of these health costs may fall on health insurers, liability insurers, the public or some combination. Who knows answers to any of these questions? Without answers to these and related questions, it is likely that regulating in a partial vacuum will strike the wrong balance. Like emergency physicians, legislators and regulators should stabilize the patient but “Do No Harm.” In the meantime, the public deserves protection. There should be no gaps in coverage (whatever trigger or limits are chosen). To keep rates reasonable and predictable, insurers also need clarity with respect to which insurers are responsible. Prudence, however, suggests that any current legislation or regulation should have a firm sunset date. Otherwise, like barnacles, awkward legislation sticks and impedes progress. During this initial period, the legislature should require (not just request) that the Public Utilities Commission and the Department of Insurance gather appropriate data and report back to the legislature before the legislation or regulation reaches its sunset. Regulators and legislators may, then, make informed, data-driven decisions that strike the most appropriate balance among all of the legitimate interests.

When it comes to technology, the boardroom has been learning a new language: mobile, social, cloud, cyber security, digital disruption and more. Recently the National Association of Corporate Directors released an eight-part video series on the board’s role: The Intersection of Technology, Strategy and Risk. We have spent much of the past year focused on cyber security, an essential discussion given the widespread theft of intellectual property, privacy invasions and data breaches. A report on cyber crime and espionage by the Center for Strategic and International Studies (CSIS) in Washington, D.C., last year estimated that cyber crime costs the global economy $300 billion a year – an entire industry is growing around hacking! Research by PwC shows cyber insurance is the fastest-growing specialty coverage ever – around $1.3 billion a year in the U.S. As our boardroom agendas often get filled with discussions on risk, I asked Frontier Communications board director Larraine Segil how to shift the conversation to strategy. Larraine has a keen focus on opportunity and suggested we delve into solutions for governing “The Internet of Things.” What exactly is the Internet of Things, and what are the implications for business strategy? Think about connecting any device with an on and off switch to the Internet and to each other. This includes everything from cell phones, thermostats and washing machines to headphones, cameras, wearable devices and much more. This also applies to components of machines – for example, the jet engine of an airplane. If the device has an on and off switch, then chances are it can be a part of the Internet of Things. The technology research firm Gartner says that by 2020 there will be more than 26 billion connected devices. Think about Uber, the company that connects a physical asset (car and driver) to a person in need of a ride via a website. That simple connection has disrupted the taxi industry. Airbnb has done the same for the lodging industry by directly connecting people with spaces to rent to those in need of accommodations. What does this mean to for our companies? Larraine, what are you thinking when you hear about the Internet of Things for business opportunities? As a director, how can you help directors govern in this fast-moving digital age? Frontier Communications provides connectivity services to a national customer base primarily in rural areas and is integrally involved in the Internet of Things. Frontier has a number of strategic alliances with companies that develop and market those very devices – or “things” – such as the Dropcam camera, a cloud-based WiFi video monitoring service with free live streaming, two-way talk and remote viewing that makes it easy to stay connected with places, people and pets, no matter where you are. Other alliances expanding the “things” will be introduced in the rest of 2014. As a director, it is critical to be educated constantly about new trends, products and opportunities – competition is fast-moving, and customers are better-educated about their options than ever before. Strategically, the board has to think way ahead of the present status quo – and with the help of management and outside domain experts, explore opportunities for alliances. This requires using strategic analysis at every board meeting (not just at one offsite a year) and welcoming constant director education and brainstorming both within and outside of the company’s industry. The board should continually identify and evaluate strategic directions to keep the company fresh and nimble. Remembering that we’ve only just begun, here are some critical questions boards should be asking about technology and the Internet of Things: 1. Are you including strategic discussions around technology at every board meeting? 2. Do your strategic directions include alliances within and outside of your industry? 3. How would you assess your current level of interaction with the chief information officer and chief technology officer? What can be done to improve the effectiveness of communications with them? 4. As a board, how are you helping to guide your company in innovative directions, taking into consideration disruptive technologies, competitor alliances and new ideas or skills coming from outside your industry?

There is no such thing as "free" healthcare in the U.S. There are people who access healthcare at low (sometimes even no) cost, but the people delivering the service aren't providing it for free, or, if they are, it's an ad-hoc charitable donation. There is one exception that I know of, but the clinics typically only run over weekends (when providers can donate their time and skill). The exception is called Remote Area Medical and is staffed with clinical volunteers, so there is no charge to patients -- and no payment to providers. It's as close to "free" as I think we'll ever get. Here are some images of what a weekend RAM clinic looks like: RAM has been featured on "60 Minutes" and other news-magazine shows. It's run by Stan Brock, who founded it. It derived its name -- Remote Area -- from the idea that it would deliver healthcare to remote regions of the globe. In fact, it started with medical "expeditions" to Latin America in 1992. Today, 60% of RAM clinics are held in rural or urban America. I encourage everyone to watch the 13 minute 60 Minutes episode - from 2012. (60 Minutes - RAM Medical Missions in the U.S. - A Lifeline.) RAM aside, the argument that EMTALA (Emergency Medical Treatment and Labor Act of 1986) is "free" care delivered through the emergency room is flat-out false. The costs accrued through every emergency department (for every patient, service and supply) is simply rolled into the books under a category called "uncompensated care." Uncompensated care is among the three categories of healthcare that for a hospital amount to negative margin. The other two are Medicare and Medicaid. The only remaining opportunity for "positive" margin (and keeping the doors open) is through commercial insurance. That chart (courtesy of L.E.K. Consulting) looks like this:

As an adviser on behalf of the CEO and the board, I recently found myself working with an insurance industry executive suffering from FD&H Syndrome—that’s short for “Fat, Dumb and Happy.” You know the type—the classic myopic naysayer who would rather ignore every outside message and shoot every messenger than to stay lean, smart and open to new insights, including the necessary medicine that may not go down so tastefully? Let me be clear: This is not a personal attack on one individual, but rather a call to awareness of a broader industry leadership concern. As such, here are several symptoms of FD&H I’ve observed in interacting with this executive over the past six months:

• Not Invented Here – If he personally, someone on his team or an industry insider didn’t think of something, it can’t possibly be viable. But isn’t it interesting how often Invented Elsewhere sparks real innovation?
• Smartest Guy in the Room – In several situations, he exhibits a rather obvious need to convey his intellectual prowess. No question he’s an intelligent individual, but astute leaders tend to listen much more than they pontificate.
• That Can’t Possibly Be True – Results of interviews with his staff highlighted key areas for improvement. For each, he had an excuse, a rebuttal or a personal attack against the perceived person who made the comment.
• Entirely Too Input-Oriented – Calls, meetings, focus groups and even some research are all means to an end. But he was so consumed by the input (what and how something was done) that he often lost sight of the outcome (desired business results).
• Paralysis by Analysis – “We need to further discuss that point at the next annual meeting,” “we’ll wait and see” and my favorite, “we need to have more people look into that point,” were all too common responses to uncomfortable findings. Great leaders are action-oriented!
• Don’t Have the Budget – Another common excuse that surfaces often with this executive is budget objections. “Don’t have it”– the budget for this tool, that person, this event or that effort  –  seems to be the de facto response. Don’t misconstrue my point – I’m a strong believer in financial stewardship of limited resources. In my experience, however, budgets are often an issue of setting priorities and seldom strictly a financial issue. Think about it – we’ll prioritize and invest in concerns or opportunities we deem to be important.

It probably won’t surprise you that this COO doesn’t care for outside consultants or advisers. After all, it takes them way too long to get up to speed on the insurance industry nuances, they couldn’t possibly have any good ideas and they often do little more than reiterate what we already know anyway! The first time I expressed my candid view that his product was stale and offered some ideas to reinvent a portion of his business, I got the facial equivalent of the Blue Screen of Doom. “Great, not interested,” he said. When I pressed for deeper insight, he added, “That’ll never work!” Why? “Because we tried it 10 years ago!” What this executive with FD&H doesn’t realize is that he’s quickly working himself out of a job. You see, the board has brought in a visionary CEO who deeply believes in thinking and leading differently. He is out spending time with brokers, attending and speaking at industry conferences. He’s visiting with end clients with the agents and is writing insightful pieces as executive summaries to distribute across the industry. Meanwhile, back at the ranch, the COO is busy covering his behind, demonstrating to peers and subordinates alike his lack of confidence in his operational stewardship. He seems particularly threatened by entrepreneurial thinking by people around him. Whatever his reasons, unfortunately what he is neglecting to see is that he’s a danger to his company, the firm’s clients and the industry. An organization with too many FD&H sufferers will die of stagnation. Allowing “Fat, Dumb and Happy” attitudes to exist within an organization—or worse, spread—leads to increasing irrelevance to your broker community, end customers, agents, investors and other stakeholders. Markets evolve, and so must you. The cure: independent perspective To prevent FD&H syndrome, regularly inoculate your key leaders with independent perspective. They must attend gatherings of senior executives at industry conferences and executive education sessions at respected universities. On a regular basis, they must invite thought and practice leaders (from both within the industry and outside) to host roundtable discussions  or go off-site to work on the business and break the routine. Unlike doctors, independent advisers make house calls. Consultants, thought and practice leaders alike can spark new ideas and unique perspectives and suggest a different lens through which to view the same challenges or opportunities. And if FD&H sufferers stand in the way, overtly or covertly sabotaging every attempt at forward motion, maybe it’s time to retire them to the irrelevant pasture they belong in. My favorite example from my COO interaction is his justification for inaction: “Look how much money I saved us!” As professional interventionists, we come with no agenda. We’re not after anybody’s job. We often bring unique insights and, most importantly, independent perspectives. As outsiders, we can ask, say or do things others within the organization may not be able to for fear of political retribution. Mr. COO has been explicitly directed to evolve the organization, but his severe case of FD&H renders him powerless. I’m trying to give him the vaccine and guide him into alignment with his positional role to lead his organization’s evolution, but it appears my intervention is too late. Invest in relationships that matter Moral of the story? Time is an incredibly effective filtering mechanism. If this particular executive doesn’t change his irrational and protectionist behavior, he cannot continue to be employed by a forward-looking enterprise with a visionary CEO. (And, by the way, the CEO has recently replaced two other FD&H sufferers in the senior leadership team.) Those in the insurance industry who refuse to evolve, as their organizations must, are simply on borrowed time. Sooner or later, this myopic thinking or antagonistic posturing against outsiders will cause him to shoot himself in the foot. “Time wounds all heels,” the joke goes. In this case, the wound is to the entire organization, not just the heel. The critical point for any of his direct reports, as well as several of us outsiders who are genuinely trying to help the organization move forward, is to continue to build productive relationships, up, down and across the organization. If I have the ear of the CEO and the mandate by the board to identify dysfunctions within the organization and recommend opportunities for innovative thinking, a more agile culture and growth strategies, I can appeal to the logical self-interest of this roadblock COO’s peers to think and lead differently. Today’s global, always-on insurance industry is simply too competitive for sufferers of FD&H to last forever. When he’s gone, others will be there, ready to offer fresh and independent insights. For the organization, Fat will become Lean, Dumb will become Smart and Happy will be replaced with Results, as the organization leverages its greater efficiency and effectiveness. Public health warning: If you recognize that someone in your organization is a sufferer of FD&H, don’t wait. Get help now. Takeaways 1. Sufferers of FD&H Syndrome (Fat, Dumb, and Happy) are unacceptable baggage because the insurance industry is boarding maglev trains – and the FD&H folks are still searching for the horse & buggy! 2. The cure for FD&H Syndrome is frequently outsiders’ unique insights and independent perspectives. 3. Time will eventually remove FD&H sufferers, but not quickly enough to meet the demands of today’s agile insurance industry demands.

Second to a building fire, water system failures are the most expensive perils in the construction insurer's risk portfolio.  But there is little incentive for anyone to protect the insurer: After the engineering design for a plumbing system is done, the contractors are only liable for workmanship, and the manufacturer is only liable for materials. The insurer is liable for everything else. The insurer must be aware of the pitfalls of a water system installation to both write the exclusions and investigate for liable cause in the event of a failure. This article discusses a very popular plumbing material commonly referred to as PEX and addresses issues that may not be found in the actuarial tables. PEX stands for “cross-linked polyethylene.” It is a relatively new material (less than 20 years) that has gained widespread acceptance in new construction piping and renovation re-piping for potable water systems. The reasons are obvious – PEX has flex; it is inexpensive; and the installation is fast, simple and reliable. Also, PEX will not burst in freezing conditions like CPVC or copper. PEX installations older than 30 years are common in Europe, with an excellent reliability record. PEX is especially desirable on re-pipes because it can greatly reduce the size of intrusions into walls, as plumbers can snake the material across smaller openings. Unfortunately, there is some vulnerability that the insurer needs to be aware of. While we would always recommend obtaining a professional engineering opinion for assessing a PEX system, this short article will help the insurer understand what PEX is and how to evaluate the big vulnerabilities to using it: brass fittings, UV exposure, water quality and even vermin!. Advantages Cross-linked polyethylene is a modification of polyethylene plastic commonly found in children’s playground equipment. Cross-linking means that the individual "mers" in the "polymer" are bunched up into knots instead of aligned in one direction. This knotting allows the material to return to its original size and shape after being stretched. This is great for holding on to fittings, bending around corners and expanding under pressure, heat or even freezing conditions. PEX is very fast to install and can be threaded through walls without having to necessarily cut out large sections of wallboard. Connections can be inspected visually with great reliability, and precise measurement is not as critical as it is with materials such as copper and CPVC. PEX has been widely used for several decades, with broad acceptance in the market and universal familiarity in the plumbing trade. Many different companies support PEX products with accessories and connectors such as manifolds, hangers and specialty adapters. Concerns -- and Answers PEX is clearly not without its own problems. Fortunately, many of them may be avoidable. In the engineering profession, we understand that it is rare for one single problem to cause a failure; rather, it is the combination of two or more problems that lead to the major accidents. Many times, accidents occur when one party does not communicate with another. With PEX, the owner, contractors, builders, maintenance personnel, etc. must be aware of the system configuration and have a plan for interacting with the system. An insurer can have a strong impact in this area by specifying full disclosure of the hazards. For this reason, engineering counsel is often warranted in a complex system, to assist in assessing risks. Here are six areas that need to be addressed: -- One risk is dezincification of the brass used in fittings. When the zinc content in the brass (an alloy of copper and zinc) is too high, it can corrode away. That leaves a weak and porous copper shell, which can lead to failure conditions ranging from persistent leaks to catastrophic breach of a pressurized line.  At least one class action was filed against the makers of a particular brass fitting that was failing in service and causing substantial property damage. The root cause was found to be the dezincification of fittings (generally purchased in big box hardware stores and made cheaply overseas). This suit was settled for $90 million. The problem of dezincification is now easily avoidable. The owner of a building should specify low-zinc brass fittings or use "engineered plastic" fitting components. -- PEX was also suspected of leaching controversial chemicals such as MBTA, TBA and BPA that are considered toxic. While we cannot testify to the specifics of this claim, the state of California has banned PEX in many buildings. Given the segmented nature of permitting jurisdictions in the U.S., insurers should be aware of these concerns. It is generally accepted that of the three types of PEX (called type A, B and C), type B is the only formulation that does not have any leaching considerations. Leaching concerns can be avoided by giving proper attention to leaching considerations as well as strength and temperature ratings among the three varieties. Insurers should be diligent about knowing what type of PEX is being used. -- The stabilizers in PEX are highly vulnerable to breaking down under UV radiation -- while some sources may claim that some UV exposure is acceptable, we advise that all precautions should be taken to shield this material from UV rays. Even fluorescent lamps and CFLs are to be avoided, especially where piping is routed through a ceiling and may interact with recessed fluorescent lighting. There are many shielding products available to solve this problem. However, PEX is best-suited to total darkness. An insurer can easily specify protection from UV. -- PEX is also known to be slightly vulnerable to chlorinated water and possibly copper ions, resulting from copper corrosion upstream. The temperature rating of the water must be strictly adhered to. Alone, these factors may not be worrisome in many applications. However, when combined with other aggravating factors, the aggressiveness of the water may amplify hazard potential. A test of water chemistry is advisable. -- Most reputable builders will shield a PEX installation to keep a future owner or contractor from, say, hammering a nail into the wall and hitting the PEX. Homeowners should be aware of the potential to cause a leak by intruding through a wall with a nail or saw. Some contractors will use a thermal measurement device to identify water piping before cutting into a wall for any other reason. It is important for everyone who can interface with the system to know where PEX pipes are before cutting into a wall. -- We have seen several instances where mysterious leaks appear in PEX installations when rodents are exterminated. The poison that is often used to kill small animals causes them to become very thirsty and seek water. Rats appear to be especially clever and can discern the sound of water flowing through PEX pipes – then rapidly chew through the PEX to access water. Make sure that all hired contractors -- from electricians to exterminators -- are licensed and experienced when interacting with a building that has a PEX system. Conclusion It can be seen that failures will most likely occur from the combination of two or more seemingly unrelated problems. It is rare that any single person or contractor is aware – on a scientific basis – of all these factors and the way that they can interact with each other. The owner of a building or maintenance personnel cannot be expected to know all of these details – they just install what they buy at the supply shop. It is important that the insurer is aware and able to assess or mitigate the vulnerabilities of PEX and watch the installation closely. A vigilant insurer will retain engineering counsel to oversee building specifications, construction, maintenance and forensics.

Many believe medical quality is sacrificed when attempting to control costs. The logic assumes the way to achieve quality medical care is to deliver more of it. The other side of the same reasoning is that less medical care means less quality. However, the cost-quality balance is not a zero-sum game. These supposed opposites -- high quality and low costs -- can coexist in managing the medical portion of workers’ compensation claims. Quality is not counter to cost management in medical treatment. For instance, managing the number of visits or encounters, prescriptions and the number of specialists the claimant encounters are just a few ways to limit medical services that may, in fact, improve quality. On the one hand, the treating doctor should see the injured worker often enough to understand, direct and maintain control over the recovery process. Yet some physicians embellish their revenue flow by seeing patients more frequently than necessary. To manage excessive utilization of office visits and services, evaluate the data to learn what is reasonable and what is disproportionate. To be effective, the data must be monitored concurrently so that intervention has an impact. The way to objectively measure excessive visits is to monitor and analyze the data. For specific injuries in a given jurisdiction, what is the mean number of medical visits? Outliers can be interpreted to mean either the treating physician is fraudulent or the claimant is in trouble. Either way, focused attention is needed. A claims payment organization can set standards for what should be considered the threshold of excess for given conditions. Beyond that point, the claim is examined and intervention initiated. Some states legislate frequency of care. The state of California, for instance, has placed limits on the number of physical therapy and chiropractor visits. The data system can mobilize notification to the appropriate persons when the benchmark is approaching so that limits are not exceeded. Applying similar methods to a variety of medical visits and services adjusted by diagnosis and other factors such as age and comorbidity will similarly lower costs while sustaining quality. Another example of balancing quality and cost is controlling frequency or volume of services by electronically monitoring prescription practices, especially those for Schedule II or opioid drugs. The literature is replete with examples of ineffective and poor outcomes when opioids are over-used. By monitoring current data, usage and cost can be checked through appropriate intervention. Yet another indicator found in the data reflecting excessive medical treatment is multiple medical referrals. Too often when the patient is not improving, the doctor’s response is to refer to specialists. The data gives up that information by noting the number of medical providers and specialists involved in a claim. Assuredly, a claim with multiple specialists is a claim in trouble, or at least progressing poorly, needing attention. Industry research speaks for itself. Consider this Washington state study, “Long-term Outcomes of Lumbar Fusion Among Workers Compensation Subjects: An Historical Cohort Study.” This study concluded, “Lumbar fusion for disc degeneration, disc herniation and/or radiculopathy in a workers' comp setting is associated with significant increase in disability, opiate use, prolonged work loss and poor RTW status.” Monitor the data to discover outliers early so that interventions will effectively improve outcomes. The key to supporting quality while cutting cost is identifying potential problems early. The longer an issue persists, the more challenging it is to correct it. Consider both medical quality and cost control equal goals. They are not mutually exclusive. The medical profession itself is recognizing and addressing the issues of over-prescribing, over-testing and over-treatment. Medical managers need to assist in the process.

“Delete this email if you are not the intended recipient.” That and similar language theoretically sounds imposing but essentially does nothing to protect sensitive data from any nefarious actors who view it (though they may get a good chuckle before reading the email). Yet almost 90% of attorneys surveyed by LexisNexis for a study it published in May 2014 on law firm security acknowledged using email to communicate with clients and privileged third parties. The vast majority of attorneys surveyed also acknowledged the increasingly important role of various file sharing services and the inherent risk that someone other than a client or privileged third party could gain access to shared documents. Yet only 22% use encrypted email, and 13% use secure file sharing sites, while 77% of firms rely on the effectively worthless “confidentiality statements” within the body of emails. Technology Basics To explain the right approach, I need to start with some technology basics. How does email actually work? By its nature, email is not a terribly secure way to share information. When you send an email, it goes through a powerful, centralized computer called a server on its way to a corresponding email server associated with the recipient’s computer or mobile device. The email passes through any number of servers along the way, like a flat stone skipping across a pond. If that email isn’t encrypted, anyone with access to any one of those servers can read it. What is encryption? Encryption is the use of an algorithm to scramble normal data into an indecipherable mishmash of letters, numbers and symbols (referred to as “ciphertext”). An encryption key (essentially a long string of characters) is used to scramble the text, pictures, videos, etc. into the ciphertext. Depending on how the encryption is set up, either the same key (symmetrical encryption) or a different key (asymmetrical encryption) is used to decrypt the data back into its original state (called “plaintext”). Under most privacy and data breach notification laws, encrypted data is considered secure and typically doesn’t have to be reported as a data breach if it’s lost or stolen (so long as the decryption key isn’t taken, as well). Three Methods to Secure Email 1) Encrypted email. Properly encrypted email messages should be converted to ciphertext before leaving the sender’s computer or mobile device and stay encrypted until they are delivered to the recipient (remaining indecipherable as they pass through each server along the way). This approach is referred to as end-to-end encryption. Until fairly recently, email encryption has been a somewhat technical and cumbersome process, often requiring both sender and recipient to use matching encryption programs and carefully manage their own encryption keys. Now, there are plenty of encrypted email offerings from larger commercial companies, as well as a number of new and interesting email encryption services that have become available in the wake of disclosures made by Edward Snowden. When choosing one, be mindful of where the service you use is located (including where the servers handling the emails on the system actually are). Snowden used a well-regarded U.S.-based encrypted email provider called Lavabit. Not long after Snowden’s revelations came to light, federal law enforcement forced Lavabit to secretly turn over the encryption keys safeguarding its users’ private communications. Lavabit’s founder tried to resist but was overwhelmed in federal court.  As a result, he shut down the service. Another well-regarded service called Silent Mail followed suit shortly thereafter as it felt it could no longer ensure its customers’ privacy. Both have since relocated to Switzerland and are planning to introduce a new encrypted email service called Dark Mail. Larger companies offering encrypted email services typically control the encryption keys and will decrypt data before turning it over in response to a warrant or subpoena (including one coupled with a gag order). In addition, email service providers can legally read any email using their systems under Title II of the Electronic Communications Privacy Act, referred to as the Stored Communications Act. Moreover, emails remaining on a third-party server for more than 180 days are considered abandoned. Any American law enforcement agency can gain access to them with a simple subpoena. Accordingly, if you choose to use a service based in the U.S. or another jurisdiction with similar privacy protections, be mindful of who controls the encryption keys. 2) Secure cloud storage. Another way to securely communicate or share files with a client or privileged third party is to place communication and files in encrypted cloud storage and allow the client or third party to have password-protected access to them. Rather than a direct email with possible attachments, the client or third party would receive a link to the securely stored data. The cloud service you select should be designed for security. Before you ask: DropBox and Google Drive would not be suitable options. There are a number of services offering well-protected cloud storage, and it’s important to do your due diligence before selecting one. If it all seems a bit much to figure out, two services I would recommend looking into are Cubby and Porticor. 3) Secure Web portal. A third approach is to place communications and files in a secure portion of your firm’s network that selected clients and privileged third parties can access. As with the secure cloud storage option, the email sent to the client or third party would have a link back to the secure Web portal’s log-in page. An advantage to this approach is that the communications and files do not actually leave your computer network and should be easier to protect. An additional consideration: A government snoop or competent hacker doesn’t necessarily have to target a message while it’s encrypted. A message that is protected by strong encryption when it’s sent or held in secure cloud storage can still be intercepted and read once it has been opened or accessed using a mobile device or computer that has been compromised. The same holds true for intercepting a message before it’s encrypted initially. What steps can you take to protect yourself? The software on any computer or other device that can potentially access confidential data should be kept as up-to-date as possible. Devices should be protected against possible data loss if they are lost or stolen. And all firm personnel should have regular security awareness training with respect to social engineering and other threats. At the end of the day, there is no single silver bullet to provide perfect security. But there are genuinely helpful steps that you can take to better protect your electronic communications and keep your sensitive data confidential.

At the recent meeting of the Insurance Accounting & Systems Association, President Bill Clinton said in his keynote speech, “Share the future or fight over it.” As an industry, we have a history of collaborating, which has benefited all of us, but we need to raise the bar to succeed in this fast-changing world. Other industries and businesses are changing all around us and seeking to encroach on and challenge insurance. So we must embrace open innovation, collaboration, crowdsourcing and ideation with new standards and at higher levels within companies, within the industry and even between industries. The topics of innovation, change, and emerging technologies were the focus of this year’s IASA “Around the Horn” industry analyst panel. I had the pleasure of representing SMA, and as I prepared for the panel session I found myself taking a step back. I realized that when leveraging the vast base of SMA research and insights and blending that with the broader strategic business implications for the industry, a powerful story emerged. A wave of disruption and innovation has hit our industry with an intensity that we didn’t quite expect. In the spirit of sharing, for those who did not attend, here is a summary of my rapid-fire responses to the panel questions to help inspire you, challenge you and get you to embrace collaboration as an industry to help you quickly define your future: --Innovation is happening all around us. We are at the forefront of what is probably the greatest disruption in history: the digital revolution. And it is affecting every industry. This revolution is fueled by the breadth and depth of the new technologies that are changing customer engagement, transforming products and services, redefining business and revenue models, breaking down barriers to new entrants and more – look at the Apple iPhone, introduced 7 years ago, and the resulting destruction and construction of industries and businesses. Today, the bar is set at a new high. Operational excellence is an absolute. Innovation is necessary for future success. And the Next-Gen Insurer is being defined and shaped. --Insurers must have a strong culture that combines the power of open innovation with an ecosystem that empowers collaboration. If we don’t define our own future as an industry, other industries may try to step in and define it for us. --We must focus on the constantly connected customer. We all must recognize that, in this digital revolution, the customer is in control and is defining the channels that he or she wants to use – from purchasing through service. As insurers seek to become digital insurers, they must have unified digital strategies that create seamless, consistent and connected customer experiences in an omni-channel environment. Think like Google, Zappos, Apple, Nike, AT&T and others that are the new digital leaders. --Product development and configuration are key differentiation levers. These capabilities are shaping today’s competitive landscape, with speed to market of paramount importance. The pressure to stay current, deliver new offerings and price accurately is driving many insurers to seek innovative solutions. The average new product implementation timeline is nearly 7.5 months. Less than 2% of insurers can implement in less than 30 days. But some innovative companies have found a way to implement in less than 5 days! Another emerging capability of even greater importance is the enabling of product co-creation – customers can help to configure their own products according to their wants and needs. --Usage based insurance (UBI) is not just about product; it’s a whole new business model. UBI moves the focus from risk assessment to risk prevention. And its application is much larger than auto insurance. It is about the connected car, the connected home and the connected life. UBI is the precursor of a broader impact of sensors and the Internet of Things that will allow us to connect the dots between data for new customer products, services, outcomes and experiences – providing a real-time view of risk. --Data is the new currency in the digital world. Data has always been seen as the lifeblood of the industry, but its strategic value is now at the forefront. And big data, business intelligence and analytics continue to take the insurance industry by storm. What is holding insurers back is the lack of a data management strategy and a deficient level of data mastery. Both strategy and mastery will be needed to unlock the full business value of data, whether transactional, unstructured, internal or external. --Social media is a subset of digital data. Customers are sharing information about all aspects of their lives – social, pictures, online discussions, GPS, sensors, mobile technologies and more – and all this data is in the cloud. People are able to search their recorded memories and use new tools that can influence and shape their lives like never before. New companies are creating digital lockers for data that can be stored and managed by customers to be used in innovative ways. When new solutions like these form around customer logging activities, the question from customers will be: “Is the value of what I'm revealing worth the services I'm receiving in return?” The key issue will be the customers’ control of their data. --Digitalization is happening and is dramatically destructive. A foundational change is taking place in the way all businesses are approaching value creation. In today’s hyper-connected world, companies are moving from managing value chains to managing ecosystems to power their businesses. The ubiquitous connectivity of people via the Internet and emerging technologies is disrupting traditional business assumptions about how to engage customers, the products and services offered and, ultimately, business and revenue models. Just look at these transformations: from the Yellow Pages to Yelp, hailing a cab to Uber or Lyft, booking a hotel to Airbnb and policemen managing traffic to managing traffic with crowdsourcing Waze. All of these represent the disruption happening all around insurance and point to the imminent disruption that will transpire within insurance. --Mobile is much broader than the phone and tablet. It includes smartphones, MP3 players, e-readers, in-dash car electronics, cameras, portable consoles, home entertainment, appliances and any device or sensor that connects to the internet to share data. And there is now a continuing evolution of mobile apps from multi-purpose websites or portals to single-purpose apps. This will compel companies to design apps as a service layer within an enterprise technical architecture that will enable seamless integration and connectivity between apps – critically important with the Internet of Things. --Cloud is increasingly mainstream because that is where the data is moving. Two years ago, it was an option in core system RFPs, whereas today it is increasingly a preferred choice. The future will be the Cloud of Things, a world of distributed data, devices, technology, intelligence, computing, etc. that is highly connected and will enable the creation of products and services. --The issue is “customer empowerment,” not "customer-centricity." Customer-centricity is a 1990s/early 2000s term and is only a subset of customer empowerment. We used to shape the customer experience; now it is shaped for us by the rest of the world. Customer empowerment defines new engagement models. As customers gain market power, they are increasingly comfortable with technology, have a stronger voice and use it to demand collaboration. Insurers must view all technology as touching customers, because it influences the customer experience, both directly and indirectly, ultimately shaping and defining the customer relationship. --As an industry, we are seeing challenges to our long-held assumptions and business models coming at us every day. Technology is now super-connected, creating new experiences, new products and services, new outcomes and new business and revenue models that were not possible a few years ago. Just as the iPhone provided a platform of possibilities, core systems – integrated with an array of new technologies like mobile, social, Internet of Things, cloud, big data, analytics, driverless vehicles, biotechnology and much more – have the potential to transform our industry … and to do it on our own terms. So be inspired. Be creative. Be collaborative. Be bold. Let’s create and share the future together!