Public entity risk pools are wholly adept at managing risk. With more than 90,000 public entities in the United States, the Association of Governmental Risk Pools (AGRiP) estimates that at least 80% of them participate in one or more pools.

By pooling their risk—and accountability—these not-for-profit organizations can economically provide risk management and loss control, underwriting, claims management and a comprehensive package of insurance coverages that typically include property, casualty and workers’ compensation. This effort supports a pool’s number one priority: the co-owners of the pool—its members. These members hail from local and state municipalities, including entire fleets of first responders (fire and police), public utilities, school districts, government-run hospitals, public libraries, community colleges, support staff and more. Accordingly, the typical pool must ensure its technology systems can reliably support the needs of its members.

This means ensuring uptime is paramount. During COVID, pools, like most private or corporate sector organizations, were forced to make adjustments in how they worked, many prioritizing their IT wish list to maintain operational performance and resiliency. However, unlike most organizations, pools are restrained by outdated legacy systems and a limited, fixed budget, and as a result, that wish list remains a wish instead of a reality.

Undoubtedly, budget concerns are one of many issues facing pools: Often, these organizations don’t have a large IT staff, so they’re forced to maintain operations “the way it’s always been done,” cobbling along in the hopes that the risks it faces will be minimal. In actuality, the risks facing these organizations are at an all-time maximum.

This conundrum is complicated by the fact that most pools rely on antiquated databases and Microsoft Office products for the bulk of their day-to-day operations. At a minimum, this reliance opens the door to Outlook phishing, making the pool more vulnerable to cyber criminals.  Many may use Excel or other inexpensive spreadsheet programs that make it difficult to access data and almost impossible to regroup on errors. Imagine the time required to backtrack, inspect various versions of the spreadsheet’s values, calculations, source data and file history to correct the error, wreaking havoc on routine financial or regulatory reporting. Some pools use insurance core system software that, with the exception of claims, includes workflows that don’t necessarily match with the pool’s own protocols.

If all this doesn’t spur you to think differently about how technology is managed, consider the largest, most recent risk impacting pools: ransomware. Public entities are one of the most targeted sectors, yet often have the least resources and capabilities to prepare for and respond to ransomware attacks. Consider that 2,400 U.S.-based governments, health-care facilities, and schools were victims of ransomware in 2020, notes Council on Foreign Relations blogger Michael Garcia. In 2020, cyberattacks cost government organizations in the United States approximately $18.88 billion in downtime and recovery costs, according to a report from consumer tech information company Comparitech. Local governments continue to experience the greatest number of ransomware attacks according to security company Blackfog.

Yes, ransomware is a network issue, and with ever-evolving ransomware keys and infiltration methods, there’s no way to prevent an attack with 100% certainty.  But the rise in cybercrime is spurring pools across the country to wake up to the fact that it’s the pool’s technology foundation that enables them to best respond to their individual public entity members, which makes that foundation a critical asset--and more valuable than ever. Without a unifying approach to IT management that includes modernization, pools will continue to struggle to operate efficiently, much less deter, disrupt, prepare for and respond to ransomware events.

Now let’s revisit the statement about pools and their fixed budgets. As they work with members on their annual loss control programs, they ask: What is the cost of not modernizing systems that are used to make city payroll, keep utilities up and running, communicate with first responders and even save lives?  If nothing else, the latest wave of ransomware is a learning moment for pools that have been trying to define a path to digital maturity.

That path, which can be undertaken by pools of all sizes, begins by conducting a basic technology assessment, which can be used to identify both known and unknown risks, issues that affect data access, workflow, operational performance and resiliency, network and systems’ vulnerabilities, mobility, and, of course, security.

The good news is that pools that have undertaken tech assessments are finding that their legacy systems can stay put—there are inexpensive ways to modernize and drive immediate front-end results without an overwhelming rip/replace approach. There are solutions available that can help them take a stepped approach to evaluating protocols, optimizing processes, enhancing workflows and improving services for its members.

Let’s face it: whether in it for a profit or not, pools want to reduce operational costs, increase policyholder/member satisfaction, offer systems that are attractive to younger IT workers, and form a solid and secure foundation for the future.

Recent events tell us that it’s no longer an option to “just get by” or “wait and see.”  The choice pools face today is a calculated one, and it’s important to recognize that their goal—to attain effective integrated risk management--is only as powerful as the technology foundation that supports it. It just takes that first step.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

Now that more companies are relying on digital platforms, cybersecurity teams are not just an asset—they’re a necessity. PRIME’s Cybersecurity Supervisor Ed Penn emphasizes that these teams are essential in risk management, now that numerous cyber attackers are striking left and right. Without proper cybersecurity professionals and systems in place, attackers can launch multiple threats and infiltrate organizations. Even the biggest companies in the world are vulnerable to these attacks, as illustrated by the following two incidents:

US, UK, Australia Cryptojacking

In early 2018, various government websites from the US, Australia, and the UK were subject to an attack involving cryptojacking malware. Security researcher Scott Helme blew the whistle on the attack, and discovered that it was executed through a third-party plugin called Browsealoud. The plugin was designed to help those visually impaired browse websites. But due to the incident, all the websites that used the plugin were immediately compromised. Helme pointed out that cyber attackers often target websites that others rely on. In order to avoid this the government should have done greater testing to ensure their plug-in was completely secure. In order to make technology more accessible to users, governments and companies must be careful they don’t make it more accessible to hackers.

Google Plus Forced Shutdown

Google – being the tech giant that it is – has been the subject of various significant attacks in recent years. In May 2017, an email phishing scheme nearly exposed sensitive data from millions of users. A year later, Google’s own self-regulating mechanisms allowed them to spot a bug in the developer API of Google Plus, which could potentially expose sensitive data belonging to its more than 50 million users. TechCrunch's report on the incident reveals that there is currently no evidence that a third party has taken advantage of the data exposure. However, Google has responded to these incidents by expediting the shutdown of their Google Plus APIs rather than potentially exposing users to any risk. This pre-emptive measure may cause Google time and money, but it’s necessary to protect their users.

The Future of the Industry

Given the inadmissible growth of cybercrime in recent years, one very fine silver lining is that this directly translates to a higher demand for cybersecurity experts who specialize in pre-emptive measures. To fill in the gaps, plenty of institutions are establishing cybersecurity programs that provide aspiring cybersecurity professionals with an effective digital training ground. In particular, post-secondary institutions have been doubling down on cybersecurity degrees. The University of Hawaii unveiled new cybersecurity internships, while Benedict College and LaGuardia Community College extended their current cybersecurity programs to include postgraduate options. Meanwhile, Maryville University’s online master's in cybersecurity is not only taught 100% remotely, it teaches post-grad students how to build defensive and preventive strategies. Aspiring cybersecurity professionals are also trained in a Virtual Lab giving them vital real world experience in a safe environment. Together these universities are ensuring that more companies and governments are better able to protect themselves.

Since top cybersecurity specialists can be difficult to find, the Wall Street Journal points out that the median salary of corporate cybersecurity chiefs has risen to $509,000 this year. Omar Khawaja, a CISO himself, stated that numerous high-profile ransomware attacks have pushed big companies to invest more in their cybersecurity teams.

As cyber attacks sweep over hospitals, governments, and big companies, competent cybersecurity experts with the necessary experience are more important than ever. Organizations and cybersecurity experts have to work closely to take on pre-emptive measures based not just on estimates, but also on the massive amount of breach-related data available to companies today.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

This blog is a continuation of Factors That Can Provoke Media Scrutiny of Public Safety Agencies (Part 1)

Mixed Messages

Open communication within your entity is also very important. If the public safety agency does not respond to questions raised by the media, reporters will often reach out to the mayor or the city council to seek more information and opinions. There have been several occasions where the mayor or other town representatives answered requests by the media even though they had not been advised of the details surrounding an incident. While well-intentioned, such comments can backfire, undercutting the decisions of the fire chief or police chief. It always works out better if elected officials have more knowledge of the incident, so it is good to keep them advised. In addition, political town members should be coached not to give statements until they have the necessary information.

Failure to Engage

When the media shows up, it can become a problem if there is no one to respond to their questions or if their questions are ignored. It may be too early in the investigation process to be able to provide all the findings to the media but giving them some basic information prevents them from claiming information is being withheld. When the media insinuates information is being hidden, it can begin to hurt an agency’s reputation. Plaintiff’s attorneys will often jump on the same bandwagon, repeating in interviews that your agency is being uncooperative. It is extremely important not to shut your door on the media when they show up.

Anticipating Media Scrutiny

So how do you know which events will set off the media alarm bells? After being involved in an incident, ask yourself the following question : Is my perception and analysis of the incident the only way to think about what happened? If I’m playing devil’s advocate, could I see the event in a different light?

As you know, you can rarely be certain that reporters and social media users will have the same analysis as you do. Opinions are often formed before all the details are learned about the incident; sometimes, one aspect of the incident generates a powerful emotional response. In shooting incidents, for example, the race of person who was shot or the number of shots fired can be enough to grab the media’s attention. It is important to closely analyze all aspects of the incident and be ready to properly respond when the media shows up. Be on the lookout for unclear fact circumstances, tragic events sustained by the involved parties or their family or friends, and negative opinions regarding the entity’s security.

The Importance of Training

Successfully navigating media scrutiny of public safety agencies requires training your personnel before the microphones and cameras come out. This training can help your agency become aware of how fast the media will get involved in an incident—even those you wouldn’t consider “critical incidents.”

Prior to setting up the training, do some research to identify lessons learned the hard way by other municipalities. Many times, an incident will not appear to be too serious at first, but a seemingly minor aspect can unexpectedly raise the publicity to a negative high level. Review newspaper articles on the internet regarding similar events that you could be exposed to. But don’t stop with just the reported information—look at the reader comments, too. They provide immediate insight into how citizens view incidents and the fallout public safety agencies can face if they’re not prepared. This has a cumulative effect—an agency with a poor reputation will almost certainly face more media scrutiny.

In addition to your internet search, it can also be helpful to talk with your insurance carrier. They may have already been involved in cases that generated unexpected publicity.

Start Today

Responding to media scrutiny of public safety agencies is a multifaceted process. It involves training staff to recognize which events may spiral out of control, ensuring open lines of communication across the municipality and to reporters, and being prepared with appropriate messaging to counter attacks on your agency’s policies or personnel actions.

But it starts with building relationships and in turn, enhancing your agency’s reputation. Many departments have increased the number of charity-related events they participate in, and they look for unique ways to interact with their community. As positive interaction with their community improves, an agency will receive stronger support in the media. (It doesn’t hurt to get to know your local reporters, either.)

The bottom line: Stay alert! Consider all the aspects surrounding an event and try to anticipate what could generate negative publicity, potentially hurting your agency’s reputation or even influencing an expensive lawsuit.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

Called to a classroom for a report of a fight between two students, the School Resource Officer plunges into the fray, tossing chairs aside and lunging at the students. Within seconds he has one of the students on the floor, arms pinned behind his back. “I can’t breathe!” the student shouts. “You’re hurting me.” “Well you should have thought of that before you started fighting,” the officer yells back. He yanks the handcuffed student to his feet, then pushes him up against the wall. Behind the officer, multiple students are filming. In minutes, the videos are posted to social media; within the hour, reporters descend on the school.

These days, it can take mere minutes between a call to 9-1-1 and an incident hitting the news. Although the above example involves a law enforcement officer, no public safety agency is immune. As incidents go viral on social media, the risk of lawsuits with large potential exposure is very real.

We can’t change the fact that everyone is carrying around a high-definition video camera in the form of a phone, or that platforms like Twitter magnify incidents and sometimes spread bad information. But we’re not helpless either. This article is designed to provide insight on the importance of training your staff to handle critical incidents, with tips on how to quickly identify the circumstances that can generate a highly publicized incident and effectively manage these situations.

First, let’s look at four factors that can provoke media scrutiny of public safety agencies.

Demographics

An entity’s demographics can dramatically alter the media’s response. Many town demographics have changed over the years. Towns may have started with most of their citizens having European backgrounds and, as the town ages, more residents are African American and Latino. This can become an image problem if public safety personnel demographics do not change in the same way. The media may become quick to jump to allegations of racial bias. Did a black patient have to wait 9 minutes for an ambulance to arrive, when response times in the predominantly white neighborhood are under 5 minutes? Suddenly there’s a story.

Obviously, you can’t change demographics overnight. But if your town faces such demographic disparities, you can prepare messaging to combat such stories. You can ensure recruitment practices are aimed at hiring personnel who reflect the community you serve. You can demonstrate how your policies prevent racial bias and unequal treatment. And you can use performance measures to determine whether in fact there are racial disparities—and if there are, address them.

Caught on Video

Videos are becoming the major attention-grabber. Many police departments and some corrections agencies are using body cams. Such cameras do not always provide a clear picture of what occurred or what happened before the camera started filming. In addition, departments often don’t release body-cam footage as soon as the media would like.

But that doesn’t mean the footage remains in the agency’s control. Many witnesses record their own videos with their phones. There have been several occasions when an incident occurred and the department’s video was not released right away, but the witnesses’ videos were posted online in less than an hour. The media then starts requesting the agency to release their video, which cannot always be done as the internal investigation may still be underway. If the media’s request is refused, negative publicity can result, especially if there are many other videos posted online.

Body cameras can grab the media’s attention in other ways too. Sometimes, the body cam is turned on late, or not at all; on occasion, they have been turned off at the wrong time. A body cam line of sight can also get unexpectedly restricted by the officer’s body position. It is very important to train your department personnel to use body cams properly. Many lessons can be learned from prior events in your town or others. Your department should have a robust body camera policy as well as clear direction on when to release videos to the media.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

I became interested in risk management in the fall of 2019, I was unsure what the field entailed but I was eager to learn more. I took my first risk management course this past spring and my professor encouraged us to apply for the PRIMA Student Scholarship. This is where my journey began with PRIMA. When I first applied, I did not know there was a difference between public and private risk management because I was still very new to the field. When I was lucky enough to receive the scholarship, I realized how many resources I now have to learn about the industry including the Annual PRIMA Conference.

The Annual PRIMA Conference is held every year in a different part of the United States. Unfortunately, due to the pandemic they were unable to host it last year, but this year they created a new version of the conference so everyone could be virtually together. The virtual conference allowed attendees to watch the videos from work or home, but the videos were also recorded, so if needed the sessions could be watched at a later time. Although I wish I was able to attend an in-person conference to meet more people, I feel as if the virtual conference was very beneficial in developing professional connections. There were networking opportunities everyday where one could go into the business exchange and talk to companies such as Munich Re, Aon, and Servpro. I was fortunate enough to talk with these sponsors and learn more about their company culture as well as what a normal day-to-day looks like for them. The networking opportunities were a very unique and personalized experience because it was a one-on-one zoom call with a representative which allowed me to brush up on my professional speaking skills.

Another key part of the conference was the informational sessions about the different types of risk management. There were sessions about almost everything in public risk management and I was lucky enough to get to listen to a lot of them. I was glad that the sessions were recorded because I was able to go back and watch sessions I missed or rewatch parts of a session if I felt like I missed something. My favorite session was the keynote speaker, Nancy Solari. She detailed her experience of being legally blind and how she did not let that stop her in her professional career. Nancy started her own radio show, “Living Full Out," where she motivates people to keep pushing themselves to where they want to be because they will get there if they have a good mindset and drive. I think this was a great way to kick off the morning because she really inspired a lot of people at the conference. The next session that I really enjoyed was “Unforced Errors: Cognitive Psychology for Risk Managers” by Dr. Michael Lacroix. This session piqued my interest because I have taken a few basic psychology classes before, but I was not sure how it would apply to risk managers. In his session, Dr. Lacroix discusses how risk managers do not make decisions instantly, they all have a similar thought process thinking about what the effects of decisions may be before making them.

I learned a lot during my time at the virtual conference and it helped me identify that public risk management would be a great fit for me because there is no average day in the office and everyday is a new and exciting day in the field. I am grateful that I had the opportunity to attend and learn so much about the association and I look forward to attending again next year. 

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

When an individual suffers a workplace injury, as workers’ compensation professionals, we work to put them on a path to recovery. But we all know even the most well thought out plan can go awry. Here are four factors that can impact the recovery timeline of an injured worker and solutions for how to proactively mitigate risks before they cause the lifetime of a claim to extend.

Comorbidities

Issue

Comorbid conditions are medical disorders and diseases that affect or accompany a primary condition or injury. These conditions include obesity, diabetes, hypertension, tobacco use, mental health issues and substance abuse. When not properly managed, these conditions can have a negative effect on an injured worker’s recovery process.

In 2016, Harbor Health Systems, performed a study of comorbidities and found that claims with multiple comorbidities experienced an average total incurred cost increase of more than $20,000 when compared to the control group.

Solution

Early identification and patient education are key to mitigating risks and offering more holistic care to injured workers with comorbidities. This two-pronged approach also creates a more realistic return-to-work timeline for the employer.

Incorrect Medical Equipment

Issue

From mattresses to prosthetics, injured workers require different types of equipment to fully recover.

Think about an injured worker who works on a factory line and needs a prosthetic device. We have to take into account the fit, function and job requirements of the injured worker – if any detail is missed, it could cause discomfort for the injured worker, delays in recovery, and extended return-to-work timelines.

This mindset is equally important when treating wound patients. Wound injuries cost the healthcare industry $50 billion annually; however, a vital component often overlooked is a proper mattress/bed. A mattress isn’t just for sleep, it provides prevention, healing and stability. Let’s think about an injured worker who has a wound on their back. The wound needs open air and minimal pressure to heal; however, if the patient can’t sleep comfortably on their front or side, lack of sleep and constant moving could significantly delay recovery times.

Solution

When it comes to equipment, it’s often the little things that make a huge difference. Patients need proper equipment for a successful recovery and return-to-work.

Dental Issues from Opioid Use

Issue

Some recovery roadblocks aren’t as easily or quickly seen. Long-term opioid use, for example, causes significant dental issues – the most common being dry mouth. Opioid use inhibits saliva production, meaning food particles linger in the mouth and eventually lead to decay and gum issues. Opioids can cause a claim to extend because dental issues are not normally discovered until long after the initial claim – sometimes even years later. By the time issues arise, they’re often so severe they require long-term or extensive care, such as dental implants.

Solution

Educate patients by helping them establish regular dental maintenance. This will help to mitigate risks related to long-term opioid use. It’s also important to establish a baseline. When possible, obtain dental records regarding your patient’s past dental health.

Social and Psychological Factors

Issue

The workers’ compensation industry has increased its focus on factors outside of the physical injury, and for good reason. Biopsychosocial health is an unseen driver in patient outcomes. Improperly managed pain, stress, and even the injured worker’s level of motivation, have an impact on recovery and return-to-work timeline.

Factors can be personal or work-related. For instance, many injured workers endure added stress from trying to provide for their family while injured or feeling pressure to heal quickly because of mounting responsibilities at work.

Solution

In order to mitigate these risks, a provider must be able to quickly identify factors and document them in their treatment plan so everyone involved can play a role in recovery. A behavioral health program might even be recommended as part of the plan moving forward.

Conclusion

Education, early identification and engagement, a holistic approach, and an eye for detail all play an important role in keeping an injured worker on the road to recovery.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

Since every construction project is a unique mix of design features, contracting terms, project participants and site conditions, it stands to reason that each individual project has a unique set of risks. While insurance is a key risk management tool that supports projects to be financed and built, there is no “one-size-fits-all” insurance structure that can be applied to all projects. There are five important steps that should be taken prior to the start of a project, which will help determine the “best fit” insurance program. While these steps are most often applied to large complex projects, following the general procedures can be very helpful in designing cost effective insurance for projects of all sizes.

Step 1: Risk Inventory and Assessment
There are a wide variety of risk assessment practices in use today in the construction industry. While some are more effective than others, the following best practices should be considered. Include a broad spectrum of project stakeholders (owner, design team, attorneys, lenders, contractor and key subcontractors) in an open discussion about project risks. Develop a risk inventory and a preliminary plan to monitor and manage the highest priority risks (such as whether to insure, control or transfer). Update the risk assessment and risk register at key project milestones to address changes in planned versus built conditions.

Step 2: Risk Allocation and Ownership
The next important step after identifying and assessing risk is to determine a plan for how to allocate risks based upon who is in the best position to “own” each risk. The planned intent of risk ownership may ultimately vary from the applied system based on commercial considerations (whether the expected "risk owner" is willing to accept the risk for a reasonable cost), design evolution (whether risks can be designed out in the final plan) and other external factors (permitting agencies, lenders, equipment suppliers, etc.). However, a reasonable plan for risk ownership will enable the development of contracts, insurance program and contingency budgets.

Step 3: Insurance Program Design, Feasibility Analysis and Budgeting
Before procurement specifications are released for project bids, it is essential to design an insurance program so that minimum coverage requirements can be communicated to bidders. The insurance program should be designed with the help of a qualified insurance professional who understands the current market environment and the specific type of construction. The project team should structure a project insurance plan that is designed to effectively cover the risks identified in the risk assessment and that is comprised of policies commercially available for project participants.

This is the time to begin considering options for alternative insurance program structures – such as an Owner-Controlled Insurance Program (OCIP), Contractor-Controlled Insurance Program (CCIP), or other project specific insurance (environmental liability, professional liability, etc.). Emphasis at this stage should be on specifying the coverage needed to protect the project – not on who should provide the coverage, which will be determined through procurement and negotiation.

Just as project teams will develop an engineer’s estimate of project cost for the selected project design, they should also have a designed insurance program (or range of alternatives) from which to develop an insurance cost estimate. Insurance cost estimating can only be done after the design is mature enough (60% or better) to estimate construction cost, schedule, labor and other rating factors. The insurance cost estimate should also consider retained loss costs from expected deductibles or self-insured retentions within the insurance program structure. The estimated insurance cost range developed at this stage will form the baseline from which to compare bid results for insurance.

Step 4: Contract Formation and Procurement
All too often, boilerplate general conditions are used in the procurement documents without a planned approach to risk identification, risk allocation and a unique insurance program design. This results in bidders presenting a wide range of alternatives when there is limited time to consider them and incomplete information to maximize their benefit.

If the preceding steps have been followed, clear and concise indemnity language can be developed to frame the risk allocation strategy. Insurance requirements can then be carefully crafted to match coverage required to fund the indemnity obligations of the parties. After taking the steps to design and price an insurance program, bidders can be instructed on how to propose alternatives that can be compared to budget estimates for insurance. The insurance procurement strategy should coordinate with the overall procurement strategy, but can allow for bidders to “value engineer” the insurance requirements for unique, lower cost alternatives. This avoids a barrier to entry for contractors who may not have highly developed insurance facilities. It should be noted that many contractors have sophisticated insurance programs that might enhance their profit but also provide broad coverage for the project – a “win-win” situation.

Step 5: Program Negotiation and Final Structure
If bid alternatives have been solicited, proposals need to be carefully considered. Even in the case of a sole-source, negotiated project, the contractor is likely to propose insurance alternatives on complex projects. Cost is only one item to consider when reviewing proposed insurance alternatives.

For very large projects with better than average risk management practices that can be demonstrated to the insurance marketplace, both OCIP and CCIP are viable alternatives. However, owners who are building a single project may not be able to obtain an OCIP that is superior (in terms of cost, coverage and other factors) to a contractor with a mature, portfolio-based CCIP. Conversely, an owner who plans to build several projects might be able to structure an OCIP that is better than a CCIP implemented for the first time by a contractor. For this reason and the considerations above, a flexible procurement process that allows for innovative proposals often yields the best results. Finally, advice from qualified and experienced insurance professional is essential in developing and evaluating the best insurance program for the project.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs/podcasts are those of each respective author/speaker. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

As the telemedicine industry continues to boom, we’re seeing more and more new forms of telehealth emerge in the marketplace. Telehealth variations include tele-rehab, remote patient monitoring and even utilization of “avatar-like” nurses by hospital systems and providers. In this new world of telehealth, we need to continually be looking for innovative modes by which triage and telephonic case managers can connect with the individuals they serve and engage them on their road to recovery. There are two new types of Virtual Connections designed to support clinical staff in the establishment of trust and engagement with injured workers – Virtual Triage and Video-Telephonic Case Management.

Virtual Triage allows triage nurses to connect via secure video to enhance their ability to assess the extent of the injury accurately. Virtual Triage also provides the most appropriate recommendation for the level of care needed. This technology allows nurses to target:

• Burns
• Lacerations
• Scrapes/scratches
• Bruising
• Rashes
• Insect bites

Video-Telephonic Case Management allows the telephonic case manager and individual to connect via video conference. This method enables the nurse to more closely mirror a face-to-face visit and quickly establish an element of trust and rapport with the injured or ill person. Utilizing the video connection allows the telephonic nurse to:

• Pick up on non-verbal cues such as body language, which is essential in engaging with patients
• Appeal to a younger generation or anyone comfortable using video technology to communicate
• View the injured body part and the healing process

As with all new technology, some people will be hesitant to take part, so participation in these programs is entirely voluntary. It is also not expected for adoption to occur overnight. Like telemedicine, it takes time for people to get accustomed to a new idea and embrace it. The usability and likability of this communication solution is of the utmost importance.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

As risk professionals, we have a unique view of the interconnected risks facing our organizations. One of the ways our organizations can benefit from our holistic view of risks is when we use our established communication platforms and relationships to support others in the organization who are managing risks. One such partner for me is our Cyber Security team. They spend much of their days sequestered in the Security Operations Center (SOC) helping ensure our systems are protected. Although this is a critical function, an unfortunate side effect can be that they disappear for most employees. Out of sight out of mind, right?

Attackers try to get into systems constantly. At any given time, there is probably someone outside the firewall trying to access your system. Phishing is one of the biggest threats; emails are constantly coming in, and it takes only one employee clicking a link or opening an attachment for an attacker to gain a foothold on the network. Managing cyber security risks requires security tools and processes, such as an antivirus program and network security tools. There’s also a governance side to managing cyber security risks, as we want to have robust policies and programs in place to address cyber security.

Since our teams have been partnering up on security training and developing policies and programs together, our effectiveness has improved. Training has been hugely effective for us. There are only so many employees working in Cyber Security, but if you train everyone you suddenly have 500 cyber specialists.

Although we have security controls and email filters, malicious emails still find their way into employees’ inboxes.  Our motto is “Think before you click”.  When an employee gets an unexpected email from outside the organization, they should not click a link or open an attachment automatically.  Training employees on how to identify malicious emails is essential to the security of your organization.

An organization’s risk managers and cyber security professionals have to have a lot of goals in common. Be partners. You can work together to identify and mitigate risks.

Do you know your Cyber Security staff? If not, I challenge you to reach out and make a new friend today. If you do, I encourage you to ask how you can help them identify or mitigate cyber security risks in your organization. Even if they don’t take you up on it, I’m willing to bet they’d appreciate knowing you’re on their side.

There are definitely risks in allowing third parties to connect to your network and pull data. We don’t have a lot of control over how a software vendor manages their own cyber security risk; we aren’t in their system monitoring their logs or patching their applications. Sometimes contract language is the only protection we have, so it’s important for Cyber Security staff to be looped in early in the process before software contracts are finalized.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

Finding good workers is half the battle — you also need to keep them healthy and productive. Today, around 20% of days of missed work are due to sprains and strains that happen as a result of poor workplace design. Companies and public sector organizations that consider their employees' work environment and how it can affect health and efficiency — known as ergonomics — can potentially reduce workplace injuries.

Most organizations see the frequency of ergonomic-related injuries and costs grow each year. But the simple fact is that people need to perform physical work, whether at a factory, store, warehouse, school campus or an office. According to the Bureau of Labor Statistics, work-related musculoskeletal disorders (MSDs) account for one-third of worker injuries and illnesses annually and ergonomics-related injuries require more time off than other workplace injuries and illnesses.

OSHA and Liberty Mutual also found that overexertion injuries — lifting, pushing, pulling, holding, carrying or throwing — cost businesses $13.8 billion every year.

Additionally, an estimate of the total economic burden of serious, nonfatal workplace injuries as measured by workers’ compensation costs is nearly $60 billion.

Turning Losses Into a Win-Win

Creating operations based on good design that benefits the entire workforce is an easier solution than you might think. One effective way to do this is through a continuous improvement method known as a kaizen event.

Kaizen is a Japanese word that means “good change.” These events help make employees’ jobs safer and more efficient through the study of their work activities and small, simple improvements in their environment. The focus is on immediate action rather than longer-term, costly alternatives.

During a Kaizen event, small teams of operators and maintenance employees make and implement recommendations to improve a process. These teams support and continue the process even after the event is over. Because operators know the process, work the process and are involved in any changes to the process, there is tremendous buy-in and ownership of all improvements.

Daily and Long-Term Improvements

Kaizen events can help reduce your total cost of risk and your ergonomic-injury costs while boosting your bottom line and productivity. While there are numerous ways to tackle ergonomic-related injuries, a kaizen event is a simple and effective approach that enables employees to improve safety and efficiency. When conducted regularly in conjunction with other casualty risk reduction programs, kaizen events can help your organization achieve safety excellence.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*