Special Needs Preparation: Seemingly endless lines revolve around grocery stores and gas stations in the days before a hurricane hits. Planning for storms should start in the weeks before a storm strikes for those who are unable to respond independently to emergency situations. Make sure to contact your physician if any prescriptions are running low before landfall. Those with serious impairments should contact their local Emergency Management center to make accommodations in the event that they are unable to return home after the storm passes.

Lee County Emergency Management: 239-533-0622

Collier County Emergency Management: 239-252-3600

Orange County Emergency Management: 407-599-3494

Sarasota County Emergency Management: 941-861-5000

Hillsborough County Emergency Management: 813-274-7700

Dade County Emergency Management: Dial 3-1-1 Outside of Dade dial: 1-888-311-DADE (3233)

Centers are open Monday thru Friday.

Pool Preparation: DO NOT DRAIN YOUR POOL! The excess groundwater after storms can actually lift your pool out of the ground. Keeping the water in it will weigh it down. Also, be sure to turn off your pool pump: If you are unsure of how to do this contact your pool cleaning service. Removing doors from screen enclosures can help move air through the structure with less resistance. If you think you are at risk of losing your enclosure, slashing X’s through your screens may save the structure itself. Insurance will not cover this loss but it is cheaper to rescreen an enclosure than to replace the whole structure. Any loose pool furniture that won’t be damaged by chlorine can be secured in the pool.

Boat Preparation: Boat owners need to have a personal plan in place regarding where and how they will provide shelter for their boat. If you are planning on keeping your boat tied up, make sure that your docks are in good shape. Double tie your lines with sufficient slack and be certain that your boat is secure. The last thing you want is to have to adjust it during a storm. Those pulling their boats out of the water need to make plans early. Dry docks and dry storage space will fill up quickly when a storm approaches. Make sure your boat is strapped and weighed down if storing it on land. Make sure your bilge pump is working and test it under load. For any more information contact your local U.S. Coast Guard.

Insurance Tips: Be sure to speak to an insurance agent before the storm. If you’ve made additions to your home, major purchases, or your property value has changed, make sure your coverage is adequate. Have that agent check flood insurance rate maps, if your home or businesses flood category changes it will affect your insurance needs. Keeping a file with your agents contact information, insurance policies and a catalog of the major items in your home is helpful after a storm. The easiest way to account for these items is to take a video of the home including valuables. After the storm be sure to document any damage and contact your agent. Use safe measures to protect your property from further damage and keep all damaged items in the home.

Applies to employers that sponsor one or more self-insured, HIPAA-covered group health plans—group health, dental, vision, pharmacy benefits, long-term care, health care reimbursement flexible spending accounts, or employee assistance programs.

 While HHS has issued no public report to date of an employer paying a civil monetary penalty or a monetary settlement, under the new rules, penalties are capped at $50,000 per violation and $1.5 million for identical violations during a single calendar year.

 The principal compliance obligations for employers include the following:

• Restricting access to protected health information (PHI) to employees who perform plan administration functions;

• Ensuring that these employees use and disclose PHI only as permitted under the HIPAA Privacy Rule;

• Implementing the physical, technical and administrative safeguards described in the HIPAA Security Rule for electronic PHI;

• Notifying plan participants when a security breach occurs;

o Under the revised standard, any unauthorized use or disclosure of unencrypted PHI triggers a security breach notification obligation unless the employer can prove “a low probability that the [PHI] has been compromised based on a risk assessment.”

o The referenced risk assessment must consider at least the following four factors: “(i) the nature and extent of the [PHI] involved, including the types of identifiers and the likelihood of re-identification; (ii) the unauthorized person who used the [PHI] or to whom the disclosure was made; (iii) whether the [PHI] was actually acquired or viewed; and (iv) the extent to which the risk to the [PHI] has been mitigated.”

o Impermissible uses and disclosures of PHI involving employee benefits information most commonly involve the following: (a) email attachments containing PHI that are sent to the wrong recipient; (b) email sent to the correct recipient but with an attachment containing PHI not intended for that recipient; (c) the loss or theft of a portable electronic storage device containing unencrypted PHI; (d) explanations of benefits (EOBs) sent to the wrong plan participant; (e) EOBs with PHI either printed on the envelope or viewable through a clear envelope window; and (f) benefits websites that because of a technical error permit viewing of one plan participant’s PHI by other plan participants.

o Accordingly, employers should encrypt email containing PHI, where feasible, because an impermissible disclosure of encrypted PHI does not trigger a notification obligation.

• Refraining from disclosing PHI to third-party service providers, known in HIPAA parlance as “business associates,” until the business associate signs a contract (or “business associate agreement”) To the extent any business associate agreement does not already contain these provisions; the agreement must be amended to include them when the agreement is next modified or by September 23, 2013.

o The business associate must limit its uses and disclosures of PHI to be consistent with the covered entity’s minimum necessary policies and procedures.

o The business associate must implement safeguards for electronic PHI in accordance with the HIPAA Security Rule.

o The business associate must notify the covered entity of a security breach.

o The business associate must enter into a similarly restrictive business associate agreement with any subcontractor to which the business associate discloses PHI.

o If the agreement delegates any of the covered entity’s HIPAA compliance obligations to the business associate, the business associate must fulfill those obligations to the same extent as the covered entity.

• Notifying employees of the plans’ privacy practices during the 2013 open enrollment season including:

o The notice must state that the covered health plans are required to obtain plan participants’ authorization to use or disclose psychotherapy notes, to use PHI for marketing purposes, to sell PHI, or to use or disclose PHI for any purpose not described in the notice as well as a statement explaining how plan participants may revoke an authorization.14

o The notices must state that the plans (other than a long-term care plan) are prohibited from using PHI that is genetic information for underwriting purposes.15

o The notice must inform plan participants of their right to receive a notice when there is a breach of their unsecured PHI.

• Establishing policies and procedures to administer the rights of plan participants under HIPAA; and

• Amending plan documents.In addition, the HIPAA Privacy Rule, incorporates GINA, which now prohibits employers’ HIPAA-covered group health plans from offering plan participants an incentive, such as a rebate or discount, to provide genetic information which HIPAA, like GINA, defines “genetic information” to include family medical history, when completing a health risk assessment.

Excerpts from Littler Mendelson and The Bureau of National Affairs, Inc.

To gain access to subsidies for lower paid employees, and to reduce overall costs, employers may be tempted to make their plans “unaffordable”. Employees offered coverage deemed unaffordable by the act, are eligible for subsidies. To be considered unaffordable, the coverage must have less than a 60% actuarial value or cost the employee more than 9.5% of household income. It’s nearly impossible to design a plan with less than 60% value due to upcoming deductible and out of pocket maximums. But, what if payroll deductions were raised substantially, to say, $350 per month? That would make families with up to $44,000 of income eligible for subsidies. That’s a start.

What about higher income employees? How could they be made whole? Could they get a raise equal to the deduction increase? Couldn’t that raise be converted into a pre-tax deduction under the cafeteria plan to avoid taxes? Wouldn’t that drive additional FICA savings? This strategy would require a well-executed employee education campaign to help low income employees determine if subsidized exchange coverage is right for them. Those remaining on the group plan would need to understand the mechanics of the program for them as well. Carriers would need to be consulted regarding minimum contribution and participation levels. Legal counsel should be consulted regarding how to identify and compensate those higher income employees not eligible for subsidies.

What about employers not currently offering minimum essential coverage now? They have several options. They could continue to not offer coverage and pay a $2,000 penalty for all but 30 full timers. This penalty could be untenable and would purchase no insurance at all. The low income employees could get subsidies in the exchange, but what becomes of the higher paid? They would face age banded rates in the exchange, which could be very high, and they would pay premiums with after tax dollars. A $16,000 annual family premium post-tax could cost $24,000 pre-tax! What would it cost to make these employees whole? How could you do it without generating even more taxes?

Alternatively, they could decide to offer minimum essential coverage to all, with high payroll deductions, in the hope that most couldn’t or wouldn’t actually elect coverage. Assuming the coverage was still affordable according to the act, the plan would generate no penalties. The higher paid would have access to pretax group coverage but lower paid would not be eligible for subsidies.

A more controversial approach involves offering “skinny” or “bare bones” plans. Lawmakers left vague the definition of “minimum essential health coverage”. It appears that large employers need only cover preventive services, without lifetime or annual limits, to avoid the $2,000 no coverage penalties, rather than the comprehensive “essential health benefits” required in insured plans for small businesses. (Confusing? Yes.) These skinny plans may not even cover hospital or surgical expenses, but could run only $50-100 per month and even suffice to avoid the individual mandate tax. The assumption is that some low income employee groups would elect these low cost plans, with little or no employer contribution, or opt for no coverage rather than go for penalty generating subsidies in the exchange. Employers could still offer comprehensive plans for salaried or otherwise higher income employees. Grandfathered “carve out” policies for salaried or management could remain as well.

Small employers have other concerns due to the Act’s modified rating. Small group rates (fewer than 50 employees in FL) will be greatly condensed. Current rates vary up to 600% by age and 25% by health. In 2014 the total spread can’t exceed 300%. Rates will go up for the young and healthy and down for the old and less healthy. So, young healthy groups will want to renew on 12/1/13 to extend their low rates through most of 2014. Then they may need to self-insure to avoid the higher rates. Older, less healthy groups may want to renew on 1/1/14 to access the new lower modified rates.

Rates for large employers will be going up an additional 4-5% in 2014 as well due to new fees for Obamacare imposed on their plans. However, those charges are being built in on a prorated basis in 2013 renewals, so no need to change renewal dates.

• When you leave your former employer, you lose their health coverage on your qualifying event date.
• Your former employer then has 14 days to provide you with a qualifying event notice, informing you of your right to purchase extended coverage under COBRA.
• You then have up to 60 days to elect coverage and an additional 45 day grace period to make your first payment. By then, your waiting period will be over. (Days without coverage during the waiting period do not count toward the 63 day portability limit under HIPAA.)
• If the COBRA premiums are less than the amount of claims you actually incurred during that time, you could still purchase the coverage retroactively! If not, then you just saved a lot of money!

The trick is to wait about 50-55 days to elect. Then if you or someone in your family needs the coverage, you can still buy it. If not, then don’t. And don’t feel bad about it; the COBRA law was designed to work this way.

Think back to the days before computers ruled the world. The days when internet wasn’t part of our daily lives and teenagers could survive without white ear buds lodged in their heads. At the turn of the century we saw businesses around the world shift from paper to paperless. Computers became an increasingly integral part of business operations for developed nations. Just before September 11th we were on the verge of a social media and networking revolution; the likes of which we had never witnessed before. Businesses can now access documents in a “cloud” and we can all do just about anything from our phones and tablets. Our world is constantly revolving around an axis of technology.

Along with all of these benefits comes a significant amount of risk. Take a step back and think about it. Any modern day company and its most valuable assets involve some form of network and data storage. Things like customer (or prospect) lists, employee information, books, e-mails, records, receipts, tax documents, intellectual property and trade secrets are all prime examples. Common businesses like law firms, health-care institutions, golf clubs and gyms all have this type of information on file. Anyone with employee, member or customer information being stored on a computer has significant cyber security risk. The burden of responsibility for the protection of this data has fallen on businesses. This burden comes in the form of legal fee’s, clean-up costs, lost business, damage to an organizations reputation, etc.

Due to the myriad of cyber risks that company’s face daily they are left searching for an answer. Standard Commercial General Liability and Directors & Officers Liability policies only cover “tangible” asset losses (not electronic data). Policies may provide some sort of coverage for employee or customer data loss; however, most have significant gaps in what is and isn’t covered after an attack. By then it’s already too late. Businesses are quickly finding out that cyber risk management programs and proper coverage are paramount in today’s world.

What these policies cover

These policies can cover anything from business interruption after an attack to the cost of responding to customers and insuring regulatory compliance in case of a breach. (It is a businesses duty to notify every person whose information may have been potentially compromised). In 2011 Sony had to contact over 77 million people. Additionally, the breach led to over 55 class action lawsuits. The potential cost of something like that is staggering, even for large well-managed companies.

General coverages

• Liability defense and settlement
• Breach and response (forensics costs from data breach)
• Business interruption
• Cyber extortion
• Regulatory response cost
• Theft (beyond cyber extortion)

General exclusions

• Theft of intellectual property (trade secrets)
• Terrorist attacks / State sponsored attacks

Types of businesses affected

Large internet based companies like LinkedIn, eHarmony, DropBox, Sony and Yahoo have already experienced large and costly data breaches just within the last two years. The number of personal records compromised is in the hundreds of millions. Breaches like these have led to multiple class action lawsuits and billions of dollars in damages. Financial Institutions have been targeted as well. PNC Bank, Wells Fargo, HSBC, Citibank and some other company’s were attacked repeatedly last year. These cases totaled two hundred and fifty five million dollars in fraudulent transfers and have ultimately resulted in eighty five million dollars in actual losses. These high-profile and high-risk companies obviously have more exposure than small to medium size businesses; but that doesn’t mean they aren’t targets too.

According to statistics developed by Symantec, small and medium size businesses comprised seventy three percent of all cyber crime victims in 2010. The reason for this is that smaller firms rely on standard protections like firewalls and antivirus software as opposed to the cutting-edge controls that many large companies use. When you’re a smaller company you become more focused on business operations than IT efficiencies.

Last May, Lifestyle Forms & Displays Inc. a small company based in Brooklyn, N.Y. with about 100 employees was hit for one point two million dollars. Cyber criminals hacked into their bank accounts and wired the money through nine transactions to three major U.S. banks. The attack only took three hours. This wasn’t an isolated incident. The average cost of a breach for small to medium sized businesses is estimated to be over one hundred thousand dollars. For companies of this size a loss like that could mean bankruptcy. It’s becoming clear that businesses of all sizes need cyber-risk management plans in place. So why is it that only thirty five percent of companies invest in cyber liability insurance?

First, many business owners don’t know it exists. Even if they do they don’t think an attack will happen to them, or they don’t fully understand the economic impacts a potential breach would have. Second, the high cost of policy premiums is prohibitive. Premiums for cyber-liability insurance are based on your industry. The higher the company’s risk is, the higher their premiums are. Online e-commerce companies, medical-related institutions and governments are among the highest risk categories. The size of the business, number of customers, type of data and other factors will also affect the cost of the premium. Just because you are a high risk company doesn’t mean you are locked in to high premiums. Luckily, there is substantial room for risk management within the realm of cyber risk. The toughest part is finding someone knowledgeable.

Risk management opportunities

Understanding the methods that cyber-criminals utilize is nearly impossible. It involves a complex mix of coding and other forms of internet deception. SQL injection attacks, Cross-site request forgery (XSRF) attacks and Cross-site Script Inclusion (XSSI) attacks are among some of the most common. To the majority of people reading his article, that last sentence makes absolutely no sense. To someone experienced in scripting and coding it is part of everyday conversation. The point is: It doesn’t matter how people hack into your computers. What matters is that it happens and that there are ways of reducing the frequency and severity of these attacks.

The most important technique for reducing your cyber risk is to reinforce your company security practices. For businesses, doing this before you apply coverage is essential. It’s a win-win situation. It decreases the cost of premiums while simultaneously decreasing the overall risk of breaches for your company.

The easiest place to start is with strong password protection. Breaches of online based companies like LinkedIn can be positively correlated with weak passwords. In an office environment encryption and/or changing passwords regularly is important, especially when an employee permanently takes leave. Conducting regular risk assessments to reveal hardware, software and individual system vulnerabilities along with creating written IT security guidelines are all common practice. Leveraging firewalls, virtual private networks and anti-virus/spam software are seen more within higher risk companies. Proactively managing these policies is crucial since hackers’ techniques are constantly evolving. Having these measures in place doesn’t mean you can’t be attacked but; it will reduce your cyber exposure and the costs associated with a breach.

• Test your smoke alarms – Push the “test” button, which activates the alarm until the button is released.
• Review your fire evacuation plan – Make sure to include at least two escape routes.
• Put together a “grab bag” – Fill with items you will need in the event of an evacuation
• Check the status of your fire extinguishers – Learn how to properly use and maintain your extinguishers

Originally published by Agility Recovery.  If you have additional questions or would like to talk with a recovery professional about your business continuity needs visit www.agilityrecovery.com or contact a Lykes Insurance Risk Consultant.

1. You woke up early, played all day until your mom called you for dinner? You felt great, right?
2. You had passion for your life? You woke up excited to start the day and make a difference in your life and the lives of others? You felt great, right?
3. You had time for friends and family fun? You felt great, right?
4. You ate real food, and not processed junk? You felt great, right?

Is it possible to get all those things back? You bet it is!!

The bulk of the issues causing Americans today to be exhausted, no energy, and just plain miserable is SAD. Yep, it’s SAD. The Standard American Diet (SAD). The Standard American Diet consists of highly processed, fake food. The consistent consumption of this diet leads to cravings, depression, weight gain, moodiness, autoimmune disease, heart disease, diabetes, arthritis…..

How many trips to the doctor have you made for just weird symptoms? How much money have you spent on doctors and drugs to reduce your symptoms? Do you feel better? My guess would be, not really. Drugs will give you some relief but at what costs to your life?

The human body is a miraculous machine. A huge super computer, if you will. I remember when computers were coming into the workplace and one of the then technical people would always say to me….”Garbage In, Garbage Out”.

Do you have to make huge changes to see results? To feel better? To wake up feeling like you have a life to live? To reduce medical symptoms? Absolutely not!! Small changes are the way to go!

Here are just a few things you can do to start that computer we know as the human body to function in the way it was designed.

1. Crowd out processed foods. Start with adding fruits and vegetables as snacks rather than donuts, coffee, candy.
2. Drink WATER. Most people today are dehydrated. Cut down on soft drinks and caffeine.
3. Stop running through the drive-thru’s and eating in the car. Sit, be still, eat with purpose and enjoy your food.
4. Take a walk. Take your dog, your spouse, your kids, a neighbor, anyone for a brief 10-15 minute walk outside. The fresh air will fill your body and you will feel better. I bet you will find yourself taking longer walks within weeks!
5. Take time to unwind. Whatever that means for you. Listen to music, read a book or magazine, spend time reading a book to the kids. Turn the TV off and enjoy the quiet.
6. Make a commitment to yourself to sleep more. Go to bed a few minutes earlier each night. Americans today are sleep deprived and don’t even realize it!
Bottom Line: Americans are malnourished due to the SAD diet. Take control of your life again. Make a commitment to start small changes that will add up to HUGE results. Aren’t you worth it?

The summary must be posted from February 1 to April 30 for the year following the year covered by the records.  So you must post your 2012 summary by February 1 this year.  In addition, you must make sure that the posted summary isn’t altered, defaced, or covered by other material during the required posting time.

OSHA is very specific about its posting requirements.  You have to post the annual summary even if you didn’t have any recordable cases for the year, and while you may keep the summary in an electronic format, you must post actual paper copies of the summary.

Employers need to take the following four steps to prepare the annual summary:

1. Review the OSHA 300 Log to verify that it is complete and accurate (and correct any mistakes);
2. Create the annual summary of injuries and illnesses recorded on the OSHA 300 Log; 
3.  Have a company executive certify the summary; and
4. Post the annual summary.

If you have questions about OSHA’s injury and illness recordkeeping regulations, contact Roger Snyder at rsnyder@lykesinsurance.com.

According to OSHA, some safety incentive programs may also discourage employee reporting. Basically, the Agency believes that directly rewarding employees for having no injuries or illnesses leads to the underreporting of injuries.

OSHA made its policy clear in a March 12, 2012, Memorandum, telling field officers to look for programs that:

• Offer a reward that is “substantial enough to cause a reasonable person not to report”;
• Penalize an entire group for one workers’ injury; and
• Tie supervisor or manager bonuses to injury and illness rates.

As the year comes to a close, it’s a good time to examine your disciplinary policies, incentive programs, and recordkeeping procedures to be sure that they don’t blur the lines between reporting and rewards. It’s also a good time to explore ways to reward proactive safety activities such as being part of the Safety Committee, attending training events, and submitting safety suggestions.