Tag Archives: department of justice

Will Your Website Get You Sued?

Plaintiffs’ attorneys have discovered a new, rich litigation vein to exploit, potentially yielding a treasure of targets to sue. Using Title III of the Americans with Disabilities Act (ADA) and applying it to a modern societal institution (the internet) that was not in existence or contemplated when that law was enacted, lawyers may have hit pay dirt again by claiming that websites are not accessible to the disabled.

Title III of the ADA requires places that are open to the public to not discriminate against individuals due to their disability or otherwise deny them “the full and equal enjoyment of the goods, services, facilities, privileges, advantages or accommodations of any place of public accommodation.” These rules apply to any company that permits “entry” by the public. Although traditionally Title III of the ADA has been applied to physical structures, recent cases have raised issues as to whether these rules may apply to websites, as well.

To date, the case law addressing these issues is very limited and has been mixed. Case law from the Seventh Circuit has applied the ADA to websites, and the First, Second and Eleventh Circuits have applied the ADA beyond physical structures, providing ground for plaintiffs to argue that the ADA can extend to a virtual space such as websites. Meanwhile, the Third, Fifth and Ninth Circuits have applied the ADA provisions to physical locations only.

See also: Broad Array of Roles for Disability Coverage  

The Department of Justice, which is responsible for interpreting and enforcing Title III of the ADA, says that Title III does apply to websites. However, in typical government fashion, the DOJ has delayed releasing its “accessibility” guidelines for webpages, with an anticipated release date in 2018.

While the regulations and laws on website accessibility may be unclear, a few law firms are nonetheless sending out demand letters targeting specific industry sectors nationwide (for example, private universities and real estate brokerage firms) and demanding compliance with onerous website standards. The letters ask the recipient to hire the plaintiff’s law firm (or their preferred vendor) to help reach an “acceptable level” of compliance. In addition, several national retailers, including Patagonia, Ace Hardware, Aeropostale and Bed Bath & Beyond have been named in lawsuits regarding accessibility to their sites. According to Bloomberg’s BNA reports, 45 of these type of lawsuits were launched in 2015. That number is expected to increase substantially in 2016.

With the law so unclear on this topic, how should businesses navigate these murky waters? First, if you receive one of these demand letters, you should consider contacting an attorney and should avoid engaging in discussions with the plaintiff or their law firm without representation. Then, along with your attorney and an IT representative (in-house or a vendor), develop a strategy to bring your webpage into accessibility compliance. Although there is no “one-size fits all” approach to move toward compliance, depending on what is on your website, businesses can consider providing audible text on each webpage and providing audible captions for pictures. Ultimately, to play it safe you may want to take all reasonable steps to improve navigation and access on your website.

See also: New Products and Combined Approaches

Takeaway

Lawsuits related to website accessibility could likely be next cash cow for plaintiffs’ attorneys. As the early case law on this issue is so mixed, there is little guidance as to who has to be compliant and what exactly compliance would look like. Until the DOJ gets around to issuing guidelines (assuming they provide much guidance), businesses should consider reviewing their websites and documenting reasonable efforts to make the sites accessible to the disabled. Further, companies should consider purchasing a robust employment practices liability (EPL) policy with broad third-party coverage that can potentially pick up the defense of claims related to website access claims.

This article was co-written by Marty Heller.

The Worst Doctors From 2015

This list of worst doctors came to me via email, and I thought it was too good not to post. The origin of this is a Medscape article written by Lisa Pevtzow, Deborah Flapan, Fredy Perojo and Darbe Rotach. Please read the Medscape article in full. It’s a gem. The Medscape article shows pictures of these offenders.

Here is a summary of the worst doctors:

1) In July, Farid Fata, MD, was sentenced to 45 years in prison in Detroit for administering excessive or unnecessary chemotherapy to 543 patients. Some of them he deliberately misdiagnosed with cancer. In addition to enduring needless chemotherapy, the patients suffered anguish at the possibility of death. The massive criminal scheme netted at least $17 million from Medicare and private insurers.

2) Ophthalmologist David Ming Pon, MD, was found guilty in October of cheating Medicare by pretending to perform procedures on patients who did not need them. A federal jury convicted Dr. Pon on 20 counts of healthcare fraud. The scam netted Dr. Pon more than $7 million, according to the Department of Justice.

3) Joseph Mogan III, MD, was sentenced to about eight years in prison in March for operating two “pill mills” in suburban New Orleans. He gave out illegal prescriptions for narcotics and other controlled substances on a cash-and-carry basis. Dr. Mogan might have received a longer sentence had he not previously testified against a former New Orleans police officer who gave advice on how to operate under the radar of law enforcement. Prosecutors said the officer helped Dr. Mogan and his co-operator, Tiffany Miller, because Miller provided sexual favors and thousands of dollars in cash.

4) Dr. Aria Sabit pleaded guilty in a federal district court in Detroit in May to conspiring to receive kickbacks from a medical technology company. In 2010, Apex Medical Technologies, which distributes spinal surgery instruments, told the surgeon that, if he invested $5,000 in the company and used its hardware, he would share in the revenue. Ultimately, he received $439,000 from his investment. Dr. Sabit also pleaded guilty to stealing $11 million in insurance proceeds after billing Medicare, Medicaid and private insurers.

5) A Virginia jury awarded a patient $500,000 in June after an anesthesiologist made mocking and derogatory comments, which the patient accidentally recorded on a cellphone while he was sedated. The case inflamed the public after the Washington Post reported the story. The recording captured anesthesiologist Tiffany Ingham, MD, commenting on the patient’s penis and making fun of him. The surgical team also entered a fake diagnosis of hemorrhoids into his medical record.

6) A former researcher at Iowa State University was sentenced to 57 months in prison in July for systematically falsifying data to make an experimental HIV vaccine look effective. The researcher, Dong Pyou Han, PhD, was supposed to inject rabbits with a vaccine and test their sera for HIV antibodies. Dr. Han not only gave the head of the lab false test results about the vaccine, but he also injected the rabbits with human antibodies.

7) The Washington Medical Quality Assurance Commissions suspended the license of Arthur Zilberstein, MD, in June for sexting from the operating room. The commission said Dr. Zilberstein “compromised patient safety due to his preoccupation with sexual matters” during surgery. He was charged with exchanging sexually explicit texts during surgeries when he was the responsible anesthesiologist, improperly accessing medical-record imaging for sexual gratification and having sexual encounters in his office.

8) An Ohio cardiologist was convicted in September of billing Medicare and other insurers for $7.2 million in unnecessary tests and procedures. Dr. Harold Persaud put lives at risk by performing stent insertions, catheterizations, imaging tests and referrals for coronary artery bypass graft surgery that were not medically warranted, according to prosecutors.

Alas, such patient mistreatment and fraud is not that rare, as my readers.

The ‘CURES’ for Work Comp Claims

When an injured worker submits a claim, it initiates processes aimed at returning the injured worker to gainful and sustainable work at the earliest possible time. In this journey, checkpoints and milestones are the best means to monitor progress. Checkpoints generally relate to visits with a medical practitioner where medical conditions are checked against expectations and, if necessary, treatments are adjusted. Milestones are associated with reaching a goal.

At the first medical appointment, the physician is required to prepare a report for the claims administrator based on a comprehensive medical examination of the injured person, including a review of the medical history. At the same time, the physician can access CURES (Controlled Substance Utilization Review and Evaluation System) to check whether the patient has received any scheduled controlled substances in the prior 12 months. Through this access, the physician can identify an at-risk patient and accordingly establish a treatment plan that considers both medications and adjunctive treatments. Also, if a patient is identified as an addict, he can be referred for rehabilitation and social re-integration. With subsequent medical appointments, the physician can again use CURES to check for any changes to the patient’s scheduled controlled substances usage since his last visit.

The importance of a physician using CURES to check a patient’s use of scheduled controlled substances cannot be overemphasized, especially in workers’ compensation, where a patient may not be forthcoming in sharing comorbidity information because of a lack of trust. Not knowing if a patient is currently taking scheduled controlled substances, the physician could jeopardize the patient by prescribing inappropriate medications.

In addition to the medical profession, CURES is available to Department of Justice investigators and law enforcement agencies to identify persons who visit a number of physicians to obtain supplies of scheduled controlled substances for abuse and diversion (i.e. physician shopping). Pharmacists and numerous regulatory boards from the medical board to the veterinary board also have access to CURES, providing them with the opportunity to monitor the medical profession for aberrant prescribing of scheduled controlled substances.

While states like Florida implemented a PDMP (prescription drug monitoring program) as late as 2011, California has monitored Schedule II controlled substances since 1940 and with the introduction of CURES in 1996 extended its monitoring to include Schedule III and IV controlled substances. Online access to CURES has also been available to the medical profession since 2009. Consequently, California has not experienced the abuse and diversion that Florida has with its “pill mills.”

Access to CURES by claims administrators or their representatives (i.e. third party payers) will not deliver improved quality of care or reduce prescription drug fraud and abuse and will add unnecessary costs through duplication of efforts already being performed by others using CURES. Close monitoring of checkpoints, however, by the claims administrator will provide benefits. Monitoring is accomplished through what is commonly referred to as “encounter data” and includes diagnoses, services performed and medications dispensed along with amounts charged and paid. Diagnoses, medical procedures and pharmaceuticals translated into coding systems such as ICD-10 (International Classification of Disease, 10th revision), HCPCS (HeathCare Common Procedure Coding System) and NDC (National Drug Code) provide excellent opportunities to automate the monitoring of encounter data.

Have claims administrators been able to implement technology solutions to automate the monitoring of encounter data and achieve outstanding results? Over the past two decades, many claims administrators have opted to outsource the management and control of critically important functions such as utilization review, medical bill review and pharmacy monitoring. Many of the outsource organizations only focus on that part of the encounter data that directly applies to their function — for example, pharmacy benefit managers only monitor the pharmacy. But using all the encounter data can promote a vibrant synergy very capable of achieving outstanding outcomes and results for the injured worker.

Losing control of encounter data eliminates the claims administrator’s ability to establish and monitor adherence to best evidence-based practices. When physicians have not adhered to their proposed treatment plans, opportunities to trigger yellow and red flags for investigation are lost.

Claims administrators who have automated the monitoring of their encounter data can assist states in reducing abuse and diversion by monitoring the quantities of medications being dispensed in a progressive or step therapy pain management plan, for example, and encouraging unused supplies to be returned to the physician at the next appointment. This can be achieved at no additional cost to the claims administrator and reduces the quantities of unused or unneeded prescription medications in circulation, which has been the focus of the DEA’s (U.S. Drug Enforcement Agency) “take back” initiatives. To date, the DEA has collected in excess of 1,400 tons of unused medications, which could otherwise have found their way into the illicit drug market.

For as long as the U.S. remains the biggest licit and illicit drug market in the world, claims administrators will remain challenged to deliver on their workers’ compensation claims handling obligations.

With a changing workforce, claims administrators will need to move more and more toward a biopsychosocial approach to managing medical conditions. They must provide quality care at the lowest possible cost, which can only be achieved through the fine analytics of consolidated encounter data.

Capturing encounter data through the claims administrator’s processes and fine analytics will consistently yield the best claims outcomes, from earlier return-to-work to lower costs associated with medical treatment through to automated overseeing of a claim, including provider performance monitoring and evaluation. All of these are the essence of superior workers’ compensation claims management.

The Devil Is in the Details of Cyber

There’s a tempest amid the recent spring shower of cyber insurance cases. It isn’t the Recall Total case,[1] or the Travelers v. Federal Recovery Services case reported the week before.[2] Although those two cases have garnered a great deal of media and other attention from those seeking, and seeking to provide, guidance surrounding insurance coverage for cybersecurity and data privacy-related liability, those cases are, by and large, relatively insignificant.

The tempest case is Columbia Casualty Company v. Cottage Health System.[3] In Columbia Casualty, CNA’s non-admitted insurer, Columbia Casualty, seeks to avoid coverage under a cyber insurance policy for the defense and settlement of a data breach class action lawsuit. This is one of the first cyber/data privacy disputes under a cyber insurance policy that has resulted in litigation.

Columbia Casualty warrants close attention by any organization that currently purchases, or is considering purchasing, cyber insurance, as well as by those insurance intermediaries, outside coverage counsel and other parties who seek to capably assist organizations in this complex area. Irrespective of the ultimate merits of CNA’s coverage positions, Columbia Casualty illustrates that the devil is in the details when placing cyber insurance coverage. Although this type of coverage can be extremely valuable, and is likely to soon become a nondiscretionary purchase for many, if not most, organizations, it is particularly challenging to place successfully.

Below is a factual summary of the Columbia Casualty case, a summary of the coverage issues and some takeaway thoughts for avoiding the two important potential coverage issues highlighted by the case: (1) broad exclusions relating to cybersecurity/data protection practices and (2) the misrepresentation defense.

The Facts

Underlying Data Breach Litigation and Regulatory Investigation

Columbia Casualty arises out of a data breach incident that resulted in the release of private electronic healthcare patient information stored on network servers owned, maintained or used by the insured, Cottage Health System (Cottage).[4]

In the wake of the breach, Cottage faced a putative class action lawsuit alleging that “the confidential medical records of approximately 32,500 patients at the hospitals affiliated with [Cottage] were negligently disclosed and released to the public on the Internet.”[5] The lawsuit sought damages for alleged violation of California’s Confidentiality of Medical Information Act.[6]

The lawsuit settled in April 2015 for $4.1 million.[7] Cottage’s cyber insurer, CNA, funded the settlement pursuant to a reservation of rights.[8]

Following the settlement of the data breach lawsuit, CNA filed its coverage litigation, in which CNA seeks declarations of non-coverage. In particular, CNA seeks declarations both that it: (1) “is not obligated to provide Cottage with a defense or indemnification in connection with any and all claims stemming from the data breach,”[9] and (2) is entitled “to reimbursement in full from Cottage for any and all attorney’s fees or related costs or expenses … in connection with the defense and settlement of the class action lawsuit and any related proceedings.”[10]

The Cyber Insurance Policy

CNA issued to Cottage its NetProtect360 cyber insurance policy with limits of $10 million.[11] The policy provides coverage for, among other things, “privacy injury claims.”[12]   Based on CNA’s complaint, there is no dispute as to whether the data breach lawsuit triggers the policy coverage. Those familiar with the off-the-shelf NetProtect360 policy form likely would agree that it does. And CNA does not allege otherwise.

The Coverage Issues

CNA denies coverage for the defense and settlement of the data breach lawsuit on two principal bases, which are discussed in turn.

Exclusion for “Failure to Follow Minimum Required Practices”

CNA relies upon an exclusion in the NetProtect360 policy, titled “Failure to Follow Minimum Required Practices,” which states:

Whether in connection with any First Party Coverage or any Liability Coverage, the Insurer shall not be liable to pay any Loss:

  • Failure to Follow Minimum Required Practices based upon, directly or indirectly arising out of, or in any way involving:
  • Any failure of an Insured to continuously implement the procedures and risk controls identified in the Insured’s application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing;…[13]

Citing this exclusion, CNA alleges that coverage is precluded because its insured purported to do certain things relating to various aspects of network and computer security. In particular, CNA alleges that its insured failed to “continuously implement the procedures and risk controls identified in its application,” to “regularly check and maintain security patches on its systems” and to “enhance risk controls,” among a host of “other things”:

  1. Upon information and belief, the data breach at issue in the Underlying Action and the DOJ Proceeding was caused as a result of File Transfer Protocol[14] settings on Cottage’s internet servers that permitted anonymous user access, thereby allowing electronic personal health information to become available to the public via Google’s internet search engine.
  2. Upon information and belief, the data breach at issue in the Underlying Action and the DOJ Proceeding was caused by Cottage’s failure to continuously implement the procedures and risk controls identified in its application, including, but not limited to, its failure to replace factory default settings, its failure to ensure that its information security systems were securely configured, among other things.
  3. Upon information and belief, the data breach at issue in the Underlying Action and the DOJ Proceeding was caused by Cottage’s failure to regularly check and maintain security patches on its systems, its failure to regularly re-assess its information security exposure and enhance risk controls, its failure to have a system in place to detect unauthorized access or attempts to access sensitive information stored on its servers and its failure to control and track all changes to its network to ensure it remains secure, among other things.
  4. Accordingly, Columbia is entitled to a declaration that it is not obligated to defend or indemnify Cottage in connection with the Underlying Action or the DOJ Proceeding and that coverage for the claims and potential damages at issue in the Underlying Action and the DOJ Proceeding is precluded pursuant to the Columbia Policy’s Failure to Follow Minimum Required Practices” exclusion.[15]

CNA does not allege that its insured acted willfully, that it acted recklessly or even that it was grossly negligent.

The Misrepresentation Defense

In support of its misrepresentation defense, CNA relies principally upon the policy “Application” condition in the policy, which states, among other things, that the insurance policy “shall be null and void if the Application contains any misrepresentation or omission … which materially affects either the acceptance of the risk”:

  1. Application
  • The Insureds represent and acknowledge that the statements contained on the Declarations and in the Application, and any materials submitted or required to be submitted therewith (all of which shall be maintained on file by the Insurer and be deemed attached to and incorporated into this Policy as if physically attached), are the Insured’s representations, are true and: (i) are the basis of this Policy and are to be considered as incorporated into and constituting a part of this Policy; and (ii) shall be deemed material to the acceptance of this risk or the hazard assumed by the Insurer under this Policy. This Policy is issued in reliance upon the truth of such representations.
  • This Policy shall be null and void if the Application contains any misrepresentation or omission:
  • made with the intent to deceive, or
  • which materially affects either the acceptance of the risk or the hazard assumed by the Insurer under the Policy.[16]

Citing this condition, CNA alleges that it is entitled to a declaration of non-coverage because its insured’s “application for coverage … contained misrepresentations and/or omissions of material fact” relating to its purported “failure to maintain the risk controls identified in its application”:

  1. The Columbia Policy’s “Application” condition provides that the Columbia Policy “shall be null and void if the Application contains any misrepresentation or omission: a. made with the intent to deceive, or b. which materially affects either the acceptance of the risk or the hazard assumed by the Insurer under the Policy.”
  2. The Columbia Policy’s “Minimum Required Practices” condition provides that, as a “condition precedent to coverage,” Cottage warrants that it shall “maintain all risk controls identified in the Insured’s Application and any supplemental information provided by the Insured in conjunction with Insured’s Application for this Policy.”
  3. Upon information and belief, Cottage’s application for coverage under the Columbia Policy contained misrepresentations and/or omissions of material fact that were made negligently or with intent to deceive concerning Cottage’s data breach risk controls.
  4. Upon information and belief, the data breach at issue in the Underlying Action and the DOJ Proceeding was caused by Cottage’s failure to maintain the risk controls identified in its application, including, but not limited to, its failure to replace factory default settings to ensure that its information security systems were securely configured.
  5. Accordingly, Columbia is entitled to a declaration that it is not obligated to defend or indemnify Cottage in connection with the Underlying Action or the DOJ Proceeding based on Cottage’s breaches of the Columbia Policy’s “Application” and “Minimum Required Practices” conditions.[17]

Again, note that CNA seeks to avoid coverage even to the extent its insured’s alleged misrepresentations or omissions “were made negligently.”

The Takeaway Tips

  1. Beware Of Broadly Worded Cybersecurity/Data Protection Exclusions

The California Court in Columbia Casualty should reject outright CNA’s attempt to avoid coverage based on a ridiculously broadly worded, open-ended exclusion, which, if enforced literally as interpreted by CNA, would largely, if not entirely, vaporize the coverage that CNA sold under the NetProtect360 policy. For starters, exclusions are to be read narrowly against CNA under established rules of insurance policy construction,[18] and broad exclusions that would render coverage illusory are not permitted in California[19] or elsewhere.[20] Nor is the exclusion, as interpreted by CNA, consistent with an insured’s reasonable expectations concerning the coverage afforded under the NetProtect360 policy,[21] which, as represented by CNA in its marketing materials, offers “exceptional first- and third-party cyber liability coverage to address a broad range of exposures,” including “security breaches” and “mistakes”:

Cyber Liability and CNA NetProtect Products

CNA NetProtect fills the gaps by offering exceptional first- and third-party cyber liability coverage to address a broad range of exposures. CNA NetProtect covers insureds for exposures that include security breaches, mistakes and unauthorized employee acts, virus attacks, hacking, identity theft or private information loss and infringing or disparaging content. CNA NetProtect coverage is worldwide, claims-made with limits up to $10 million.[22]

To be sure, the fact that any insured reasonably can be expected to make mistakes, i.e., to be negligent, in the complex areas of cybersecurity and data protection is a principal reason for purchasing cyber liability coverage.

Putting aside the merits of CNA’s contentions, the type of “Failure to Follow Minimum Required Practices” exclusion found in the off-the-shelf NetProtect360 is regrettably common, and, as the Columbia Casualty illustrates, may be read by insurers to significantly undermine, if not completely vitiate, coverage, requiring insureds to become engaged in coverage litigation as a predicate to obtaining coverage.

The good news is that, although certain types of exclusions are unrealistic given the nature of the risk an insured is attempting to insure against, cyber insurance policies are highly negotiable. It is possible to cripple inappropriate exclusions by appropriately curtailing them, or to entirely eliminate them — and often this does not cost additional premium.

  1. Guard Against a Misrepresentation Defense

We have seen it in the D&O context for years, and it’s coming to cyber: the insurer’s misrepresentation/concealment defense. Provisions like the ones that CNA relies upon in Columbia Casualty are contained in some form in the majority of insurance applications and policies. And, while certainly not unique to cyber insurance, these types of provisions can be more troubling in the cyber context because of the subject matter being insured. Cyber insurance applications can, and usually do, contain myriad questions concerning an organization’s cybersecurity and data protection practices, seeking detailed information surrounding technical, complex subject matter. These questions are often answered by technical specialists, moreover, that may not appreciate the nuances and idiosyncrasies of insurance coverage law, such as the fact that, depending upon applicable law, there is a risk that an unintentional misrepresentation may suffice to allow an insurer to deny coverage.[23]  So what can be done? One line of attack is to negotiate significantly better policy terms relating to the application and misrepresentation. Another worthwhile strategy is to have coverage counsel involved in the application process. It often makes sense for coverage counsel to engage outside computer security consultants to assist with the application process. The application process can be valuable, shining a spotlight on current cybersecurity risk management practices that may reveal potential weaknesses that should be addressed. But, clearly, managing the process with an eye toward potential future claims is advisable. The CNA case illustrates the importance of embracing a cohesive, team approach and being mindful of potential future coverage disputes when placing this type of coverage.

 

[1] Recall Total Info. Mgmt., Inc. v. Federal Ins. Co., — A.3d —-, 2015 WL 2371957 (Conn. May 26, 2015).

[2] Travelers Prop. Cas. Co. of Am., et al. v. Federal Recovery Servs., Inc., et al., No. 2:14-CV-170 TS (D. Utah May 11, 2015)).

[3] No. 2:15-cv-03432 (C.D. Cal.) (filed May 7, 2015).

[4] See CNA Complaint For Declaratory Judgment And Reimbursement, ¶¶2-3. Cottage operates a network of hospitals located in Southern California. See id.

[5] Kenneth Rice, et al. v. INSYNC, Cottage Health Sys., et al., Case No. 30-2014-00701147-CU-NP-CJC (Ca. Super. Ct. Jan. 27, 2014), ¶1.

[6] Id. ¶¶68, 80.

According to CNA’s complaint, Cottage also faces an ongoing investigation by the California Department of Justice regarding potential HIPAA violations. See Complaint For Declaratory Judgment And Reimbursement, ¶¶6, 22. In its declaratory judgment action, CNA also disclaims coverage for this proceeding. See CNA Complaint For Declaratory Judgment And Reimbursement, ¶¶46-49.

[7] See Order Granting Final Approval of Proposed Class Action Settlement and Judgment (Apr. 15, 2015), Findings in Support of Final Settlement Approval ¶2.B.; see also Class Action Settlement And Release Agreement, § 3.1.

[8] See CNA Complaint For Declaratory Judgment And Reimbursement, ¶5.

[9] Id. ¶8.

[10] Id. ¶9.

[11] Id. ¶22-23.

[12] Id. ¶25.

[13] Id. ¶26. A separate policy “condition” states as follows:

  1. Minimum Required Practices

The Insured warrants, as a condition precedent to coverage under this Policy, that is shall:

  1. follow the Minimum Required Practices that are listed in the Minimum Required Practices endorsement as a condition of coverage under this policy, and
  2. maintain all risk controls identified in the Insured’s Application and any supplemental information provided by the Insured in conjunction with Insured’s Application for this Policy.

Id. ¶27.

[14] This is used to transfer files between computers on a network.

[15] Id. ¶¶41-44 (footnote reference and emphasis added).

[16] Id. ¶27. CNA also cites to a “Warranty” provision in the insurance application, stating as follows:

Applicant hereby declares after inquiry, that the information contained herein and in any supplemental applications or forms required hereby, are true, accurate and complete, and that no material facts have been suppressed or misstated. Applicant acknowledges a continuing obligation to report to the CNA Company to whom this Application is made (“the Company”) as soon as practicable any material changes…all such information, after signing the application and prior to issuance of this policy, and acknowledges that the Company shall have the right to withdraw or modify any outstanding quotations and/or authorization or agreement to bind the insurance based upon such changes.

Further, Applicant understands and acknowledges that:

2) If a policy is issued, the Company will have relied upon, as representations, this application, any supplemental applications and any other statements furnished to this Company in conjunction with this application.

3) All supplemental applications, statements and other materials furnished to the Company in conjunction with this application are hereby incorporated by reference into this application and made a part thereof.

4) This application will be the basis of the contract and will be incorporated by referenced into and made a part of such policy.

Id. ¶31.

[17] Id. ¶¶51-55 (emphasis added).

[18] See, e.g.,. 2 Couch on Insurance § 22:31 (“the rule is that, such terms are strictly construed against the insurer where they are of uncertain import or reasonably susceptible of a double construction, or negate coverage provided elsewhere in the policy”); see also 17A Couch on Insurance § 254:12 (“The insurer bears the burden of proving the applicability of policy exclusions and limitations or other types of affirmative defenses.”).

[19] See, e.g., Armstrong World Indus., Inc. v. Aetna Cas. & Sur. Co., 52 Cal. Rptr. 2d 690, 705 (Cal. Ct. App. 1996) (rejecting the insurers’ approach where “the insurers’ approach would essentially render the asbestos manufacturers’ insurance coverage illusory”).

[20] See, e.g., Allan D. Windt, 2 Insurance Claims and Disputes § 6:2 (6th ed. updated Mar. 2015) (“a court will not allow an exclusion to eliminate coverage that is expressly and specifically provided for in the same policy form. More generally stated, a policy will not be interpreted to create illusory coverage. For example, in the context of analyzing the absolute pollution exclusion, discussed in § 11:11, some courts have refused to apply the exclusion as written based upon what was, in effect, the conclusion that the exclusion would cause the coverage to be illusory.”).

[21] See, e.g., 2 Couch on Insurance § 22:11 (“the rule is that the objectively reasonable expectations of applicants and intended beneficiaries regarding the terms of insurance contracts will be honored even though a painstaking study of the insurance provisions would have negated those expectations”).

[22] https://www.cnapro.com/html/Our_Products/OurProducts_CNANetProtect.html

[23]See, e.g., Rafi v. Rutgers Cas. Ins. Co., 872 N.Y.S.2d 799 (N.Y. App. Div. 2009) (“although misrepresentations made by an insured must be material, they may be innocently or unintentionally made”).

Smarter, Faster Trades — and Without Fraud

New York Times senior economic correspondent Neil Irwin did great public service in his Upshot column provocatively titled, “Why Can’t the Banking Industry Solve Its Ethics Problems?

While Irwin addressed the issue for investors in general, his column should hold particular interest for those in the insurance business because insurers are such large investors and generate such a high percentage of their operating profit from investments. In terms of commercial and multifamily real estate mortgages alone, insurers hold more than $900 billion of investments, according to the Mortgage Bankers Association’s Q4 2013 report. (That’s $343 billion in commercial and multifamily mortgage debt plus $567 billion in commercial mortgage-backed securities, collateralized debt obligations and asset-backed securities.) The Federal Reserve tallies life insurance companies’ holdings of residential mortgage-backed securities (RMBS) at $365 billion as of the end of the first quarter, 2014. Insurers need the investment industry to clean up its problems if they are to get maximum value from these huge investments.

Why does fraud occur so repeatedly? Irwin ponders.

The answer: gamed markets.

Since the Great Depression, investments systems have relied on enforcement after the fact. If companies were investigated, prosecuted and found to have done something wrong, they were punished. Typically, this is now done through fines and stricter monitoring, meaning that current and future staff – not those in place at the time of the fraud – and shareholders bear the costs. Sometimes, individual perpetrators are forced to retire (with pensions). Only in the past few years have the Department of Justice, Federal Housing Finance Administration and Securities and Exchange Commission begun extracting hefty fines and settlements with the largest banks, such as: Citigroup’s $7 billion, JPMorgan Chase’s $13 billion and Bank of America’s $6.3 billion with FHFA and the reported $17 billion with DOJ in connection with residential mortgage-backed securities.

As Irwin notes, fraud continues to occur despite extensive efforts to address the problems that led to the near-collapse of the financial system that spawned the Great Recession.

Gaming the system through high-speed trading remains legal. As long as there is no insider trading, traders can greatly increase the speed of their transactions with network equipment, software and advantageous location of their computers.

Insider trading is illegal but hard to root out. Successful prosecution almost always entails a whistleblower coming forward to provide regulators with precise information. And coming forward as a whistleblower entails consequential career risks.

Two innovations address these systemic challenges by providing better information for the market in real time and creating a feedback loop that improves that information – rather than waiting until after the fact to police bad guys. The innovations are interactive finance and confidence accounting.

First, Interactive finance rewards institutions and individuals with financial or strategic advantage for revealing information that details risk. That information could be, for instance, about the changing value of a house, about the payment history of the mortgagee, other financial information about the borrower, etc. That information would stay with the mortgage even if it became part of a pool that was sliced and diced into mortgage-backed securities, so that a potential buyer could probe and could track changes in real time, rather than rely on a single-point-in-time evaluation by a ratings agency. Interactive finance – not enforcement – would keep agencies from giving their highest ratings to securities whose underlying assets were suspect, as happened with sub-prime mortgages in the buildup to the Great Recession.

Marketcore, an intellectual property firm I advise, offers such interactive finance technology. It supports the determination of risk for financial products, continuous revaluation and analysis of components of pooled securities, among other capabilities that make markets and clear them.

Its technology diminishes incentives for fraud by making opacity and concealment anachronistic and replacing them with transparency. The IP also charts effective pathways to employ crowd data and meta data for timely detection of risk, building on the growing availability of information in a “big data” world and allowing for a generational improvement in detecting risk and rating credit.

Second, confidence accounting yields greater transparency and accuracy than traditional, prudential valuation. In confidence accounting, you don’t just set a value for an asset. You say there is an xx% chance that the valuation will fall within a certain range. You then roll up all the assessments and have a probability-based understanding of the likely range of total value. You can also use the estimations as a feedback loop and identify people or institutions that consistently overstate value – if someone says asset values will fall within a certain range 95% of the time, do those values, in fact, fall within that range 95% of the time?

As risk expert David M. Rowe explains in a current Risk blog (citing work by Ian Harris, Michael Mainelli and Jan-Peter Onstwedder) confidence accounting can illuminate “the degree of uncertainty around valuation estimates…including how to partition uncertainty surrounding current valuation from the more familiar concept of risk from uncertain future events, and the messy issue of how to aggregate valuation uncertainty for specific positions into the implied uncertainty of net worth.”

Through these two innovations, interactive finance and confidence accounting, banks would have much easier times detecting rogues and suppressing rascals. In the process, banks would not only increase their own wellbeing but that of their shareholders, employees and the investing public, including insurance companies.

Going forward is now a simple business decision for us all. We must pick up the pieces of what we have learned and refashion and rebuild data-refreshing business models in which everyone can participate as an information merchant. We must deliver a common architecture in which data is consistently revalued, in a system that continually rewards disclosures about risks and values.

Interactive finance and confidence accounting are emergent technologies poised to  play key roles shaping and defining smarter, faster, ethical trades in 21st century finance.