To participate in the new world of customer self-service and straight-through processing, many insurance carriers find themselves having to deal with decades of information neglect. As insurers take on the arduous task of moving from a legacy to a modernized information architecture and platform, they face many challenges. I'll outline some of the common themes and challenges, possible categories of solutions and practical steps that can be taken to move forward. Let's consider the case of Prototypical Insurance Company (PICO), a mid-market, multiline property/casualty and life insurance carrier, with regional operations. PICO takes in $700 million in direct written premiums from 600,000 active policies and contracts. PICO's customers want to go online to answer basic questions, such as "what's my deductible?"; "when is my payment due?"; "when is my policy up for renewal?"; and "what’s the status of my claim?” They also want to be able to request policy changes, view and pay their bills online and report claims. After hearing much clamoring, PICO embarks on an initiative to offer these basic self-service capabilities. As a first step, PICO reviews its systems landscape. The results are not encouraging. PICO finds four key challenges. 1. Customer data is fragmented across multiple source systems. Historically, PICO has been using several policy-centric systems, each catering to a particular line of business or family of products. There are separate policy administration systems for auto, home and life. Each system holds its own notion of the policyholder. This makes developing a unified customer-centric view extremely difficult. The situation is further complicated because the level and amount of detail captured in each system is incongruent. For example, the auto policy system has lots of details about vehicles and some details about drivers, while the home system has very little information about the people but a lot of details about the home. Thus, choices for key fields that can be used to match people in one system with another are very limited. 2. Data formats across systems are inconsistent. PICO has been operating with systems from multiple vendors. Each vendor has chosen to implement a custom data representation, some of which are proprietary. To respond to evolving business needs, PICO has had to customize its systems over the years. This has led to a dilution of the meaning and usage of data fields: The same field represents different data, depending on the context. 3. Data is lacking in quality. PICO has business units that are organized by line of business. Each unit holds expertise in a specific product line and operates fairly autonomously. This has resulted in different practices when it comes to data entry. The data models from decades-old systems weren’t designed to handle today's business needs. To get around that, PICO has used creative solutions. While this creativity has brought several points of flexibility in dealing with an evolving business landscape, it's at the cost of increased data entropy. 4. Systems are only available in defined windows during the day, not 24/7. Many of PICO's core systems are batch-oriented. This means that updates made throughout the day are not available in the system until after-hours batch processing has completed. Furthermore, while the after-hours batch processing is taking place, the systems are not available, neither for querying nor for accepting transactions. Another aspect affecting availability is the closed nature of the systems. Consider the life policy administration system. While it can calculate cash values, loan amounts, accrued interest and other time-sensitive quantities, it doesn't offer these capabilities through any programmatic application interface that an external system could use to access these results. These challenges will sound familiar to many mid-market insurance carriers, but they’re opportunities in disguise. The opportunity to bring to bear proven and established patterns of solutions is there for the taking. FOUR SOLUTION PATTERNS There are four solution patterns that are commonly used to meet these challenges: 1) establishing a service-oriented architecture; 2) leveraging a data warehouse; 3) modernizing core systems; and 4) instituting a data management program. The particular solution a carrier pursues will ultimately depend on its individual context. 1. Service-oriented architecture SOA consists of independent, message-based, contract-driven and, possibly, asynchronous services that collaborate. Creating such an architecture in a landscape of disparate systems requires defining:

• Services that are meaningful to the business: for instance, customer, policy, billing, claim, etc.
• Common formats to represent business data entities.
• Messages and message formats that represent business transactions (operations on business data).
• Contracts that guide interactions between the business services.

Organizations such as Object Management Group and ACORD have made a lot of headway toward offering industry-standard message formats and data models. After completing the initial groundwork, the next step is to enable existing systems to exchange defined messages and respond to them in accordance with the defined contracts. Simple as it might sound, this so-called service-enablement of existing systems is often not a straightforward step. Success here is heavily dependent on how well the technologies behind the existing systems lend themselves to service enablement. An upfront assessment would be entirely warranted. Assuming service enablement is possible, we’re still not in the clear. SOA only helps address issues of data format inconsistencies and data fragmentation. It will not help with issues of data quality and can offer only limited reprieve from unavailability of systems. Unless those can be addressed in concert, this approach will only provide limited success. 2. Data warehouse A data warehouse is a data store that accumulates data from a wide range of sources within an organization and is ultimately used to guide decision-making. While using a data warehouse as the basis of an operational system (such as customer self-service) is a choice, it is really a false choice for a couple of different reasons.

• Building a data warehouse is a big effort. Insurers usually can’t wait for its completion. They have to move ahead with self-service now.
• Data warehouses are meant to power business intelligence, not operational systems. If the warehouse already exists, there’s a 50% chance that it was built on a dimensional model. A dimensional model does not lend itself to serving as a source for downstream operational systems. On the other hand, if it’s a “single version of truth” warehouse, the company is well on its way to addressing the data challenges under discussion.

3. Modernizing core systems Modern systems make self-service relatively simple. However, unless modernization is already well underway, it, too, cannot be waited for, because implementation timeframes are so long. 4. Instituting a data management program A data management program is a solution that deals with specific data challenges, not the foundational reasons behind those challenges. To overcome the four challenges mentioned at the beginning of the article, a program could consist of a consolidated data repository implemented using a canonical data model on top of a highly available systems architecture leveraging data quality tools at key junctions. Implementing such a program would be much quicker than the previous three options. Furthermore, it can serve as an intermediate step toward each of the previous three options. As an intermediate step, it has a risk-mitigation quality that’s particularly appealing to mid-sized organizations. The particular solution a carrier pursues will ultimately depend on its individual context. In the final part of this series, we’ll discuss practical steps that a carrier can take towards instituting its own data management program. PRACTICAL STEPS Here are the practical steps that a carrier can take toward instituting its own data management program that can successfully support customer self-service. The program should have the following five characteristics: 1. A consolidated data repository The antidote to data fragmentation is a single repository that consolidates data from all systems that are a primary source of customer data. For the typical carrier, this will include systems for quoting, policy administration, CRM, billing and claims. A consolidated repository results in a replicated copy of data, which is a typical allergy of traditional insurance IT departments. Managing the data replication through defined ETL processes will often preempt the symptoms of such an allergy. 2. A canonical data model To address inconsistencies in data formats used within the primary systems, the consolidated data repository must use a canonical data model. All data feeding into the repository must conform to this model. To develop the data model pragmatically, simultaneously using both a top-down and a bottom-up approach will provide the right balance between theory and practice. Industry-standard data models developed by organizations such as the Object Management Group and ACORD will serve as a good starting point for the top-down analysis. The bottom-up analysis can start from existing source system data sets. 3. "Operational Data Store" mindset -- a Jedi mind trick Modern operational systems often use an ODS to expose their data for downstream usage. The typical motivation for this is to eliminate (negative) performance impacts of external querying while still allowing external querying of data in an operational (as opposed to analytical) format. Advertising the consolidated data repository built with a canonical data model as an ODS will shift the organizational view of the repository from one of a single-system database to that of an enterprise asset that can be leveraged for additional operational needs. This is the data management program’s equivalent of a Jedi mind trick! 4. 24/7/365 availability To adequately position the data repository as an enterprise asset, it must be highly available. For traditional insurance IT departments, 24/7/365 availability might be a new paradigm. Successful implementations will require adoption of patterns for high availability at multiple levels. At the infrastructure level, useful patterns would include clustering for fail-over, mirrored disks, data replication, load balancing, redundancy, etc. At the SDLC level, techniques such as continuous integration, automated and hot deployments, automated test suites, etc. will prove to be necessary. At the integration architecture level (for systems needing access to data in the consolidated repository), patterns such as asynchronicity, loose coupling, caching, etc., will need to be followed. 5. Encryption of sensitive data Once data from multiple systems is consolidated into a single repository, the impact of a potential breach in security will be amplified several-fold – and breaches will happen; it’s only a matter of time, be they internal or external, innocent or malicious. To mitigate some of that risk, it’s worthwhile to invest in infrastructure level encryption (options are available in each of the storage, database and data access layers) of, at a minimum, sensitive data. A successful data management program spans several IT disciplines. To ensure coherency across all of them, oversight from a versatile architect capable of conceiving infrastructure, data and integration architectures will prove invaluable.

Although many people think of cyber insurance when confronted with a data breach, cyber insurance may not be quite so top of mind in the context of corporate mergers and acquisitions. Cyber insurance should be, because policies typically contain provisions that are directly affected by such transactions. Enterprises should take a close look at their cyber insurance policy provisions early on in the deal-making process so that coverage for the affected enterprises can be maximized. The focus on cyber should be especially acute now, both because M&A activity continues to rise and because the importance of cyber coverage is surging on the heels of recent, headline-making data breaches. Cyber insurance policies, like most other policies, typically provide coverage to the named insured identified in the policy, as well as to any subsidiary of the named insured that was created by the date the policy took effect. Carriers generally ask enterprises to identify all such subsidiaries during the application process. Although disclosed subsidiaries may generally be considered "insureds" at the time cyber policies are issued, cyber policies may contain provisions that specify the steps the insured must take to obtain coverage for subsidiaries acquired or created, or for entities involved in mergers or consolidations. Insureds that are considering mergers or acquisitions should ensure compliance by carefully reviewing their cyber insurance policies early in the transaction process. Relevant provisions might be found in various places in cyber policies, including within the policy's conditions, definitions and exclusions. Mergers and newly acquired or created subsidiaries The steps an insured must take to secure coverage for a newly acquired subsidiary vary from policy to policy and may depend on the financials of the subsidiary. For example, under one cyber policy, if the acquired entity has revenue greater than 10% of the named insured's total annual revenue, the named insured must: provide written notice before the acquisition, obtain the insurer's written consent and agree to pay any additional premium required by the insurer. Another insurer requires an Insured that merges with, acquires or creates an entity with assets exceeding 10% of the total assets of the insured to provide full details of the transaction as soon as practicable The insurer is entitled to impose additional terms, conditions and premiums, at its sole discretion. Under the terms of a different policy, if the named insured acquires or creates another organization in which the named insured has an ownership interest of greater than 50%, the organization is covered for insured events that take place after the date of acquisition or creation, but only if the named insured provided notice to the insurer no later than 60 days after the effective date of the acquisition of creation, along with any information the insurer should require. The insured may be exempted from that process if, among other things, the new subsidiary's gross revenues are 10% or less than those of the named insured. Relevant terms are implicated under another cyber policy if the insured acquires or creates an entity that becomes a subsidiary, acquires an entity by merger or purchases assets or assumes liabilities of an entity without acquiring the entity. If the total assets of the acquired or created entity, or the combined total amount of the purchased assets or assumed liabilities, are less than 30% of the consolidated assets of the insured, the new entity may be entitled to certain coverages under the policy if the named insured provides written notice as soon as practicable, but in no event later than 60 days after the effective date of the transaction. The named insured will have to provide any requested information and may be subject to an increased premium. A different insurer requires the named insured to provide notice of a newly formed or acquired subsidiary within 60 days of the transaction if the named insured has more than 50% of the legal or beneficial interest of the entity. If, however, the total assets or total revenues of the new entity exceed 15% of the total assets or revenues of the named insured, the named insured must provide the “full particulars” of the new entity, and the insurer must agree in writing to provide coverage. The insurer may charge an increased premium and amend policy terms. Divested entities and changes in ownership Provisions of cyber policies also may be affected by changes affecting entities that initially are covered under the policy. For example, policies may provide that if the named insured’s legal or beneficial interest in a subsidiary becomes less than 50%, the entity will no longer qualify as a subsidiary under the policy and will lose coverage. Cyber policies also may contain provisions that will be triggered in the event of a takeover of the named insured. Conclusion Corporate transactions may have important effects on the coverage provided under a cyber insurance policy. Because there are no standard-form cyber policies, the provisions that might be implicated by any such transaction, including important notice requirements, will vary from policy to policy.  Entities should carefully review their coverage at the very outset of the deal-making process to ensure that they full understand their rights and obligations and comply with all policy provisions so that coverage can be maximized.

Employers entering into separation agreements (also called “settlement” or “severance” agreements) has become commonplace. By way of these agreements, employers generally provide a monetary benefit to outgoing employees, or employees who have asserted claims. In exchange, the employees waive certain legal rights to which they otherwise may have been entitled. Some of the most common provisions that bind employees are:

• confidentiality (prohibiting the employee from disclosing the amount of severance money received, and other terms)
• non-disparagement (prohibiting the employee from making unfavorable comments about the employer)
• releases (the employee forever agrees not to file claims against the employer)
• cooperation (the employee agrees to notify the employer if she receives information about an investigation or claim against the employer).

In light of a recent complaint filed by the U.S. Equal Employment Opportunity Commission (EEOC), the legality and enforceability of existing signed separation agreements could be subject to challenge. The EEOC recently filed a lawsuit against CVS, a national provider of prescriptions and health-related services, in a federal district court. The EEOC alleges that CVS entered into more than 650 unlawful separation agreements with employees. Specifically, the EEOC alleges that the separation agreements, which contained the common provisions described above, unlawfully made severance pay depend on:

• prohibiting the employees from filing charges at the EEOC
• interfering with the employees’ ability to cooperate with investigations by the EEOC and other federal agencies.

According to the EEOC’s complaint, the separation agreements violate Title VII of the Civil Rights Act of 1964. The lawsuit is pending, and the federal district court has not issued any ruling on the merits. Nevertheless, in light of the EEOC’s complaint, employers should be mindful of existing and future separation agreements and should review such agreements with their employment counsel to ensure that they comply with the law.

I’m a child of the '80s --  to be specific, 1983. Some might say I'm a Generation Xer; some might say I'm from Generation Y; others might describe me as a Millennial. Regardless of what you call me, if you're going to sell me something, it better involve technology. You see, my life revolves around technology. I grew up with computers, just as a previous generation grew up with TV. I use a branchless bank. I stream my television content. I use social media to communicate with my friends. I don't like paper. Technology makes my life easier. So you can imagine, as I looked at career possibilities, I never saw myself working for the insurance industry. I hardly knew anything about it, actually, except that it didn't seem like an industry that was very innovative or technologically advanced. I remembered:

• sitting at my insurance agent’s desk watching him use an application that looked like it belonged on the Oregon Trail.
• having to send faxes to make policy changes.
• being directed to call the insurer’s corporate headquarters to file a claim, and in the process repeat my member ID over and over during the same conversation.
• not being able to know the impact that a change to my policy would have on my bill.

I've watched over the last several years as an entire industry has reevaluated itself and rethought how it does business and markets itself -- a member of the next generation of consumers. But there’s still a long way to go. I’d like to see:

• tremendous investment in modern technology and the delivery of useful, self-service capabilities.
• companies embracing more forward-thinking mobile and social media trends, meeting customers like me where we are.
• Investigation and implementation of innovative technologies involving telematics and other tools for consumers.
• a more intimate relationship between customers and the carrier, which will leverage advancements in analytics, business intelligence and predictive modeling.
• the industry be able to attract young, top IT talent so insurers can continue to innovate.

For me and my generation, these will be welcome developments for a couple of reasons. First, we’re digital natives. There aren’t too many facets of our lives that haven’t gone electronic. For me, my church-giving and insurance may be all that remains offline. Second, now that the industry has begun to reverse course and is upping its technology game, my generation has another employment option, which we most likely would not have considered otherwise.  No, it’s not true that we all want to work at Apple or Google, but we do want to invest our considerable talents in an industry that has interesting problems to solve and, more importantly, an environment that shares our enthusiasm and trust for technology. Although insurance has been a bit slow on the uptake, it’s truly gratifying to see an entire industry take my generation seriously, incorporate our needs into overall strategies accommodate our lifestyles and view us as something worth investing in. I look forward to watching technology shape insurance innovation. Who knows—maybe this is the year experiments like usage-based insurance will become a reality. The battle for the hearts of my generation is on. Only the tech-savvy carriers and agents will triumph.

Nine months into it and getting ready for the next go-round, I thought it might be beneficial to take a look back and see what progress has been made on the Affordable Care Act.  There are many perspectives from which to evaluate the situation, and many will vary in their assessment. This article attempts to take an unbiased view and make an accurate assessment. First of all, the implementation was a near disaster. Frustrated customers, frustrated carriers, frustrated providers. . . Obamacare couldn’t have generated more frustration if that had been the primary objective. Now that most of the dust has settled, the exchanges are enrolling individuals, and customers are paying their premiums and obtaining coverage with their selected health plan and carrier. I am not aware of any major glitch in this process. It appears that this part of the marketplace is functioning well, even if with implementation bruises. The rate update process for 2015 also appears to be working well. Most health plans are now more comfortable with the system. The oversight of the various insurance commissioners seems to be working better this year. Rates are being approved. And most things seem to be ready for the coming implementation in the fall. For all practical purposes, the ability to offer a benefit program, publicize the rate in the marketplace, purchase it, enroll and make use of the benefits as needed seems to be working well. This is not a major improvement, just a catching up to what had been done before, outside this new marketplace. Yes, the plans are standardized (the metallic levels), and the rates are consistently made (through a combination of oversight and standard ACA age factors), which improve the marketplace and minimize some adverse selection. But for the most part this is just doing business a new way. So, have there be any improvements? Are more people covered? Have inflationary trends gone down? Has coverage become more affordable? The results so far are preliminary, hard to measure and somewhat variable from one market to another. However, based on my experience with carriers and health plans across the country, I have the following observations:

• 2015 rate increases will likely be less than in prior years is many markets;  this is less the result of reductions in underlying healthcare trends and more the result of the lack of any major change in the underlying marketplace.  Moving from a situation of being able to underwrite new members to one where no medical information can be used resulted in many carriers being conservative in their pricing for 2014. Because 2015 is merely an update from the prior year, the actual changes were less. One of the exceptions will be carriers who are phasing in the impact of ending the ACA catastrophic reinsurance program in 2017. I expect that most rate increases in most markets will be less than 10%.
• Pharmacy costs are increasing much more rapidly than previously anticipated. The introduction of Sovaldi for Hep-C patients has significantly affected those programs covering Hep-C patients. Although Sovaldi essentially provides a cure for Hep-C, the treatment cost for patients is about $90,000 over three months and is expected to increase to at least $120,000 as the updated combo drug is introduced later this year. This highly effective, yet costly, drug is one of many hitting the market that are driving up costs. This drug has nothing to do with ACA implementation but will be included in the assessment of ACA effectiveness because it was introduced post-ACA.
• The rolling of some Medicaid beneficiaries into the exchanges and the expansion of Medicaid in many states is having a significant impact for carriers operating in those markets. In one particular market, these changes are leading to severe financial challenges for carriers assuming the financial risk of these members in the exchange and in the managed care Medicaid program offered side by side to the ACA exchange.  Apparent underfunding by the state and much higher-than-expected utilization and costs are leading to serious financial issues. These issues appear to be replicated in many markets nationally.
• The 3Rs (i.e., risk adjustor, risk corridor and reinsurance mechanisms) have yet to be included in financial results of health plans and carriers. Health plans are having to incorporate adjustments into this year’s financial results yet do not really know what the final adjustments will be. Some will have to establish premium deficiency reserves, others accruals for subsidies from ACA or payouts to ACA, adding much uncertainty to their operations. Boards are going to be less aware of financial results than in the past. Audits are going to be harder to complete and audit adjustments more common.
• Underlying inflationary trends do not appear to be lowering as a result of ACA. Unit cost increases appear to be as fast as before, and in some markets more rapid. There is increasing pressure from providers as health plans attempt to negotiate controlled or reduced rates. Health plans are pursuing narrower networks to get the deals they desire, with public pressure to continue to keep maximum choice. The conflict of health plan objectives of controlling costs and consumer pressure to maintain no restrictions is leading to increased costs. Logically, one would assume that there is a point where the consumer might be willing to utilize a more restrictive network at a lower price, but the general reaction is that we aren’t yet at that point. Even though we are experiencing the highest costs on the planet, the average consumer still desires unlimited choice.  These same consumers complain about cost but are not willing to make personal changes to help reduce those costs.
• The numbers of individuals without health plan coverage has reduced slightly but has not yet approached targeted levels. We have not yet achieved coverage for all. In fact, we are not yet on a path to accomplish this.

The bottom line:

• We have made some progress to bring healthcare to the table for discussion.
• We have re-arranged many of the insurance and health plan chairs on the Titanic-like health care system. We have avoided some icebergs this year, but it is not yet clear that we have clear sailing.
• The system is still subject to significant cost factors that are hard to control (such as Sovaldi), anticipate and plan for. These “icebergs” will continue in the future.
• The environment that our health plans are operating in is financially risky for them and will require high levels of cooperation with government oversight bodies (i.e., Medicaid departments, CMS and insurance departments).
• Although rate increases may be tempered somewhat this coming year, there is little evidence of any long-term tempering or reduction in underlying health carecosts or bending of the trend. Many attempts by the carriers (e.g., narrow networks) are not receiving adequate acceptance by the public and regulators.

ACA is a work in progress. It has introduced some hope but has yet to produce the results hoped for.

Losses from Sunday’s 6.0-magnitude earthquake near Napa, the largest in California in 25 years, seriously damaged more than 170 structures and injured more than 200 people. Overall earthquake-related losses are expected to exceed $1 billion. Many unreinforced masonry buildings risk being declared a total loss. But even retrofitting doesn’t always ensure earthquake immunity. The charming 1901 stone Goodman Library in downtown Napa was seismically retrofitted at a cost of $1.7 million a few years ago, yet the top of the building toppled over in the earthquake. A nearby historic brick building was retrofitted for $1.2 million after a 2000 Napa earthquake, and it was red-tagged Monday with serious damage, as well. Unfortunately, the repair and rebuilding costs will be the next jolt that rocks the budgets of businesses and homeowners. It’s estimated that less than 12% of homeowners in California have earthquake coverage – a figure that was as high as 22% last year, according to the California Earthquake Authority. CEA underwrites more than 800,000 policies representing 70% of the homeowner earthquake insurance in the state. California has two-thirds of the nation’s earthquake risk, with 2,000 known faults producing 37,000 measurable earthquakes a year. Besides California, the U.S. Geological Survey maps show major earthquake risks in nearly half the U.S. In 1994, after a 6.7-magnitude earthquake hit the Northridge area of Southern California, 93% of homeowner insurance companies restricted or refused to write earthquake insurance policies. In response, the California legislature established the California Earthquake Authority (CEA) in 1995 to provide a reduced-coverage (“no-frills”) earthquake policy for homeowners in the state -- things like swimming pools, decks and detached structures are not included. Insurance carriers in California can offer their own earthquake coverage or be a participating member of the CEA, which made the CEA one of the largest providers of residential earthquake coverage in the world. Currently, 21 major insurance carriers participate in CEA, and its assets total nearly $10 billion. Its A.M. Best rating is A- (excellent). CEA policies are available to homeowners and renters, including for mobile homes and condominiums, if their primary homeowners’ coverage is with one of the CEA insurers. Keep in mind that many condominium communities have common ownership, which means that the condo owners could have joint and several liability for repairs after an earthquake. CEA reports that it uses 83% of the premiums it collects for claims or reinsurance, 14% for broker commissions and 3% for operations/overhead. The likelihood that state or federal disaster relief may be available is a risky proposition for home or business owners. The president needs to declare a disaster before the Federal Emergency Management Agency (FEMA) can grant any limited assistance. States surplus funds for relief, on the other hand, are simply non-existent. So why are people buying less earthquake coverage when the hazards of a potential devastating earthquake are growing? Unlike other natural disasters like hurricanes, tornadoes, and wildfires that are usually covered under homeowners’ insurance policies, earthquake coverage is a separate insurance policy with a deductible of 10% or 15% of the structure’s estimated replacement cost. The average earthquake policy in California in 2013 cost $676 a year, according to the California Department of Insurance. The current average cost of a home in California, according to Zillow, is $429,000. Even with a minimum 10% deductible, a homeowner would be out of pocket $42,900 before earthquake insurance coverage kicks in. Business properties suffer a much larger risk factor considering the additional exposure of damaged inventory, a red-tagged (unusable) building risk and loss of use and income. In contrast, flood insurance is available in most of the country with a $1,000 building and $1,000 contents deductible as part of the property coverage. The Insurance Information Institute reports that the average flood damage claim in 2013 was $26,165 for the 13% of U.S. homeowners who buy the additional flood coverage – sometimes as a condition to their mortgage, if they are located in a flood zone. Low-frequency, high-severity risks like earthquakes represent a bet that few home or business owners can afford to lose. Unfortunately, Californians, who own the nation’s highest-valued properties, also have the most money on the table when the next big shake comes.

Many drivers are angry. They only drive a little but don't save a lot on their auto insurance. When customers get angry, they start to shop. And when low-mile customers start to shop, they will soon find companies offering new, risk-based policies that reward them with low prices in return for their smaller exposure to claims. That shift will take an awful lot of profitable business away from their current insurance companies. By my count, the total could be $22 billion a year in premiums. The math goes like this: About 25% of vehicles are driven less than 6,000 miles a year -- about half the 12,000 to 13,000 miles that are assumed as the default when insurers calculate premiums. Roughly 30% of vehicles may be considered "low milers," at less than 8,000 miles a year. If the owners of these cars earned the sort of discount they deserve, (an average of about 30%) then at scale close to $22 billion in premiums would evaporate if nothing else happened. The premiums won't disappear right away. For now, California is the only state that mandates the use of mileage in setting premiums. Most companies doing business there use a hodgepodge of miles bands and a tinkling of rate adjustments from low miles to higher miles. The most sophisticated insurer uses dozens of bands with a 500-mile increment. Premium discounts go as low as 50%, with a roughly 2% incline from 500 to 25,000 miles. But the trend toward usage-based pricing has to pick up steam, both because it's possible to measure miles driven very precisely and because so many people are overpaying. Practically every retiree in America drives less than when she worked. If you go out and look for a used car (use Google -- save some gas), you can find many a 15-year-old car with less than 75,000 miles, or five-year-old cars with less than 30,000 miles. Even if an owner of one of those 15-year-old cars received a 30% discount for low miles, he paid for 15 years and only used 10 years' worth of insurance. There are sure to be many counterpoints to the simple argument being made here, but all of the readers who are honest know someone who does not drive much, but who pays the full default rate like everyone else. Let the shopping and savings begin.

Business owners often complain about workers' compensation, and this story from Oregon highlights exactly why. A tree trimming and landscape maintenance business was started by Robert and Jannai Cornett in 1998 with a pickup truck, "a chainsaw and a rake, a little blood and a lot of sweat." R&R Tree Service grew to a 30-employee company with trucks, equipment and an office. At some point, the company switched from a private workers' compensation carrier to SAIF, Oregon's state fund. The company had a program by which volunteers would come out and collect the wood from trees that R&R had cut down to give to the needy for firewood. As in many things in life, trying to do good just results in trouble -- SAIF smelled "underreporting" of payroll. The volunteer program had started long ago, and R&R's prior carrier had no issues with it, but SAIF conducted multiple audits of payroll records from 2007 until 2011. Robert Cornett had kept a daily log of employee hours based on oral reports from each crew at the end of each work day. For each job, Robert would record the person or business being billed, the crew members assigned to the job, the number of hours worked per crew member and whether the work performed was "above ground" or with "boots on the ground." He made this division because SAIF had assigned two risk classification codes to R&R for its non-office and sales staff. Workers doing tree and shrub pruning above ground level were assigned code 0106. Workers doing lawn maintenance performed from the ground level were assigned code 9102. The above-ground (AG) and below-ground (BG) designations were then input into the payroll records on a weekly basis - but there were no other "verifiable" payroll records to support this input. SAIF didn't have an issue with this system during four audits between 2002 and 2007. In fact, one auditor even said R&R had "an excellent system of tracking work and time." But later SAIF assigned a particularly aggressive auditor to review the company's records for years 2007 and 2008, and he took issue with the payroll-tracking methodology. That auditor found R&R's records did not meet the requirements for verifiable records under OAR 836-042-0060. Under OAR 836-042-0060(4), payroll records are "verifiable" if they establish the time worked and duties performed by each employee, and if they are supported by original entries from other records, including time cards, calendars, planners or daily logs prepared by the employee or the employee's direct supervisor or manager. Based on the auditor's findings, SAIF assigned the entire payroll to the highest-rated classification. For the year audited, 2007-2008, this raised the company's premium by more than $67,000. The company objected, and of course this incited further auditing, ultimately resulting in a claim by SAIF of more than $386,000 in additional premiums. R&R went through all of the appellate procedures for contesting the additional assessments and lost all of them all the way to a state appellate court. According to WorkCompCentral's news report on the story, R & R likely will close its doors and terminate all of its employees, putting 30 people on the unemployment rolls. And that's a shame. Sure, some of us up in the ivory tower of workers' compensation insurance compliance will say, "That's the law," or "They should have hired an expert to help" or "Where was their broker in all of this?" Those questions are beside the point. Here we have a well-intentioned, seemingly compliant business taking care of people, putting value into the economy for 15 years, and they're taken out by The System. What's wrong with the picture is that what should be a cooperative relationship turned adversarial. I'm sure SAIF has its own position on the matter, but all officials said to WorkCompCentral was that they were "pleased with the ruling" and the court of appeals' determination that "SAIF followed the correct process and acted appropriately in determining the policyholder's premium." Maybe SAIF was legally correct, and its auditors and employees were doing their jobs. But maybe at some point a senior executive could step in and see the PR mess this kind of case creates and figure out a compromise, and then media relations could proclaim the carrier's great willingness to help small business comply. Instead, as with most large corporate bureaucracies, nobody really cares -- if a customer goes out of business, there will be plenty more in the pipeline to collect premium from.

Funny: If you ask a doctor if she's overpaid, you'll get a long-winded answer largely around an emphatic "no." The real answer is a much more nuanced "yes" -- and is summarized every year in this one chart: The why of this chart isn't some big mystery. I've written about it very directly here: Med Student Gives Sober Assessment of Future With $500K in Student Debt. Healthcare training takes an incredible amount of time and money, so those who survive as freshly minted docs have a huge debt -- roughly equivalent to a nice home mortgage. Oh, and unlike all other types of financial debt, student debt is not dischargeable through bankruptcy, so it's lifelong until satisfied. None of this is a mystery to U.S. med students. They are exceedingly bright (by necessity) and start planning their career trajectories fairly early. A key component to that planning is the amount of debt they'll have when they graduate -- and the number of remaining years they'll have as high wage earners. The math leads directly to the above graph. If you have a choice at graduation of being a family practitioner or internist (with long, grueling hours, inside exam rooms all day) for $15,000 a month -- or the cushy job of being a radiologist (reading images remotely for eight hours a day) for $30,000 a month -- where's the choice? It's not a choice. It's a no-brainer (for most), which is why we have a severe shortage at all the specialties on the right side of the graph. That's the U.S. (and why our system is dysfunctional from the start). The system we have is optimized around revenue and profits, not safety and quality. France, by contrast, has a different view and (not surprisingly) better health outcomes and cost. France's view is that medical training is an "infrastructure" cost, and the best way to accommodate that is to have med students graduate with $0 debt. Now, in fairness, doctors in France don't have the opportunity at a lavish wage of $400,000 to $500,000 a year (or more), but the French also don't have a shortage of primary care docs. We do -- and it's also a contributing factor to why our system is now a global embarrassment and perpetual national crisis - as represented by this one chart:

The “Internet of Things” is here. According to Cisco, sometime during 2008, the number of things connected to the Internet exceeded the number of people.  Cows, corn, cars, fish, medical devices, appliances, power meters — practically  any item imaginable has been or can be connected. Eventually, we will be able to, for instance,  “sync” an entire home so that its heating system is programmed to adjust to  weather patterns and inhabitants’ activities. Businesses ranging from small start-ups to long-standing conglomerates  are now embedding adaptive “smart” technologies into even mundane products, including  window shades, light bulbs and door locks. While Internet of Things (IOT) devices create obvious value, they also expand risk. In effect, we are creating an  “infrastructure for surveillance” that constantly generates critical, sometimes exceptionally  private, data transmitted for use on servers perhaps thousands of miles away. If an IOT device malfunctions, or if data or software is compromised or lost, individuals and  businesses may suffer devastating losses. Dosages of critical medication might be missed, for instance, or needed medical treatments omitted. In fact, the risks posed by IOT have already attracted the attention of regulatory authorities. The U.S. Food and Drug Administration has surveyed the industry and decided to update its guidance on cybersecurity for IOT medical devices, and the Federal Trade Commission has held a symposium addressing IOT issues. As use of these products continues to expand, such risks will be realized, and manufacturers will look to their insurers for defense and indemnity protection. Coverage for product liability is typically provided under liability policies, which can be written on an occurrence or claims-made basis. Liability of the manufacturer of a malfunctioning fire alarm that fails to alert homeowners of a fire should be covered under such policies, as should bodily injuries or property damage caused by other defective products, including products that are part of the IOT. Injuries from such products may result not only from a device’s failure to work but also from a network’s failure to provide communications as needed. These failures, as well as the more traditional product failures, should continue to be covered if insurance is to continue to serve its function and transfer financial risk. Liability policies generally define the product risk to include all bodily injury and property damage occurring away from premises you own or rent and arising out of your product or your work except:

1. products that are still in your physical possession; or
2. work that has not yet been completed or abandoned.

The policies define “your products” to be any property (other than real property) manufactured,  sold, handled, distributed or disposed of by the insured and to include warranties or representations made at any time with respect to the fitness, quality durability, performance or use of your product; and the providing of or failure to provide warnings or instructions. Liabilities for malfunctions of IOT products appear to fit squarely within this definition. There are, however, some complications that insurers might put forward were they interested in denying coverage, and policyholders will need to examine their insurance to avoid the uncertainty and cost of litigation. Coverage for IOT risk is complicated by the fact that the devices add value and efficiency by communicating with each other and distant servers on which data is stored and algorithms run. Indeed, this interoperability is the critical and promoted feature of IOT products. To see how this can complicate the coverage question, let us take a concrete example. Let us imagine a refrigerator — the eFridge — that communicates data concerning the products it holds. When combined with complementary devices — called eShelves — it is able to keep track of all food in the kitchen. The refrigerator also keeps track of its states, including its internal temperature, and transmits its state data and food stocked to a server maintained by smartKitchens at a distant location. On this server, the data is stored and analyzed by an algorithm designed by smartKitchens’ software engineers. The algorithm, based upon eFridge state data and data on stocked food, generates recommended recipes for the week so that all food is used before it spoils. The recommendations sent from the server to the eFridge appear on a screen on the refrigerator’s front door. There are two Internet transport protocols, TCP and UDP. The latter is often used when broadcasting within a network is needed (as it is so that the eShelves can be configured) and can be cheaper to implement, but it is also less reliable because communicating devices receive no notice when UDP datagrams — the electronic containers of transmitted data — are lost or dropped. The eFridge is designed to use UDP, and the software engineers have developed their algorithm to deal with the problem of dropped datagrams as follows: Rather than generating a warning that there is incomplete information, the algorithm assumes that the refrigerator’s state is consistent with the average state maintained over the prior two weeks. This is done to avoid multiple appearances of “error” messages on the eFridge door/screen and to increase customer satisfaction. Now imagine that one week the server fails to receive datagrams regarding the state of the refrigerator on Monday, during which for some unknown reason the temperature inside the refrigerator exceeded room temperature. Unfortunately, as of Monday, the refrigerator contained a pound of mussels, which as a result of the temperature change are spoiled. Data concerning this temperature increase were not received by the server, and therefore the algorithm, having been designed to assume that the temperature was maintained at its average, recommends a recipe for Wednesday of mussels provençale. The consumer sustains a very serious case of food poisoning and seeks compensation from smartKitchens, which demands coverage from its insurer. Is smartKitchens covered? The event appears to be squarely within the sort of product liability coverage that product manufacturers and distributors expect. There is a product away from the insured’s premises that made a “defective” recommendation and caused bodily injury. As such, there should be coverage. But an aggressive insurer could construct an argument to the contrary. It might contend that the injury was caused by the algorithm, not the refrigerator. Insurers might contend that the algorithm constitutes “work that has not been completed or abandoned,” because the engineers have the ability to change the algorithm to address the possibility of spoiled mussels, and that therefore the risk is not within the product’s coverage. Such an argument should ultimately fail. The fact that smartKitchens’ software engineers can update the algorithm does not mean that they have "not completed or abandoned” it for purposes of the insurance policy. Moreover, liability policies generally provide that “work which requires further … correction … because of defect or deficiency, but which is otherwise complete, shall be deemed completed.” In fact, here, smartKitchens let the algorithm run as it was designed to, and it did so. Nonetheless, although the insured should eventually obtain the benefit of coverage, that could very well be only after protracted and expensive litigation, reducing the value of the insurance purchased. There is another argument as well that the insurer might make. Since about 2003, liability policies have generally included an exclusion — exclusion p, on the Insurance Services Office Inc. form — barring coverage for damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access or inability to manipulate electronic data. As used in this exclusion, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROM[s], tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment. An insurer might contend that the problem was created, not by the eFridge, but by the loss of electronic data, when the packets were dropped. The insurer might use this argument to contend that coverage is barred. Again, the insured should prevail were the insurer to make such an argument. The algorithm functioned as it was designed. It did not fail to process data, but processed data exactly as intended. It was merely responding as designed to an unfortunate consequence of the decision to implement the UDP protocol. But here, too, the insured is likely to find itself in an expensive coverage dispute, depriving the insured of the value of the insurance purchased. As always, new technologies create new risks, and new risks create the possibility of coverage disputes. These disputes should be resolved in the insured’s favor, as it is the responsibility of an insurer to draft policy language to clearly and unequivocally exclude risks. This rule has special force where, as in our example, there is an expectation that liability for products would be covered. It should, in other words, be the responsibility of underwriters to understand the products they insure and clearly state if they do not desire to cover an attendant risk. Nonetheless, as the use of IOT devices continues and expands, the past has taught that we can expect to see risks expand and insurers attempt to restrict coverage.