Tag Archives: bodily injury

What Coverage Does a Consultancy Need?

Insuring a consulting firm can pose a challenge. Many professionals start a firm today out of necessity — creating their own employment. You take years of expertise and open a consultancy, often out of your home or in an office suite. This means a tight budget.

Insurance is one of the areas where entrepreneurs may try to cut costs, but, to protect your business, you need to have your insurance agent evaluate all the exposures you face and offer solid coverage solutions.

What does the professional liability policy cover?

The consultant and its employees provide a service or offer advice, but what if it is faulty? Any professional consultant needs professional liability coverage, also called errors and omissions.

The professional liability policy may be worded as follows:

“The company will pay on behalf of the insured any loss excess of the deductible not exceeding the limit of liability to which this coverage applies that the insured becomes legally obligated to pay because of claims made against the insured during the policy period for wrongful acts of an insured or because of personal injury arising out of wrongful acts of an insured.”

In addition, the policy may say, “Coverage for allegations of bodily injury, sickness, disease, or death of any person, or damage to or destruction of any tangible property, including the loss of use….”‘

This wording shows the limited scope of the professional liability policy. The intent is to cover only negligent professional or “wrongful” acts. The policy also provides limited protection for personal injury, such as libel or slander, committed by the insured against a third party.

What does the commercial general liability (CGL) policy cover?

The CGL covers bodily injury to a person or damage to the property of others caused by a firm’s negligence. As courts have ruled repeatedly, the CGL policy is not a performance bond. A CGL policy is not intended to cover the quality of a company’s advice or service. This helps constrain the contractor from low-bidding a job, performing poorly and then relying on the insurance carrier to cover that risk.

Look first at CGL policy language under the insuring agreement, the heart of the policy:

“We will pay those sums that the insured becomes legally obligated to pay as compensatory damages because of ‘bodily injury’ or ‘property damage’ to which this insurance applies.”

Here are a few of the exposures covered under the CGL:

  • Premises and operations liability for persons injured or items damaged while on your business premises or because of your business operations.
  • Additional insured coverage when you sign certain written contracts or agreements such as leases.
  • Tenant’s liability in the event the business operations, for example, accidentally start a fire in rented premises.
  • Host liquor liability if you are not in the liquor business.
  • Defense for covered claims.
  • Bonds and court courts associated with a claim.
  • Limited financial remuneration when assisting your carrier in the defense of a claim.

In addition to bodily injury and property damage, the CGL covers personal injury liability, including libel and slander, as well as advertising injury. The CGL offers consultancies broad coverage and peace of mind. You can run your business knowing that help is available in the event of a broad range of losses.

Althought there is a great deal of uniformity between professional liability forms and commercial general liability forms, all carriers use a variety of forms. Coverage can vary widely from one insurance carrier to another, so an agent should be able to help you determine the coverage differences and help you make a strong choice to protect your growing consultancy.

What are some CGL exclusions?

There are many exclusions under the CGL, and to understand each one is tricky. Forms differ and jurisdictions that hear lawsuits vary greatly. However, here are some general exclusions:

  • Intentional injury — When a business owner acts in self-defense, there is generally coverage. For example, suppose a robber breaks into the darkened firm and brandishes a knife at the owner, who is catnapping. He heaves a computer monitor at the burglar and injures the burglar. Carriers should defend the case unless it appears the insured intended to inflict malicious injury.
  • Care, custody and control of property owned by others — For the consultancy that repairs computers or other equipment, bailee coverage may be necessary.
  • Faulty workmanship.
  • Liability arising from an aircraft, auto or watercraft — If you use any of those conveyances in your business, you’ll require specific coverage to protect your assets. However, if you provide an automobile to an employee who gets in an accident, you may have coverage, depending on the coverage form and the jurisdiction.

While the CGL policy offers the majority of consultancies broad coverage, your agent must evaluate each risk carefully to ensure the CGL adequately protects the consultancy’s unique exposures.

The CGL may still lack scope

As your consultancy grows, the CGL is only part of your coverage solution. The CGL will not cover every exposure you face, especially once you hire employees.

In most states, after you hire either one or a small number of employees, the state mandates workers’ compensation coverage. In addition, employment practices coverage is important in today’s complicated employment arena. There is no coverage under the CGL for most employment exposures like a wrongful termination or a discrimination claim.

Your consultancy may start with only one computer and a printer, but as your firm grows so does its personal property. Don’t forget to insure your personal property, as well.

For firms with even the most trusted employees, crime policies are vital. For example, suppose you hire a bookkeeper to assist with accounting and administrative tasks. Unbeknownst to you, she likes to gamble. Over time, she begins to embezzle funds, and, before you know it, you are short thousands of dollars. Crime coverage is designed to defend and pay these types losses. The Association of Certified Fraud Examiners found that firms with fewer than 100 employees were frequently hit by fraud, accounting for 32% of the incidents they surveyed.

Clearly, the CGL offers broad coverage and peace of mind for any consulting firm, but there are many other risks your business faces that may require specialized coverages. An independent agent can help you sort out the risks.

One easy approach to coverage

If you own a consultancy, you may be confused about your unique coverage needs. The way many agents approach your coverage is to tell every new business owner he or she needs general liability coverage. Then they review the consultancy’s business operations to determine what additional coverage, such as professional liability, employment practices or workers’ compensation are required.

Because most consultants have auto insurance, to some extent you understand liability coverage. The CGL is more complicated, but the general principles of coverage for bodily injury and property damage are similar to the auto policy. For the new consultant, this comparison may be a good starting point to help you understand your company’s need for general liability coverage.

In today’s complex business environment, no consultancy should go without two types of coverage — professional and general liability — at a minimum. An experienced independent agent can help you ensure your business thrives and prospers in the coming years.

 

Another Reason to Consider Cyber Insurance

Here a breach, there a breach, everywhere a data breach.

Verizon’s most recent 2013 Data Breach Investigations Report remarks that “[p]erhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage” this year.1 And no organization is immune from a breach. The last two years have seen some of the world’s most sophisticated corporate giants fall victim to some of the largest data breaches in history. It is clear that cyber attacks — including data breaches — are on the rise with unprecedented frequency, sophistication and scale. They are pervasive across industries and geographical boundaries. And they represent “an ever-increasing threat.”2 The problem of cyber risks is exacerbated, not only by increasingly sophisticated cyber criminals and evolving malware, but also by the trend in outsourcing of data handling, processing and storage to third-party vendors, including “cloud” providers, and by the simple reality of the modern business world, which is full of portable devices such as cellphones, laptops, iPads, USB drives, jump drives, media cards, tablets and other devices that may facilitate the loss of sensitive information.

While data breaches and other types of cyber risks are increasing, laws and regulations governing data security and privacy are proliferating. In its most recent 2013 Cost of Data Breach Study, the Ponemon Institute reports that U.S. organizations spend on average $565,020 on post-breach notification alone.3 Companies may also face lawsuits seeking damages for invasion of privacy, as well as governmental and regulatory investigations, fines and penalties, damage to brand and reputation and other negative repercussions from a data breach, including those resulting from breaches of Payment Card Industry Data Security Standards. The Ponemon Institute’s recent study reports that the average organizational cost of a data breach in 2012 was $188 per record for U.S. organizations ($277 in the case of malicious attacks) and that the average number of breached records was 28,765, for a total of $5.4 milion.4 The study does not “include organizations that had data breaches in excess of 100,000” records,5 although large-scale breaches clearly are on the rise. In the face of these daunting facts and figures, it is abundantly clear that network security alone cannot entirely address the issue; no firewall is unbreachable, no security system impenetrable.

Insurance can play a vital role in a company’s efforts to mitigate cyber risk. This fact has the attention of the Securities and Exchange Commission. In the wake of “more frequent and severe cyber incidents,” the SEC’s Division of Corporation Finance has issued guidance on cybersecurity disclosures under the federal securities laws. The guidance advises that companies “should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and that “appropriate disclosures may include” a “[d]escription of relevant insurance coverage.”6

While some companies carry policies that are specifically designed to afford coverage for cyber risk, most companies have various forms of traditional insurance that may cover cyber risks, including Insurance Services Office (ISO)7 standard-form commercial general liability (CGL) policies. There may be significant coverage under CGL policies, including for data breaches that result in disclosure of personally identifiable information (commonly termed “PII”) and other claims alleging violation of a right to privacy. For example, there is significant potential coverage under the “Personal and Advertising Injury Liability” coverage section (Coverage B) of the standard-form ISO CGL policy, which currently states that the insurer “will pay those sums that the insured becomes legally obligated to pay as damages because of ‘personal and advertising injury.’”8 “Personal and advertising injury” is defined to include a list of specifically enumerated offenses, which include “[o]ral or written publication, in any manner, of material that violates a person’s right of privacy.”9 Coverage disputes generally focus on whether there has been a “publication” that violates the claimant’s “right of privacy”—both terms are left undefined in standard-form ISO policies, and courts generally have construed the language favorably to insureds and have found coverage for a wide variety of claims alleging misuse of customer information and breach of privacy laws and regulations.10 There may also be coverage under the “Bodily Injury and Property Damage” section of the standard CGL form (Coverage A), which states that the insurer “will pay those sums that the insured becomes legally obligated to pay as damages because of ‘bodily injury’” that “occurs during the policy period.”11

As courts have found coverage for various types of cyber risks, however, ISO has added limitations and exclusions purporting to cut off CGL lines of coverage. For example, in response to a number of cases upholding coverage for breach of the Telephone Consumer Protection Act, the Fair Credit Reporting Act and other privacy laws, the current ISO standard form contains the following exclusion, which is applicable to both Coverage A and Coverage B:

This insurance does not apply to:

Recording And Distribution Of Material Or Information In Violation Of Law

“Personal and advertising injury” arising directly or indirectly out of any action or omission that violates or is alleged to violate:

  1. The Telephone Consumer Protection Act (TCPA), including any amendment of or addition to such law;
  2. The CAN-SPAM Act of 2003, including any amendment of or addition to such law;
  3. The Fair Credit Reporting Act (FCRA), and any amendment of or addition to such law, including the Fair and Accurate Credit Transactions Act (FACTA); or
  4. Any federal, state or local statute, ordinance or regulation, other than the TCPA, CAN-SPAM Act of 2003 or FCRA and their amendments and additions, that addresses, prohibits or limits the printing, dissemination, disposal, collecting, recording, sending, transmitting, communicating or distribution of material or information.12

Insurers have raised this exclusion, among others, in recent privacy-breach cases.13

More sweepingly, as part of its April 2013 revisions to the CGL policy forms, ISO introduced an endorsement, titled “Amendment Of Personal And Advertising Injury Definition,” which entirely eliminates the key “offense” of “[o]ral or written publication, in any manner, of material that violates a person’s right of privacy” (found at Paragraph 14.e of the Definitions section of Coverage B):

With respect to Coverage B Personal And Advertising Injury Liability, Paragraph 14.e. of the Definitions section does not apply.14

And the latest: ISO has just filed a number of data-breach exclusionary endorsements for use with its standard-form primary, excess and umbrella CGL policies. These are to become effective in May 2014. By way of example, one of the endorsements, titled “Exclusion – Access Or Disclosure Of Confidential Or Personal Information And Data-Related Liability – Limited Bodily Injury Exception Not Included,” adds the following exclusion to Coverage A:

This insurance does not apply to:

Access Or Disclosure Of Confidential Or Personal Information And Data-related Liability

Damages arising out of:

(1) Any access to or disclosure of any person's or organization's confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information; or

(2) The loss of, loss of use of, damage to, corruption of, inability to access or inability to manipulate electronic data.

This exclusion applies even if damages are claimed for notification costs, credit-monitoring expenses, forensic expenses, public relations expenses or any other loss, cost or expense incurred by you or others arising out of that which is described in Paragraph (1) or (2) above.15

The endorsement also adds the following exclusion to Coverage B: This insurance does not apply to:

Access Or Disclosure Of Confidential Or Personal Information

“Personal and advertising injury” arising out of any access to or disclosure of any person’s or organization's confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit-card information, health information or any other type of nonpublic information.

This exclusion applies even if damages are claimed for notification costs, credit-monitoring expenses, forensic expenses, public relations expenses or any other loss, cost or expense incurred by you or others arising out of any access to or disclosure of any person's or organization's confidential or personal information.16

ISO states that “when this endorsement is attached, it will result in a reduction of coverage due to the deletion of an exception with respect to damages because of bodily injury arising out of loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data” and that “[t]o the extent that any access or disclosure of confidential or personal information results in an oral or written publication that violates a person's right of privacy, this revision may be considered a reduction in personal and advertising injury coverage.”17 While acknowledging that coverage for data breaches is currently available under its standard forms, ISO explains that “[a]t the time the ISO CGL and [umbrella] policies were developed, certain hacking activities or data breaches were not prevalent and, therefore, coverages related to the access to or disclosure of personal or confidential information and associated with such events were not necessarily contemplated under the policy.”18 The scope of this exclusion ultimately will be determined by judicial review.

Although it may take some time for the new (or similar) exclusions to make their way into general liability policies, and the full reach of the exclusions remains unclear, they provide another reason for companies to carefully consider specialty cyber insurance products. Even where insurance policies do not contain the newer limitations or exclusions, insurers may argue that cyber risks are not covered under traditional policies. The legal dispute between Sony and its insurers concerning the PlayStation Network data breach highlights the challenges that companies can face in getting insurance companies to cover losses arising from cyber risks under CGL policies. Sony argues that there is data breach coverage because “[t]he MDL Amended Complaint… alleges that plaintiffs suffered the ‘loss of privacy’ as the result of the improper disclosure of their ‘Personal Information’ [which] has been held to constitute ‘material that violates a person’s right of privacy’.”19 However, the insurers seek a declaration that there is no coverage under the CGL policies at issue, among other reasons, on the basis that the underlying lawsuits “do not assert claims for … ‘personal and advertising injury’.”20 The Sony coverage suit does not represent the first time that insurers have refused to voluntarily pay claims resulting from a network security breach or other cyber-related liability under CGL policies. Nor will it be the last. Even where there is a good claim for coverage, insurers can be expected to continue to argue that cyber risks are not covered under CGL or other traditional policies.

As far as data breaches are concerned, cyber policies usually provide some form of “privacy” coverage. This coverage would typically provide defense and indemnity coverage for claims arising out of a data breach that actually or potentially compromises PII. By way of example, the AIG Specialty Risk Protector specimen policy21 states that the insurer will “pay … all Loss” that the “Insured is legally obligated to pay resulting from a Claim alleging … a Privacy Event.” “Privacy Event”22 includes:

  1. any failure to protect Confidential Information (whether by “phishing,” other social engineering technique or otherwise) including, without limitation, that which results in an identity theft or other wrongful emulation of the identity of an individual or corporation;
  2. failure to disclose an event referenced in Sub-paragraph (1) above in violation of any Security Breach Notice Law; or
  3. violation of any federal, state, foreign or local privacy statute alleged in connection with a Claim for compensatory damages, judgments, settlements, pre-judgment and post-judgment interest from Sub-paragraphs (1) or (2) above.23

“Confidential Information” is defined as follows:

“Confidential Information” means any of the following in a Company’s or Information Holder’s care, custody and control or for which a Company or Information Holder is legally responsible:

  1. information from which an individual may be uniquely and reliably identified or contacted, including, without limitation, an individual’s name, address, telephone number, Social Security number, account relationships, account numbers, account balances, account histories and passwords;
  2. information concerning an individual that would be considered “nonpublic personal information” within the meaning of Title V of the Gramm-Leach Bliley Act of 1999 (Public Law 106-102, 113 Stat. 1338) (as amended) and its implementing regulations;
  3. information concerning an individual that would be considered “protected health information” within Health Insurance Portability and Accountability Act of 1996 (as amended) and its implementing regulations;
  4. information used for authenticating customers for normal business transactions;
  5. any third party’s trade secrets, data, designs, interpretations, forecasts, formulas, methods, practices, processes, records, reports or other item of information that is not available to the general public[.] 

There are numerous specialty cyber products on the market that generally respond to data breaches. A policy offering the privacy coverage will often offer coverage for civil, administrative and regulatory investigations, fines and penalties and, importantly, will commonly offer “remediation coverage” (sometimes termed “crisis management” or “notification” coverage) to address costs associated with a security breach, including:

•     costs associated with post-data breach notification

•     credit-monitoring services

•     forensic investigation to determine cause and scope of a breach

•     public relations efforts and other “crisis management” expenses

  • legal services to determine an insured’s indemnification rights where a third party’s error or omission has caused the problem.

Cyber insurance policies offer other types coverages, as well, including media liability coverage (for claims for alleging, for example, infringement of copyright and other intellectual property rights and misappropriation of ideas or media content), first party property and network interruption coverage, and cyber extortion coverage. The cyber policies can be extremely valuable. But selecting and negotiating the right cyber insurance product presents a real and significant challenge. There is a dizzying array of cyber products on the marketplace, each with their own insurer-drafted terms and conditions, which vary dramatically from insurer to insurer—even from policy to policy underwritten by the same insurer. Because of the nature of the product and the risks that it is intended to cover, successful placement requires the involvement and input, not only of a capable risk management department and a knowledgeable insurance broker, but also of in-house legal counsel and IT professionals, resources and compliance personnel—and experienced insurance coverage counsel.

Logistics Management Errors & Omissions

Within the warehousing industry, a business owner might find themselves offering services to their clients that are not usually covered under the warehouse policy or the general liability policy. Coverage for these services can only be found under a professional liability policy.

A general liability policy usually contains some type of professional liability exclusion. Specifically, the insurance carrier will pay those sums that the insured becomes legally obligated to pay as damages because of “bodily injury or property damage”. Clearly, if there is no bodily injury or property damage but rather an economic loss, this type of loss would not be covered as it does not fall within the coverage definition.

Logistics Management Errors & Omissions Liability Insurance is designed to cover those exposures that fall outside the general liability policy. This policy will pay on behalf of the insured those amounts in excess of the deductible that the insured becomes legally obligated to pay as damages from claims as a result of a wrongful act.

Wrongful act means any actual or alleged act, error or omission in the rendering of or failure to render “Contract Logistics and Supply Chain Management Services.” Services also means those services you are qualified to perform as a Consolidator, Customs Broker, Freight Forwarder or the policy can be endorsed with special wording regarding other services related to supply chain management. Service is further defined in the policy as:

  1. the development and preparation of studies, process analysis, evaluation studies, transportation or routing analysis and re-engineering studies
  2. the design, development, modification, maintenance, licensing, sale, operation or use of logistics or supply chain management algorithims
  3. the design, development, modification, maintenance, coding, integration, licensing, sale or operation of software used in logistics or supply chain management
  4. logistics management
  5. truckload management
  6. shipment management
  7. inventory management
  8. transportation management
  9. records retention and management
  10. vehicle location and tracking
  11. supply chain coordination and management
  12. facilities and warehouse management
  13. data processing and electronic data interchange
  14. computer network access management, administration and support
  15. internet access, connectivity and support
  16. intranet or extranet access, connectivity, management and support
  17. training and supervision, and selection and oversight of vendors, service providers and subcontractors, including carriers, consolidators, brokers, agents and freight forwarders.

The policy does contain some exclusions. These include pollution, operations owned by insured and fines or penalties levied against the insured. There are also some exclusions regarding operations that apply to specific operations such as a freight forwarder.

The policy form is a “claims made” policy. Claims must occur within the period and report no later than 60 days after policy period unless it is agreed upon by the insurance carrier that an extended policy period is agreed upon.

As many warehousing operations are moving into Fourth Party Logistics, the coverage provided under the general liability policy might not be enough to cover all exposures. The Logistics Management Errors and Omissions Liability Policy will provide coverage for most of those gaps that are in the general liability policy.

Hospital Cost Shift

A big decline in both auto accident and severe injury frequency has not produced a corresponding decline in loss costs. The slack has been taken up by inflated soft tissue injury claims fueled by hospital cost shift. Financially savvy hospital administrators and new software that “enhances” billing techniques have overcome claim deterrents so effectively that the industry seems unaware. There is an answer, but the industry may be satisfied with the status quo for now.

A 2008 report by the Insurance Research Council (IRC) provides empirical evidence that since 2000, a significant decrease in auto claim frequency has been mysteriously offset by an equally significant rise in severity, leaving loss costs essentially unchanged. Of particular note, the Insurance Research Council report points to a study by the National Safety Institute showing that improved automobile safety engineering has been lowering the frequency of serious injuries and deaths. This makes the rise in bodily injury and personal injury protection claim severity particularly vexing.

The graph below is taken from the Insurance Research Council report and it depicts the described trends:

Percentage Change in Countrywide Claim Frequency, Claim Severity, and Loss Costs

This paper is the result of research that was aimed at discerning the root causes of the three simultaneous trends and whether their relationships are coincidental or causal.

In summary, the findings were as follows:

  1. The decline in claim frequency was (is) primarily causally related to lower per-capita driving, which in turn is causally related to the combination of a significant rise in gasoline prices coupled with rising unemployment over the same period.
  2. The rise in property damage severity is largely causally related to an increase in vehicle repair and replacement costs that is in turn driven by the efforts to make vehicles safer, such as airbags.
  3. The rise in bodily injury and personal injury protection severity is the result of a significant shift of the total cost of national health cost burden from the government and private health insurers to the Property & Casualty insurance industry.

The Root Cause Of Medical Cost Shifting
The decline in claim frequency and the rise in property damage severity were considered transparent enough not to warrant further elaboration in this article. This turned our focus to unraveling the seemingly mysterious rise in bodily injury and personal injury protection severity, especially in light of the decline in the rate of severe injuries that can be causally related to the property damage severity rise.

Our findings in this regard are a confluence of causally related phenomena as follows:

  • The government has been tightening payment controls and cutting reimbursement rates for medical providers under programs like Medicare and Medicaid.
  • Private health coverage payments to providers have declined as fewer employers provide coverage; for those who do, the deductibles and co-payments have grown considerably.
  • Hospitals and other significant medical entities have responded by appointing financially savvy administrators and implementing electronic medical record systems that have morphed from being efficiently focused to being revenue enhancement driven.
  • These savvy administrators and their new software programs are defeating the government and private software tools designed to vet electronic billing submissions. They accomplish this via “diagnostic upcoding,” a means of reporting an injury or illness as being more severe than in actuality.
  • Though these tactics are aimed primarily at the government and private health plans, they have worked equally well at overcoming Property & Casualty company claim deterrents, driving up the cost of what were once considered small soft-tissue personal injury protection and bodily injury claims.
  • While the tactics are effective against the government and private health insurers, those entities have mitigated their effects by lowering medical procedure reimbursement rates. Because the Property & Casualty industry lacks the means to do the same, it is absorbing an ever increasing share of total national health care costs, a phenomenon referred to as “cost shifting.”

Understanding Diagnostic Upcoding
The rise in bodily injury and personal injury protection severity is the manifestation of the growing cost shift from hospitals and other medical providers that are passing a progressively greater percentage of the total cost of national medical costs to the Property & Casualty industry.

In many ways, this shift is an unintended consequence of a financial stalemate between the government and private health insurers on one side and hospitals and other medical providers on the other. Hospitals and other providers turned increasingly to upcoding to offset the steadily decreasing reimbursements from the government and private health. But the Property & Casualty industry, which accounts for only about 10% of hospital utilization, was subjected to those same programmed upcoding schemes, seemingly without awareness, or at least without taking mitigating actions.

It is evident that something is driving the increase in medical care costs

The following are direct quotes from the IRC (emphasis added):

“We use the following indicators and more: extent of disability, rate of hospitalization, days unable to perform duties. And we see that injuries are not becoming more serious nor have they changed much. But, it is still evident that something is driving the rise in severity. Since injuries do not appear more serious, medical usage and treatment costs are driving the increase in medical care expenses.

“Low reimbursements from public health insurance programs, such as Medicare and Medicaid, have prompted hospitals to shift costs to automobile insurance companies — raising auto injury claim costs. Cost shifting in 2007 resulted in $1.2 billion in excess hospital charges. The full impact of hospital cost shifting, including that occurring in other insurance coverage, is likely much greater.

Medical Coding 101
The medical profession has a well-established regimen of coding to describe both the nature of injuries and illnesses as well as the therapies utilized to treat them. The coding classification that defines the nature of pathology, the diagnosis, is referred to as “ICD-9 codes.” For therapies, the codes are referred to as “CPT and HCPCS codes.”

ICD-9 codes form the basis for CPT and HCPCS codes because the diagnosis precedes the selection and introduction of the appropriate therapy or therapies. So if in the same instance the ICD-9 code indicated a bruised hand but the CPT/HCPCS code reflected a coronary bypass, software programs employed by the government, private health care providers and the Property & Casualty industry can detect the mismatch and prevent the payment.

The government and private health insurers tie their reimbursement rates to the CPT/HCPCS codes. When the therapy code is correct for a particular diagnostic code, the software can discern the appropriate payment amount based on a programmed fee schedule. With such a system, it is easy for the government to institute an across the board fee reduction of 10% or to apply the reduction in a variable way and accurately estimate its aggregate impact.

The Property & Casualty insurance industry is able to follow government fee schedules in some instances (mainly Workers' Compensation) but in most states relies on “usual and customary” charges for auto, the aggregate average of what medical providers bill for each CPT/HCPCS code. There has been significant controversy and litigation related to the sources of the “usual and customary” data.

Overall the government, private health care and the Property & Casualty industry all use software programs to vet medical billing that start by insuring that the CPT/HCPCS coding for each therapy match the ICD-9 diagnostic code and then, checking the amount charged for each therapy against a fee schedule or, for the Property & Casualty industry, the “usual and customary” charge.

From “Patient Centered” to “Profit Center”
The belief that doctors would not falsely inflate a diagnosis, outside of outright fraud, was common at the outset of the electronic vetting system, and with good reason. But the confluence of government fee reductions and the decline of private health care created significant financial duress for hospitals and providers. Something had to give, and turning away the uninsured was not an option, although more and more providers are opting out of Medicare and Medicaid.

That answer came in the form of savvy hospital administrators and slick new software that added efficiency but even more so, drove up revenues. It did so by making certain that the highest legitimate diagnostic code was being selected. It also provided upfront audits to spot instances such as a therapy that overshot the initial diagnosis so that “coding corrections” could be made before the billing process was invoked. Increasingly, such corrective activity was administered by support personnel who lacked medical knowledge and sought only to satisfy the systems requirements.

The Impact Of Diagnostic Upcoding
The medical coding system is logical and it lends itself well to automation, which vastly increases efficiency for everyone. But its cornerstone is the ICD-9 diagnostic code and while expert systems can aid a doctor in making a diagnosis, the ultimate decision (at least for now) still rests with the doctor's judgment.

With enough information, a system could flag potential upcoding in certain instances. Gradually such a system will evolve and become increasingly effective, but for now, expert human intervention is required to decide whether the reported ICD-9 diagnostic code is reasonable in light of numerous data points derived from a forensic examination of the mechanism of injury.

This chart reflects a huge shift in ICD-9 supported CPT coding from 2002 to 2008:

Increase in Emergency Department E/M Billing Levels

Most Doctors Are Victims Not Perpetrators
It should be noted that hospitals and other providers were likely losing legitimate revenues by not paying sufficient attention to billing practices in the past. Therefore, some of the change in the above chart is likely justified. But like a pendulum that may have swung too far in one direction in the past, there is ample evidence of over-compensation on its way back.

A Few Recent Headlines

4-18-2011: CtW Investment Group Calls for Board Accountability

7-21-2011: Prime Healthcare Accused of Medicare Fraud

8-31-2011: Alleged Fraud Uncovered During EMR Training

9-12-2011: Dallas Hospitals To Pay $1.4M, Settle Upcoding Investigation

9-21-2011: Doctors Protest CEO at Knapp Medical Center

This is not meant to suggest that all hospitals and providers, or even the majority, cross the line, but a systemic change has occurred and one manifestation is the alarmingly frequent allegations of billing related maleficence.

Examples Of Recent Articles From Hospital Industry Publications:

Examples Of Recent Articles From Hospital Industry Publications

The Property & Casualty Industry Response
Had cost shifting not occurred in parallel with the significant decline in accident frequency, loss costs would have dropped and companies would have utilized the capital windfall to lower their prices and gain market share. That would have led to a significant decline in premiums accompanied by expense reductions significant enough to maintain underwriting and claim expense ratios.

Many of the financial incentives in the industry are determined as a percentage of premiums. Shrinking premiums produce shrinking companies, lower cash flow, weakening balance sheets and endangered financial ratings. None of those are desirable outcomes for carriers. Independent Agents and Brokers work on commission, a percentage of written premiums, so if they earn 15% on an $800 auto policy that without cost shifting may have shrunk to a $600 policy, they would have taken a 25% revenue cut.

There may be Nash equilibrium in play, with everyone being happy under the current circumstances. But as the Insurance Research Council points out, if accident frequency returned, first loss costs, and then premiums would spike. The longer and larger the cost shift is allowed to grow, the greater the potential market disruption becomes when the day of reckoning arrives. But for anyone who is not betting on a near term economic revival, and/or the significantly lowered gasoline prices that could fuel increased frequency, this may not be a burning issue.

Is Anybody Hurt By Cost Shift?
Auto insurance consumers are financing the cost shift through artificially high insurance premiums. To the extent that some of those same individuals consume more medical services than are paid for, there seems to be fairness. But for those who shoulder the full burden (or more) of their medical expenditures, “the affluent,” this resembles income redistribution.

What Does This Portend For Claims?
As things stand, most claim department leaders either don't realize what has happened, or believe that their particular policies and practices have prevented this for their company. A benchmark comparison of company loss costs against like competitors would force one to choose to either disbelieve the phenomenon entirely or accept that they are as vulnerable as everyone else.

The standard industry claim deterrents for medical cost containment are two software programs, medical bill repricing and automated bodily injury evaluation. Both are highly susceptible to diagnostic upcoding, but few claim leaders understand the algorithms that drive these systems and imbue them with capabilities that they don't have. Those claim people far enough into the details to know better are not empowered to act.Efforts to inform claim leadership typically meet with stiff resistance, because they genuinely believe that they “have it covered.” And even if they knew they did not, why would they want to have such significant leakage called out when loss ratios are stable, and nobody is pointing a finger in their direction? But acknowledging and addressing the issue would create more work on top of what already feels insurmountable.

Closing Thoughts
This article was written for the purpose of calling out the significance of cost shifting to the industry. I do not believe that the industry is purposely allowing the cost shift, but when a bad situation creates comfort, a sense of urgency is elusive. The more entrenched the problem becomes, the more difficult the exit strategy.

The Property & Casualty industry will continue to represent a relatively small percent of hospital utilization, but it is continuing to pay a growing disproportionate share of the total cost. Even if driving never perks up again, as the cost shift grows a tipping point nears where premiums become too high.

Finally, there has been too much focus on automating claims over the past twenty years or more and far too little focus on basic claim handling. This is one example of numerous significant pockets of leakage that arose as a result.