Cover Story

The New Frontier of Care

Our Teddy Award winners in 2013 raised the bar yet again.
By: | November 1, 2013 • 10 min read

After nearly two decades of presenting the Theodore Roosevelt Workers’ Compensation and Disability Management Award, you might think the process of judging the awards would be more or less rote. In fact, the opposite is true. It has never been a more exciting time to witness the transformation of the industry, and to bear witness to how far employers have come, not just in their programs, but also in the way they think about injury prevention and management, and the value of a safe and healthy workforce.

A difficult economic climate has driven employers to double-down on their efforts to prevent incidents and injuries, and to be ever more creative in their efforts to rein in workers’ compensation and disability costs. If necessity is the mother of all invention, then workers’ compensation risk management is as inventive a field as you’ll ever encounter.

“Managing a successful workers’ comp program requires constant creativity to keep the bar moving in the right direction,” said Yolanda Romero, director of workers’ compensation for the Southeastern Pennsylvania Transportation Authority (SEPTA). “We often come up with what we believe is a great solution, however, eventually the program plateaus and new tweaks are needed to keep the momentum going.” Romero, who served as a Teddy Award judge for a decade after SEPTA won a Teddy Award in 2003, appreciates the accomplishments of this year’s finalists and winners, and knows what they’re up against. “The key is to keep the creative juices flowing constantly,” she said.

Advertisement




There isn’t enough time — or pages — to give you every detail of this year’s exceptional Teddy Award applicants, finalists and winners. So in the spirit of Fantasy Football, Risk & Insurance® has drawn together a “dream team” of injury prevention, workers’ compensation and disability management programs, to highlight the areas where these programs shine brightest.

A Golden Ounce of Prevention

The only good injury is the one that never happens — no one would argue the point. Zero workplace incidents or injuries remains the holy grail for many employers. But for most, that is a perpetually elusive goal. Over time, safety professionals and risk managers began to see that it wasn’t enough to give employees safety gear and train them to work safely. It wasn’t enough to conduct accident investigations or job hazard assessments. They needed to reach further.

That need has led employers into territories that were once considered fringe, including ergonomics, which was widely perceived as “new age voodoo” only two or three decades ago. Thankfully, that has changed. Boston-based Teddy Award winner Partners HealthCare is one of many organizations that now has a comprehensive ergonomics program with dedicated staff to conduct evaluations and address issues. Partners’ ergonomics staff responded to more than 900 service requests in 2012.

R11-13p24-27_01teddy2.indd“Managing a successful workers’ comp program requires constant creativity to keep the bar moving in the right direction.”
— Yolanda Romero, director of workers’ compensation for the Southeastern Pennsylvania Transportation Authority

PHC also obtained a National Institute for Occupational Safety and Health grant to fund its “Be Well, Work Well” project in collaboration with the Harvard School of Public Health: Center for Work, Health and Well-Being. The project’s aim is to assess and address the work environment as well as personal factors associated with increased risk for musculoskeletal disorders, and to promote ergonomic principles through small group and one-on-one training.

Stretching and core strengthening programs are now earning respect, when they were once thought of as a little over-the-top. But over time, participating companies began to see results in reduced injury frequency. Then others started taking a more serious look.

Arizona Public Service, the largest affiliate of Teddy Award finalist Pinnacle West Capital Corp., launched a pilot stretching and core conditioning program in 2011. The program gives employees the skills they need to improve balance and coordination in order to reduce injuries. The program also puts a focus on mental awareness and attention control — key factors in incident prevention. The program has resulted in a noticeable drop in strain and sprain injuries for the Phoenix-based energy holding company.

Worcester, Pa. civil construction company American Infrastructure has a stretching program that’s companywide. AI’s philosophy is that all employees are industrial athletes. That’s why everyone — from workers on job sites to office staff — participates in a morning stretching program. According to AI, the program serves a dual purpose. The stretching helps prime employees to be physically ready for the tasks ahead. It also helps prime them mentally, getting them thinking about working and moving safely right off the bat.

Another type of initiative that’s gaining traction in recent years is wellness programs. Once thought of as a “nice to have” that was more the purview of HR, wellness programs were perceived strictly as a means to reduce health care costs. Today, executives are catching on to the fact that healthier employees are not only less likely to get hurt, they also bounce back faster if an injury does occur, and have fewer complications related to comorbidities such as diabetes, obesity or heart disease.

That said, companies actively connecting the dots between wellness and injury outcomes are still somewhat few and far between. That’s another reason Pinnacle West earned the attention of the Teddy Award judges.

Pinnacle West has taken an active approach to employee health and wellness, launching its internally branded “Health Matters” program. The Health Matters program includes free screenings and assessments for employees, helps them assess their risk for disease and helps them develop personal wellness goals and plans. Employees are invited to utilize online weight loss coaching, smoking cessation programs, discounts on gym memberships, a vast library of healthy recipes and more.

Pinnacle West also recognizes that it’s not enough to tack a flyer about available wellness programs on the company bulletin board. That’s why the company is actively tracking employee participation in its programs, setting annual target goals for participation in each stage of the program and devoting resources to getting the Health Matters message out.

Advertisement




American Infrastructure’s wellness efforts are every bit as laudable. “Our focus,” the company wrote in its application, “has become not only to be America’s safest construction company, but America’s healthiest construction company as well.” Their commitment is clear. The company offers biometric testing for blood pressure, heart rate, cholesterol levels, blood sugar and more, and urges all employees to “know your numbers.” Employees can take their numbers and sit down with health coaches to develop action plans for improving their health. Among other initiatives, AI’s programs include a stepping program that helps employees track their steps throughout the day. Stepping challenges with prizes attached help keep people motivated. The company has also had great success with weight loss challenges.

“We’ve always been a company that goes beyond compliance. We wanted to take our safety culture to the next level,” said Bryan Schwartz, AI’s risk manager.

Working Toward Recovery

Incredible strides have been made in the area of return-to-work. Armed with a better grasp of the effect of lost time on both injury durations and the company’s bottom line, employers are more committed to keeping injured workers on the job and productive.

“Our focus has become not only to be America’s safest construction company, but America’s healthiest construction company as well.”
— American Infrastructure

Progressive companies are breaking free of the old mind-set of creating rigid transitional duty positions to accommodate work restrictions, and trying to fit all injured employees into those frameworks. Instead, they’ve shifted focus to the employee rather than the position, and on building customized transitional work around the injured employee’s capabilities.

Teddy Award winner PetSmart’s approach to return-to-work sets the right tone. All transitional duty jobs at PetSmart can be combined or modified to meet the needs of the associate’s restrictions. That focus helps guide managers to keep an open mind about transitional duties, and to look closely at what the injured employee is capable of doing. Injured employees at PetSmart are able to perform any number of essential store functions, from taking grooming appointments to helping with animal adoptions through in-store affiliate PetSmart Charities.

Teddy Award finalist Eisenhower Medical Center in Rancho Mirage, Calif., has taken a comprehensive approach. Three years ago, the organization took on the arduous task of assessing and cataloguing every job description, every essential and nonessential function of each position, and the skills or capabilities needed to perform each one of those functions. Initially, this database has been used to help identify the tasks most likely to cause injury. It is also used to guide treatment to help an employee resume the essential functions of his or her job faster. But during the recovery process, the database provides an invaluable, detailed body of information that helps the risk management and medical staff efficiently customize transitional positions based upon an injured employee’s specific abilities, and make adjustments smoothly as recovery progresses.

Solutions Large and Small

At Partners HealthCare, the best care for an injured employee is easy to find. The health system maintains eight Occupational Health Service clinics, staffed by occupational health nurse practitioners (OHNPs) experienced in evaluating and treating injured employees. OHNPs are the key point of contact for each case, coordinating treatment protocols, incident investigations and return-to-work plans. Dedicated claims specialists support the OHNPs. In turn, administrative assistants support the claims specialists — ensuring that they don’t become mired in paperwork and can focus on the needs of each injured employee. The OHS clinics are overseen by four medical directors — each one a board-certified and experienced specialist in occupational and environmental medicine.

Such a solution is unquestionably state-of-the-art. But the fact is that most employers outside the health care field don’t have the resources to follow that model. Nevertheless, plenty of employers are pulling out all the stops to get their people the care they need. Teddy Award-winning Miami-Dade County Public Schools, for example, uses a 24/7 call center for receiving notice of injuries. Injured workers are immediately directed to the best nearby specialty physician using a geo-access tool that identifies the providers nearest the injured worker’s location.

Advertisement




Other employers are finding ways to maximize the resources they do have. And sometimes, the simplest and smallest of changes are the ones that will make the biggest impact. Phoenix-based PetSmart’s tetanus program is a perfect example. Because of the nature of its operations, PetSmart employees face significant risk exposure from animal bites. That means that an injured employee might need a tetanus shot in addition to treatment of the wound. As such, every bite, no matter how minor, required an office visit to ensure that the employee’s tetanus status was up-to-date.

But all of that changed when PetSmart began tracking the status of employees’ tetanus shots. With stores armed with that small, but vital piece of information, employees with minor injuries could be treated with standard first aid and sent back to work, with no need for a provider visit. This one small inexpensive change has made a tremendous impact on the company’s bottom line.

At American Infrastructure, one small change that has had a huge impact was a simple color change. As with other companies across a variety of industries, AI’s new employees faced a higher risk of injury than their more experienced counterparts. AI reasoned that ideally, everyone should be looking out for the well-being of new hires, not just their immediate supervisors. But it’s easy to lose track of who’s who on a busy job site. That’s why the company opted to purchase bright green hard hats for new recruits. That way everyone remains constantly aware of the location of employees who might need help, some extra guidance or a safety reminder.

Promising Teddy Award applicant Kimco Staffing of Irvine, Calif., faced a massive obstacle with workers seeking treatment outside of the company’s medical provider networks (MPNs) and receiving excessive and unnecessary treatments. Workers’ comp judges widely disregarded the company’s attempts to enforce its MPN rules if an injured worker claimed to be unaware of the requirement. Kimco took the solid first steps of providing the MPN requirements to each employee, at the time of hire and at the onset of each claim — and requiring employees to acknowledge it in writing. But then the company went one step further, heading off any doubts by taking a picture of each employee holding the signed document. Courts are now more inclined to honor Kimco’s MPN policy, and to release Kimco from the burden of paying for unauthorized treatment.

In addition, companies such as American Infrastructure and PetSmart are also leveraging the power of newer technologies, using iPads for everything from safety module training to capturing pictures of hazards instantly to distributing critical incident metrics to regional and district managers in the field.

Risk & Insurance® congratulates this year’s Teddy Award winners and finalists on their exceptional efforts to create safer workplaces and provide the best possible care for their injured team members.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

Risk Report: Entertainment

On With the Show

Entertainment companies are attractive and vulnerable targets for cyber criminals.
By: | December 14, 2017 • 7 min read

Recent hacks on the likes of Sony, HBO and Netflix highlight the vulnerability entertainment companies have to cyber attack. The threat can take many forms, from the destruction or early release of stolen content to the sabotage of broadcast, production or streaming feeds.

Brian Taliaferro, entertainment and hospitality specialist, JLT Specialty USA

“Cyber attacks are becoming the biggest emerging threat for entertainment companies, bringing risk to reputations, bottom lines and the product itself,” said Brian Taliaferro, entertainment and hospitality specialist, JLT Specialty USA.

For most entertainment firms, intellectual property (IP) is the crown jewel that must be protected at all costs, though risk profiles vary by sub-sector. Maintaining an uninterrupted service may be the biggest single concern for live broadcasters and online streaming providers, for example.

In the case of Sony, North Korea was allegedly behind the leak of stolen private information in 2014 in response to a film casting leader Kim Jong Un in what it considered an unfavorable light.

This year, Netflix and HBO both faced pre-broadcast leaks of popular TV series, and Netflix last year also had its systems interrupted by a hack.

Advertisement




Online video game platforms are also ripe for attack, with Steam admitting that 77,000 of its gamer accounts are hacked every month.

The list goes on and will only get more extensive over time.

Regardless of the platform, any cyber attack that prevents companies from producing or distributing content as planned can have huge financial implications, particularly when it comes to major releases and marquee content, which can make or break a financial year.

“People and culture are the biggest challenges but also the keys to success.” — David Legassick, head of life science, technology and cyber, CNA Hardy

The bottom line, said David Legassick, head of life science, technology and cyber, CNA Hardy, is that these firms have a combination of both assets and business models that are inherently open to attack.

“Vulnerabilities exist at every point in the supply chain because it’s all tech-dependent,” he said, adding that projects often run on public schedules, allowing criminals to time their attacks to maximize impact.

“The combination of IP, revenue and reputation risk make entertainment a hot sector for cyber criminals.”

Touch Point Vulnerabilities

Film, TV, literary and music projects invariably involve numerous collaborators and third-party vendors at every stage, from development to distribution. This creates multiple touchpoints through which hackers could gain access to materials or systems.

According to Kyle Bryant, regional cyber manager, Europe, for Chubb, there is nothing unique about the type of attack media companies suffer — usually non-targeted ransomware attacks with a demand built in.

“However, once inside, the hackers often have a goldmine to exploit,” he said.

He added targeted attacks can be more damaging, however. Some sophisticated types of ransomware attack, for example, are tailored to detect certain file types to extract or destroy.

“NotPetya was designed to be non-recoverable. For a media company, it could be critical if intellectual property is destroyed.”

Advertisement




As entertainment companies have large consumer bases, they are also attractive targets for ideological attackers wishing to spread messages by hijacking websites and other media, he added.

They also have vast quantities of personal information on cast and crew, including celebrities, which may also have monetary value for hackers.

“It is essential to identify the most critical information assets and then put a value on them. After that, it is all about putting protection in place that matches the level of concern,” Bryant advised.

As with any cyber risk, humans are almost always the biggest point of vulnerability, so training staff to identify risks such as suspicious messages and phishing scams, as well as security and crisis response protocols, is essential. Sources also agree it is vital for entertainment companies to give responsibility for cyber security to a C-suite executive.

“People and culture are the biggest challenges but also the keys to success,” said Legassick.

“Managing the cyber threat is not a job that can just be left to the IT team. It must come from the top and pervade every aspect of how a company works.”

David Legassick, head of life science, technology and cyber, CNA Hardy

Joe DePaul, head of cyber, North America, Willis Towers Watson, suggested entertainment companies adopt a “holistic, integrated approach to cyber risk management,” which includes clearly defining processes and conducting background checks on the cyber security of any third party that touches the IP.

This includes establishing that the third parties understand the importance of the media they are handling and have appropriate physical and non-physical security at least equal to the IP owner in place. These requirements should also be written into contracts with vendors, he added.

“The touchpoints in creating content used to be much more open and collaborative, but following the events of the last few years, entertainment firms have rapidly introduced cyber and physical security to create a more secure environment,” said Ryan Griffin, cyber specialist, JLT Specialty USA.

“These companies are dealing with all the issues large data aggregators have dealt with for years. Some use secure third-party vendors, while others build their own infrastructure. Those who do business securely and avoid leaks can gain an advantage over their competitors.”

Quantification Elusive

If IP is leaked or destroyed, there is little that can be done to reverse the damage. Insurance can cushion the financial blow, though full recovery is very difficult to achieve in the entertainment space, as quantifying the financial impact is so speculative.

As Bill Boeck, insurance and claims counsel, Lockton, pointed out, there are only “a handful of underwriters in the world that would even consider writing this risk,” and sources agreed that even entertainment firms themselves struggle to put a monetary value on this type of exposure.

“The actual value of the IP taken isn’t generally going to be covered unless you have negotiated a bespoke policy,” said Boeck.

“If you’re in season five of a series with a track record and associated income stream, that is much easier, but putting a value on a new script, series or novel is difficult.”

Companies for whom live feeds or streaming are the primary source of revenue may find it easier to recoup losses. Determining the cost of a hack of that sort of service is a more easily quantifiable business interruption loss based on minutes, hours, ad dollars and subscription fees.

Advertisement




Brokers and insurers agree that while the cyber insurance market has not to date developed specific entertainment products, underwriters are open for negotiation when it comes to covering IP. The ball is therefore in the insured’s court to bring the most accurate projections to the table.

“Clients can get out of the insurance market what they bring to the equation. If you identify your concerns and what you want to get from insurance, the market will respond,” said Bryant.And according to Griffin, entertainment companies are working with their brokers to improve forecasts for the impact of interruptions and IP hacks and to proactively agree to terms with underwriters in advance.

However, Legassick noted that many entertainment firms still add cyber extensions to their standard property policies to cover non-physical damage business interruption, and many may not have the extent of coverage they need.

Crisis Response

Having a well-planned and practiced crisis response plan is critical to minimizing financial and reputational costs. This should involve the input of experienced, specialist third parties, as well as numerous internal departments.

Ryan Griffin, cyber specialist, JLT Specialty USA

“The more business operation leaders can get involved the better,” said Griffin.

Given the entertainment industry’s highly public nature, “it is critically important that the victim of a hack brings in a PR firm to communicate statements both outside and within the organization,” said Boeck, while DePaul added that given that most cyber attacks are not detected for 200-plus days, bringing in a forensic investigator to determine what happened is also essential.

Indeed, said Griffin, knowing who perpetrated the attack could help bring the event to a swifter and cheaper conclusion.

“Is it a nation state upset about the way it’s been portrayed or criminals after a quick buck? Understanding your enemy’s motivation is important in mitigating the damage.”

Some hackers, he noted, have in the past lived up to their word and released encryption keys to unlock stolen data if ransoms are paid. Inevitably, entertainment firms won’t always get so lucky.

Given the potentially catastrophic stakes, it is little surprise these firms are now waking up to the need for robust crisis plans and Fort Knox-level security for valuable projects going forward. &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]