Tag Archives: independent audit

How to Manage Legal Fees for Work Comp

Loss expenses are on the rise, at an alarming rate, according to California’s Workers’ Compensation Insurance Rating Bureau (WCIRB). The California Workers Compensation — Aon Advisory Bulletin (July 2014) indicates that “allocated costs (mostly attorney payments) increased 7.3% in 2013. Unallocated costs increased 10.3%.”

Given that legal costs are on the rise, here are nine ways that risk managers can more closely manage legal services:

Have in-house counsel monitor outside counsel (and adjuster performance). Litigation costs must be properly managed because overzealous defense counsel and untrained (or cooperating adjusters) can prolong litigation, increase costs for the employer and wreak havoc on the lives of injured workers.

Review outside counsel financial arrangements — consider capped fees, flat fees or invoice paid upon file completion. Paying at the end allows outside counsel to defend the claim but discourages unnecessary hearings and runaway fees and lets risk management easily review the ultimate fee rather than numerous monthly bills. Excessive fees are more noticeable and easier to compare against other files and law firms. Attorneys who are milking the claim become more visible.

An “invoice paid upon file completion” is a good approach if you use the same attorney frequently. However, this approach should not be used when the defense counsel only has one file. You could end up with an excessive bill, with little recourse other than to fight with your own chosen counsel over the amount.

Conduct an independent audit to assess whether defense counsel was needed in the first place, or whether she was just assigned the case to do work the adjuster, assigned too many cases, was too busy to do.

A favorite ploy of overworked adjusters (and lazy adjusters) is to allow the defense counsel to handle the claim. Legal counsel should not be paid to do the adjuster’s job, including gathering medical reports, state board records and ISO reports, arranging independent medical exams (IMEs), etc. An independent claims audit of your files will tell you whether you are paying legal fees for the work the adjuster should be doing.

Review hearing rulings. Review whether the same attorneys are requesting hearings on the same issue repeatedly or requesting hearings on issues they are likely to lose. For example, if benefits are terminated but reinstated at the hearing, and this happens repeatedly, it is an indication that benefits are being terminated without sufficient cause, thereby creating unnecessary legal expense. In insurance speak, this is called “churning” files.

Churning is any unnecessary activity undertaken by defense counsel for the sole purpose of increasing the legal services bill. It can be unnecessary research on a subject the attorney should know, unnecessary motions, unnecessary discovery, having another attorney in the firm review the case, having a paralegal or junior partner undertake an unnecessary action, etc.

Before any preparation by defense counsel for the hearing, the adjuster should phone the defense attorney and discuss the need for the hearing and what the probable outcome will be. If you know going into the hearing that you are going to lose, have counsel resolve the issue with the opposing counsel. It will save both legal fees and unnecessary claim costs (indemnity and medical costs continue while you wait for the hearing). By removing the unnecessary hearings, you move the file faster, with less overall claim cost, to the final resolution.

Review whether opportunities for agreement between counsel are ignored. Defense counsel may avoid agreement because it is more profitable to have a junior attorney attend hearings and collect a large fee.

For example, in Connecticut, a claimant’s doctor can be changed, with agreement of counsel, but defense counsel rarely agree even though knowledgeable counsel will know which doctors have reputations for overtreating and overrating disability, which doctors are known for unbiased treatment and ratings and which doctors have a reputation for being conservative in their treatment and ratings.

Review whether defense counsel makes unfounded accusations against claimant of misbehavior or wrongdoing (e.g. claimant is not credible or is trying to game the system) on every claim to obfuscate the issues and prolong the litigation.

If defense counsel is not totally objective in his assessment of both the claim and the claimant, it is time to immediately identify new defense counsel.

Look at whether the attorney charges for lots of research, on many files. Very little research is necessary except in unusual claims with issues of law, so files with legal research should be reviewed very carefully.

Adjusters — with sufficient authority — should attend all hearings with defense counsel. Sometimes, there are opportunities to settle litigation during hearings. These opportunities should be considered while someone with the requisite authority is present. In many cases, seasoned adjusters are capable of attending hearings without defense counsel. (This is not allowed in some jurisdictions.)

Risk managers (or the company human resources manager or the workers’ compensation coordinator) should attend all hearings to be available to testify about the job requirements and efforts to provide transitional duty and to show interest in the injured worker’s well-being. Specify this procedure in the account handling instructions.

To verify you are controlling your legal fees, a two-pronged approach is needed. A litigation management review by an independent claims auditor will determine the effectiveness of your adjusters in controlling legal expenses. This should be combined with an audit of the legal invoices by an experienced legal bill auditor.

New Way to Audit Digital Assets

In the real world, it would be considered reasonable and appropriate to require an independent audit of digital assets to be insured. In cyberspace, this is more challenging. Insurers have to rely on the insured to tell the truth about what assets have been affected by a breach.

Integrity standards for data enable insurance companies to conduct an independent audit of what digital assets exist (e.g., client data, intellectual property) prior to a breach, thus preventing fraudulent claims.

One aspect of a data integrity standard is keyless signature infrastructure, known as KSI. KSI is a disruptive new technology standard that can effectively address some of the issues insurers face in the rapidly emerging cyber liability domain. It can enable mutual auditability of information systems to allow stakeholders to know the cause of a breach, mitigate the risk of breach escalation in real time and provide indemnification against subrogation and other legal claims.

The concept of a digital signature for electronic data is very straightforward: a cryptographic algorithm is run on the data, generating a “fingerprint of the data”; a tag or keyless signature for the data that can then be used at a later date to make certain assertions, such as signing time, signing entity (identity) and data integrity. KSI offers the first Internet-scale digital signature system for electronic data using only hash-function-based cryptography. The main innovations are:

  1. Adding the distributed delivery infrastructure designed for scale
  2. No longer requiring cryptographic keys for signature verification
  3. Being able to independently verify the properties of any data signed by the technology without trusting the service provider or enterprise that implements the technology

Other features include:

  • Unlike digital certificates, keyless signatures never expire; the historical provenance of the signed data is preserved for the lifetime of the data, and people are not required in the signing process.
  • Use of keyless signatures strengthens legal non-repudiation for data at rest.
  • There are no keys to be compromised or to revoke. This fundamentally changes the security paradigm. It is important to understand that if data integrity relies on secrets like keys or trusted personnel, when these trust anchors are exploited there becomes an unlimited liability for the data protected by those trust anchors. This occurs because there is no way to determine what has happened to the data signed by those private keys or maintained by those trusted personnel. Evidence can be eliminated; data changes can occur without oversight; and log/event files can be altered. The exploiters can provide the picture they want you to see. Keyless signatures remedy this problem.
  •  During a breach, active integrity can be provided with cyber alarms and correlated to other network events by auditors, network operations center and security operations center(s). Active Integrity means real-time, continuous monitoring and verification of data signed with keyless signatures. With active integrity, real-time understanding is achieved as to the coherence and reliability of technical security controls and whether the digital asset has integrity.
  • Underwriting cyber policies becomes much simpler and more efficient because there is transparent evidence certifying the integrity of the data, the technical security controls protecting the information and rules governing the transmission, modification, or state of the insured asset(s).

A “managed security service” resulting from the implementation of KSI marks a new era for insurers. As they seek organizational intelligence of digital assets to make real-time policy adjustments, they are also making concrete conclusions about the insured asset risks, threat, exposure and cyber landscapes affecting clients. Claims processing and disputes become simpler as the technology preserves the forensic traceability and historical provenance of the digital asset, enabling rapid determination of when and how a breach or manipulation occurred and who or what was involved. Hackers and malicious insiders cannot cover their tracks. Moreover, proving negligence is now possible. Negligent acts may be quickly detected and proven in the event the service provider does not comply with the contracts maintained in force with the enterprise.  

Most breaches today go unnoticed until long after they occur and the damage has been done. Active integrity involves continuous verification of the integrity of data in storage using keyless signatures. It is equivalent to having an alarm on your physical property and a motion detector on every asset that cannot be disabled by insiders.

Because of the volatile nature of electronic data, any hacker knows how to delete or manipulate logs to cover his tracks and attribute his activity to an innocent party, which is why attribution of crimes on the internet is so difficult. Integrity is the gaping security hole. A loss of integrity is what leads to data breaches, introduced by malware, viruses or malicious insiders.

Public key infrastructure (PKI) will never be the solution to integrity or usable for large-scale authentication of data at rest. The forensic evidence of keyless signatures makes legal indemnification issues easy to resolve, highlighting who, what, where and when a digital asset was touched, modified, created or transmitted. This places the onus on the “use” of data and not collection, providing auditability across service providers and the internet. Privacy is maintained, but there is also transparency and accountability for how data is used. Every action can be traced back to the original source that is legally responsible. This simplifies service-level agreements, pinpoints liability in the event of accidental or malicious compromise, and indemnifies independent data providers from legal claims.

This article is an excerpt from an EY report titled “Cyber Insurance, Security and Data Integrity; Part 1: Insights into cyber security and risk — 2014.” For the full report, click here