Public Risk October 2014 by Moire Marketing Partners

Published by the Public Risk Management Association

www.primacentral.org

OCTOBER 2014

BEYOND THE HYPE THE DATA BREACH REALITY IN THE PUBLIC SECTOR “What Could Possibly Go Wrong?”

MANAGING VOLUNTEERS’ ACCIDENT AND LIABILITY RISKS Is There A Doctor (or Nurse) in the House?

MANAGING WELLNESS PROGRAM RISKS

An n elevated perspective, focused on service. With in-depth knowledge comes perspective. At Travelers, we understand the evolving coverage trends and service needs unique to public entities. Our suite of products combines customized coverages and dedicated support based on the specific exposures you face every day – from our expertise in state-specific tort caps and immunities, to our law enforcement and cyber liability coverages. Additionally, Travelers offers public entities value-added features that go beyond the coverage, including: • •

Superior claim resolution – governmental claims require unique resolution strategies Robust loss-prevention solutions – dedicated risk control specialists located across the country and an extensive risk management website with best practices and sample policies and procedures

•

Dedicated and knowledgeable underwriters – provide a customized and effective insurance plan

•

Local territory managers – trusted advisors who help navigate the local nuances that affect your community

Get protection beyond the policy. Contact your agent and ask about Travelers.

travelers.com The Travelers Indemnity Company and its property casualty affiliates. One Tower Square, Hartford, CT 06183 This material is for informational purposes only. All statements herein are subject to the provisions, exclusions and conditions of the applicable policy. For an actual description of all coverages, terms and conditions, refer to the insurance policy. Coverages are subject to individual insureds meeting our underwriting qualifications and to state availability. © 2014 The Travelers Indemnity Company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers Indemnity Company in the U.S. and other countries. CP-7627 Rev. 3.14

Volume 30, No. 9 | October 2014 | www.primacentral.org

The Public Risk Management Association promotes effective risk management in the public interest as an essential component of public administration. PRESIDENT Regan Rychetsky, ABCP Director, HHS Enterprise Risk Management and Safety Texas Health and Human Services Commission Austin, TX

CONTENTS

PAST PRESIDENT Betty Coulter Director of Risk Management and Insurance University of North Carolina at Charlotte Charlotte, NC PRESIDENT-ELECT Dean Coughenour, ARM Risk Manager City of Flagstaff Flagstaff, AZ

Terri Evans Risk Manager City of Kingsport Kingsport, TN

6 BEYOND THE HYPE

The Data Breach Reality in the Public Sector

By Inga Goddijn

DIRECTORS Ed Beecher Risk Manager City of Pompano Beach Pompano Beach, FL

Scott Kramer Risk Manager Montgomery County Commission Montgomery, AL Amy Larson, Esq. Risk and Litigation Manager City of Bloomington Bloomington, MN

10 “What Could Possibly Go Wrong?”

Scott Moss, MPA, CPCU, ARM-E, ALCM P/C Trust Director CIS Salem, OR

MANAGING VOLUNTEERS’ ACCIDENT AND LIABILITY RISKS

Tracy Seiler, ARM-P Director of Risk Management Services Texas Association of Counties Austin, TX

By William R. Henry, Jr.

NON-VOTING DIRECTOR Marshall Davies, PhD Executive Director Public Rick Management Association Alexandria, VA

15 Is There A Doctor (or Nurse) in the House?

EDITOR Jennifer Ackerman, CAE Deputy Executive Director 703.253.1267 • jackerman@primacentral.org

MANAGING WELLNESS PROGRAM RISKS By Joe Jarret

ADVERTISING Donna Stigler 888.814.0022 • donna@ahi-services.com Public Risk is published 10 times per year by the Public Risk Management Association, 700 S. Washington St., #218, Alexandria, VA 22314 tel: 703.528.7701 • fax: 703.739.0200 email: info@primacentral.org • Web site: www.primacentral.org Opinions and ideas expressed are not necessarily representative of the policies of PRIMA. Subscription rate: $140 per year. Back issue copies for members available for $7 each ($13 each for non-PRIMA members). All back issues are subject to availability. Apply to the editor for permission to reprint any part of the magazine.

IN EVERY ISSUE 4 News Briefs | 19 Advertiser Index | 20 Member Spotlight

OCTOBER 2014 | PUBLIC RISK

INDUSTRY-LEADING CONTENT PROVIDERS HANDS-ON LEARNING SMALL GROUP SETTING LEARNING AT YOUR LEVEL NETWORKING OPPORTUNITIES

PRIMA Institute 2014 is the premier education program for public risk managers, human resources professionals, employee benefits coordinators, those working in claims, underwriting or insurance departments and anyone looking to learn more about the public risk management industry. PI 14 brings together outstanding faculty and an intense, comprehensive risk management foundations program. The only education event of its kind, PI 14 has something for newer risk managers and the seasoned risk professional looking to learn about emerging trends and best practices.

November 3–7, 2014 • Louisville, KY

The Industry’s Premier Risk Management Training Program

Message from PRIMA President Regan Rychetsky, ABCP

PRIMA INSTITUTE 2014 IS ON THE HORIZON

h, October! The first full month of the fall season means leaves are turning in some parts of the country, football season is in full force and Halloween for the kids (and the kid inside of us). This is truly a magnificent time of the year. October is also the month before one of PRIMA’s preeminent education opportunities…PRIMA Institute 2014 (PI 14). This year, PI 14 will be held November 3-7, in Louisville, Ky. PI 14 is a comprehensive risk management education program designed to be perfect for new public sector risk managers and for experienced risk managers who want to sharpen their skills and learn innovative risk management practices. PI 14 incorporates beginning, intermediate and advancedlevel courses in addition to an introduction to the many segments of public risk management. Each day, attendees are introduced to a new foundational concept, they dig deeper into the concept as the day progresses and get a chance to apply their acquired knowledge through a related case study. PI 14 has an overall theme each day in order to address the diversity of public risk management functions and responsibilities. Attendees have the option of attending the entire five-day program or the first or last three days. The following is the daily schedule for PI 14: • Monday – Risk management and insurance • Tuesday – Employee benefits and human resources • Wednesday – Innovative risk management programs and enterprise risk management (ERM) • Thursday – Emergency management, law enforcement and business continuity • Friday – Risk management leadership

Each day will start with risk management speed learning! During these mini-sessions, participants will share best practices within their programs and learn from each other. The first day, participants of similar risk management functions and job titles will group together to determine what other groups should know about their responsibilities. As the week progresses, groups will make presentations to each other about their own professional essential functions and unique challenges. The sessions and mini-sessions at PI 14 have been planned to maximize attendees’ learning.

PI 14 incorporates beginning, intermediate and advanced-level courses in addition to an introduction

PI 14 is a tremendous educational opportunity that can help you continue to improve your risk management program through inclusion of innovative practices and processes taught throughout the week.

to the many

Behind PI 14 is a remarkable group lead by Marilyn Rivers, director of risk and safety for the City of Saratoga Springs, NY, and Jessica Konrath-O’Hara, director, education and training for PRIMA. PI 14 also has a terrific group of sponsors lead by PI 14 Platinum Sponsors Midwest Employers Casualty Company and MARSH.

Each day, attendees

Please thank our veterans and those currently serving in our military forces. Freedom is not free! Regards,

segments of public risk management.

are introduced to a new foundational concept, they dig deeper into the concept as the day progresses and get a chance to apply their acquired

Regan J. Rychetsky, ABCP 2014–2015 PRIMA President Director, HHS Enterprise Risk Management and Safety Texas Health and Human Services Commission

knowledge through a related case study.

OCTOBER 2014 | PUBLIC RISK

News Briefs

NEWS

BRIEFS NINE YEARS AFTER KATRINA, FEDS FORGIVE $391M IN DISASTER DEBT Nine years after Hurricane Katrina, the government has forgiven $391 million in disaster loans for Louisiana, according to the Federal Emergency Management Agency. That's 95.5 percent of the Katrina-related disaster loans, reports the New Orleans Times-Picayune.

UNC PROVIDES STUDENTS WITH PUBLIC SAFETY APP Alert Carolina announced that the University of North Carolina is providing students with a new phone app that acts as a personal safety device. According to a news release, the Rave Guardian Campus Safety App creates an online safety network that allows students to check in with family, friends, Department of Public Safety officers and other trusted resources for providing assistance on campus and around town.

In 2005, the House authorized disaster loans for communities hit hard by Hurricane Katrina, and the failure of federally built levees, but, in a break from past precedent, barred loan forgiveness. Two separate bills, sponsored by Sen. Mary Landrieu, D-La., and backed by the entire Louisiana and Mississippi delegations, in 2007 and 2013, allowed the loans go be written off. "Communities across Southeast Louisiana suffered once from Katrina and levees collapsing, but then they suffered again when the federal government saddled them with unfair debt," Landrieu said. "But with years of persistence and support from local leaders, we worked together to create a commonsense formula that has rightly cancelled more than $391 million in community disaster loans from Hurricane Katrina."

The app includes a timer that alerts public safety and designated friends or family members if the timer isnâ&#x20AC;&#x2122;t turned off when the user arrives at an unfamiliar place. Rave Guardian users may also contact UNC Public Safety directly if help is needed; and send text messages, including photos, to report any suspicious activity. A personal Smart 911 safety profile on the app may include crucial medical and residential information that can be displayed to UNC Public Safety officers as well as 911 centers nationwide when a student is in need of assistance. Students can download the app to both Apple and Android devices, and is provided free of charge.

PUBLIC RISK | OCTOBER 2014

W W W.PRIMACENTRAL .ORG

U.S. HEALTH SPENDING EXPECTED TO INCREASE MODESTLY National health spending will increase modestly over the next decade, propelled in part by the gradual rebound of the U.S. economy and the growing ranks of Americans who became insured under the health law, government actuaries projected.

Being ready to rescue isn’t what it used to be.

But those growth rates are not as high as what the country saw for the two decades before the Great Recession crippled the U.S. economy at the end of 2007, according to the report from the Centers for Medicare & Medicaid Services Office of the Actuary and published in the journal, Health Affairs. The actuaries estimate that health spending grew just 3.6 percent in 2013, the fifth year of historically low rates of spending growth, reports Kaiser Health News. But it will accelerate to 5.6 percent in 2014. They also forecast that the average growth rate for 2015–2023 would be 6 percent. That is up just slightly from last year. The findings also suggest that health care will outpace growth in the gross domestic product over the next decade. Health care’s share of GDP, which has remained fairly stable since 2009, will rise from 17 percent in 2012 to more than 19 percent by 2023. While some health care analysts and Obama administration officials have said the Affordable Care Act is reducing costs, CMS actuaries are no longer measuring the effects of the law on health care spending. "We are no longer quantifying the impacts of the Affordable Care Act on national health spending," Andrea M. Sisko, the lead author on the study, told reporters at a briefing on the findings. "Now that the Affordable Care Act has been in place for well over four years, it is becoming increasingly difficult to accurately estimate … what the world would look like in the absence" of the law. Sisko also said it is too soon to estimate the impact of the health law's delivery system changes on the nation's health care system.

Are you prepared to help? A life is on the line. Every second counts. That’s why a carefully managed Automated External Defibrillator (AED) program makes all the difference when it’s time to act. AED Authority does much more than outfit your organization with AEDs. We provide the implementation and ongoing support that prepares your employees to respond confidently to a victim of cardiac arrest. With AED Authority Concierge® you will always be ready to rescue. • Compliance with State Statutes and Codes • AED Maintenance and Support • Training Coordination • Strategic AED Placement

AED Authority is a worldwide distributor of Automated External Defibrillators and management solutions. Call for your free program consultation today.

aedauthority.com • 888-970-7799

OCTOBER 2014 | PUBLIC RISK

BEYOND THE HYPE

THE DATA BREACH REALITY IN THE PUBLIC SECTOR By Inga Goddijn

nformation privacy and data security is a hot topic. Hardly a day goes by without a new headline announcing a major data breach event or warning of a critical flaw in a popular piece of software. Likewise, there is no shortage of companies publicizing the terrible economic impact of a breach in order to promote the latest solution to the information security problem.

Despite the attention, there is surprisingly little information around the likelihood of a data breach or the primary causes of incidents in the public sector. With so much hype and so little data, managers are left wondering how serious is the risk and how likely is it that their organization will be breached? The unfortunate truth is all organizations are at risk for a data breach. “It’s not a matter of if, but when” has become a common refrain in the information security industry and the reasons why are clear. A staggering 38,106 hardware and software vulnerabilities were disclosed between January 1, 2010, and December 31, 2013.1 In 2013 alone, a record number of sensitive records were compromised. More than 814 million records containing personally identifiable information such as credit card data or Social Security numbers were lost or stolen.2 Despite widespread events, governmental organizations account for a relatively low percentage of data loss incidents compared to other sectors. In a review of 7,445 publicly disclosed breaches in the US between 2005 and mid-2014, only 15 percent of incidents occurred at public entities. [Graph I] GRAPH 1: BREACH BY SECTOR Unknown 2% Medical 17% Government 15%

Business 51%

Education 15%

Does this mean our public institutions have more secure systems or are less often the target of malicious activity? Most likely not. Reliable statistics regarding the rate of attack against public entities compared to other organizations are difficult to come by. However, politically motivated attackers and a wealth of valuable personal information useful for identity theft would seem to make governmental organizations an attractive target. Federal 25%

State

One possible explanation for the low percentage of breaches over time is the long-standing experience public entities have 35% Authorities/ with balancingDistricts/Other transparency requirements with the need for protecting certain information. Long before the advent of 7% the Internet, law enforcement maintained the confidentiality of criminal City investigations while disclosing criminal records; County 13% Law Enforcement schools have been managing student privacy requirements under The Buckley Amendment since 1974; and the American 12% & Courts 8% using the term “personally identifiable information” in 19913 —long before the first data breach Library Association started notification statutes brought attention to the term. Public institutions have been working with information privacy issues in a very tangible way for much longer than most of private enterprise.

PUBLIC RISK | OCTOBER 2014

W W W.PRIMACENTRAL .ORG

180

173

Unknown 2% Medical 17% Government

Business Despite the low percentage of breaches overall, are taking place. High profile events like the 15% incidents in the public sector 51% Unknown recent server breach at the Montana Department of Public Health and Human Services and the 2012 compromise at the Education 2% South Carolina Department of Revenue captured15% national attention, but such high profile events can obscure the fact that all entities face some level of risk. Medical

GRAPH 1 Source: Cyber Risk Analytics / Risk Based Security. As of 8/17/2014

17%

A closer look at the incidents taking place in the public sector reveals that 60 percent of the disclosed breaches took place Government Business 15% were spread among cities, at federal or state agencies. The other 40 percent counties, courts, police departments and other 51% municipal agencies. [Graph 2] Education 15%

GRAPH 2: INCIDENTS BY LEVEL OF GOVERNMENT

Federal 25% Authorities/ Districts/Other 7% County 12%

Law Enforcement & Courts 8%

GRAPH 3 Based on 1088 data breach incidents in the U.S., disclosed between 1/1/2005 and 6/30/2014. Source: Cyber Risk Analytics / Risk Based Security.

State 35% City 13%

Federal 25%

State 35%

Authorities/ Districts/Other 7%

City County 13% Law Enforcement 12% & Courts Not only are all levels of government experiencing data compromise events, the number of disclosed incidents appears to 8% be on the rise. After several 173 sector hovering at 95, 2012 and 2013 180 years with the average number of breaches in the public 158 set records with 158 and 173 incidents disclosed. The trend is continuing into 2014, with 63 incidents disclosed by the 160

mid-year point. [Graph 3] 140 120 100 180 80 160 60 140 40 120 20 100 0 80

GRAPH 3: NUMBER OF BREACHES BY YEAR 105

173 158

87 2011

GRAPH 4 Review of 1088 incidents between 1/1/2005 and 6/30/2014. Source: Cyber Risk Analytics / Risk Based Security Information Mishandling: e-mail & snail mail disclosure, lost documents, improper document disposal, missing document Equipment mishandling: improper disposal, lost or missing device/equipment

Web-based Disclosure: Posting on public pages, available via search

105 2010

GRAPH 2 Source: Cyber Risk Analytics / Risk Based Security as of 8/17/14

2012

2013

First Half of 63 2014

40 20 0

Unknown 5% 2010

Skimming/Snooping 1%

Virus 1% 2012 2013 First Half of 2014 Hacking 19%

2011 Fraud 13% CAUSES OF DATA LOSS Equipment Web-based Mishandling 10% with IT security. With For many organizations, data security is synonymous so much of the business of government Disclosure Skimming/Snooping 13% Unknown VirusHacking, viruses and denial of Stolen Equipment/ taking place over computer systems, itâ&#x20AC;&#x2122;s understandable whyInformation that perception persists. 1% 5% 1% Documents Mishandling service attacks are clearly technical issues and19% controlling for these threats can only be achieved through the implementa19%

tion of technical measures.

Fraud Hacking 13% 19% However, the obligation to protect the Equipment confidentiality of private information spans far beyond the reach of IT departments. Web-based Mishandling 10% Disclosure Not only can personally identifiable information and other confidential records reside on paper, mistakes in handling 13% Stolen Equipment/ Information electronic records can easily occur. There isDocuments little the IT department can do to prevent accidentally sharing a spreadsheet or Mishandling 19% e-mailing confidential information to the wrong people. 19%

OCTOBER 2014 | PUBLIC RISK

100

63 Beyond the Hype – The Data Breach Reality in the Public Sector 60 40

Regardless of how the cost

A closer look at data loss20 incidents in the public sector shows that breaches are caused by a wide variety of events. Surprisingly, information and equipment 0 mishandling—such as lost or missing documents, lost equipment or improper equipment disposal— 2011 2012 Half combined to account for 29 percent of all2010 incidents, making it the largest cause of 2013 data loss inFirst the2014 public sector. [Graph 4] of

is estimated,

GRAPH 4: DATA LOSS AT GOVERNMENTAL ENTITIES BY INCIDENT TYPE

a breach is a

Unknown 5%

disruptive event

Fraud 13% Equipment Mishandling 10%

better avoided. By examining

Skimming/Snooping 1%

Virus 1%

Hacking 19% Web-based Disclosure 13%

Stolen Equipment/ Information Documents Mishandling 19% 19%

the causes of data loss in the public sector, priorities for prevention can be established.

Equipment theft also ranks high on the chart. While the use of encryption can help mitigate the fallout from a stolen laptop, basic measures such as never leaving a device unattended, especially in car in plain view, can go a long way toward preventing a breach.

CONTROLLING FOR DATA LOSS The financial implications of a data breach are difficult to quantify. A recent Ponemon Institute study places the cost at $201 per record compromised in the U.S.4 While this number certainly has validity, it factors in costs such as the effect of abnormal customer turnover, reputational losses and loss of goodwill – costs that do not necessarily have the same impact in the public sector as they would in the private sector. Estimating the actual cost of services necessary for breach response is another method for calculating the impact. The level of effort required to respond to a breach will vary depending on the nature of the incident and number of records compromised. Services such as forensic investigations, legal fees, notification costs, identity protection and data restoration expenses add up quickly and can easily run into thousands of dollars for even a small incident. Regardless of how the cost is estimated, a breach is a disruptive event better avoided. By examining the causes of data loss in the public sector, priorities for prevention can be established. Technical controls such as firewalls, anti-virus and encryption will always play a vital role in protecting sensitive data. However, reviewing the causes of loss shows an investment in security awareness and improving management processes will also pay dividends in reducing the likelihood of a breach. Regular information security training is a requirement under certain privacy laws, but a robust awareness program can do more than simply check a compliance box. A well-executed program will expand understanding of data privacy issues, communicate security policies and help create a sense of shared responsibility for protecting sensitive data. Critics of training programs point out these courses have a poor track record when it comes to learning to detect social engineering scams such as identifying phishing e-mails or providing passwords over the phone. Human nature being what it is, curiosity will continue to compel us to click on embedded links and trust the motives of unfamiliar callers. However, an effective training program does more than prevent falling for the latest scam. A thoughtful program will build consensus around security practices and reduce careless conduct such as propping open doors that should be locked or writing down passwords in plain view. Perhaps the most effective risk management strategy that can be deployed is taking the time to create and implement a comprehensive information security management system (ISMS). This holistic approach to information security requires

PUBLIC RISK | OCTOBER 2014

W W W.PRIMACENTRAL .ORG

the creation of clear policies and consistent procedures that specifically address the security needs of the organization. By going through this process, gaps in security can be identified and closed before they become a breach. Unfortunately itâ&#x20AC;&#x2122;s surprisingly easy to find security gaps, especially when it comes to data handling. For example, access to employee evaluations may be highly restricted while the information resides within the human resources department, but very same files might be poorly controlled when residing with the employeeâ&#x20AC;&#x2122;s manager. Standards for protection of such sensitive information should be uniform throughout the organization. Likewise, the lack of a consistent process for routine tasks can easily lead to a breakdown in security. Something as simple as removing system access privileges after a person leaves a job should be easy to accomplish, but when there is no clear process for requesting or verifying the change, removing access can go unaddressed. Ultimately, the key to a successful information security management program is assigning responsibility to one person and ensuring that person has the necessary authority to make the plan happen. When responsibility is fragmented across departments or the person is unable to implement needed changes, the system falls apart. As data breaches become more commonplace, the need for better understanding of the causes of data loss increases. While a general review of incidents provides a solid foundation for understanding the threat landscape, focused attention on the specific causes of loss in the public sector is much more useful. Not only does that help prioritize the use of limited resources, it also reduces the likelihood of a breach. Inga Goddijn, CIPP/US, is the executive vice president and managing director of insurance services at Risk Based Security, an information security and risk management firm headquartered in Richmond, VA.

FOOTNOTES 1 VulnDB / Risk Based Security 2 Cyber Risk Analytics / Risk Based Security, as of August 17, 2014, both in the U.S. and internationally. 3 American Library Association Guidelines for Developing a Library Privacy Policy. www.ala.org/offices/oif/ iftoolkits/toolkitsprivacy/libraryprivacy 4 2014 Global Cost of Data Breach Study. Ponemon Institute LLC. May 2014

OCTOBER 2014 | PUBLIC RISK

“WHAT COULD POSSIBLY GO WRONG?”

MANAGING VOLUNTEERS’ ACCIDENT AND LIABILITY RISKS By William R. Henry, Jr.

Over the 40-plus years our volunteer insurance program has existed, we’ve seen certain kinds of claims repeatedly. This article will describe how those claims occur, how to identify risks specific to your own volunteer-based programs, and how to minimize those risks. IMMUNITY? DON’T COUNT ON IT Governmental entities sometimes have immunity from liability for injuries to a volunteer or damages to a third-party by a volunteer. But there are many variables, including local laws and exceptions to those laws; level of government where the volunteer is engaged; whether the entity’s statutory immunity extends to volunteers; whether immunity has been waived; whether the volunteer activity was “governmental” (only government can do it) or “proprietary” (private sector also could do it); degree of negligence; and provisions of any commercial insurance policy in force. So it is best not to assume immunity. Let’s look at the most common risks involving volunteers.

INJURIES Falling is the most common volunteer injury. Is there clutter on the floor where volunteers work? Loose rugs, extension cords, poor lighting ? Loose handrails? They can all cause injury claims. Are spills not cleaned up immediately? Do volunteers have to reach anything up high—even occasionally? Make sure there are ladders or step stools for them to use. Our claims history proves that a volunteer might use a chair if the ladder or stool is not right there.

PUBLIC RISK | OCTOBER 2014

W W W.PRIMACENTRAL .ORG

If you did not properly screen, train or supervise the volunteer involved, liability can extend to your entity… Perform criminal background checks on volunteers who would be working with vulnerable clients such as elders, children, or those with disabilities.

The new volunteer doesn’t know the territory like you do. Make sure volunteers are mentally prepared for their environment. Two claims where this preparation was lacking:

It was wrong for the supervisor to assume the volunteer knew how to pull a nail. One minute of training could have prevented costly dental work.

• A volunteer was reading a story at a child care center. She took a step back, tripped over a little boy, and broke her shoulder. That injury might have been prevented if the volunteer’s supervisor had cautioned her that kids move around quickly, and aren’t very safety-conscious.

Many of you have volunteers working outdoors—in parks, conservation areas, and at community events, for example. Many work-release and alternative-sentencing offenders do landscaping, clear brush, pick up trash, etc. Long sleeves, gloves, safety glasses and sturdy shoes could prevent many of the claims we see. Require leather gloves for volunteers who use cutting tools or handle sharp materials.

• An offender in a work-release program was carrying a soup tureen in the kitchen. It was too heavy for him. He lost his balance and fell, burning himself and hitting his head on the floor—hard enough to require a CT scan. We have had several fall-related claims with paid losses over $15,000. Do your volunteers move heavy things? A volunteer was hauling furniture in a pickup truck. The load wasn’t well-secured, it shifted, and knocked him out of the truck, breaking his leg. How could this accident have been prevented? More trips with smaller loads? A bigger truck? Ropes training? Yes, yes, and yes. Consider all the options. To prevent back injuries, make sure volunteers know how to lift properly—with the legs, not the back. Consider smaller loads. Handtrucks, or other materials-handling equipment, might be needed. Think through the task, and choose the most effective risk solution. Have volunteers show they know how to use tools, before letting them begin. One volunteer was trying to pull a nail, for the first time. Instead of prying the nail out, she attempted to pull it straight from the board with the claw hammer. The hammer slipped, and she hit herself in the mouth.

“YOU CAN OBSERVE A LOT JUST BY WATCHING.” – YOGI BERRA Observe volunteers, and correct them if they are doing something unsafe. For example, if you have projects where volunteers climb ladders, make sure they do it correctly: hands on the sides of the ladder at all times, not on the rungs.

LIABILITY A liability suit will allege that your volunteer and/or your governmental entity was negligent; i.e., you did not do something you should have known to do, or did something you should have known not to do. If you did not properly screen, train or supervise the volunteer involved, liability can extend to your entity. Perform criminal background checks on volunteers who would be working with vulnerable clients such as elders, children, or those with disabilities. But that is not enough. A volunteer with a clean record still might negligently injure a client. Have rules on what volunteers may and may not do, and enforce them. Otherwise, volunteers might react to situations as they would with their own family members. Their way might be all right and it might not.

OCTOBER 2014 | PUBLIC RISK

Managing Volunteers’ Accident and Liability Risks

EXAMPLES OF “A” SEVERITY RISKS: Intentional acts • A volunteer docent in the publicly owned museum schemes to steal valuable items. • A volunteer facilitates a bomb attack at the municipality’s July 4 community celebration. • A volunteer at the county-run health center considers herself an “angel of mercy” and gives patients lethal injections. • A volunteer in the public works office gains access to the computer system controlling utilities, then fouls the water supply system and changes all traffic signals at busy intersections to green. • A volunteer at the municipality’s elder daycare center steals, or coaxes, bank information from elders. • A volunteer at an afterschool mentoring program or youth sports league is a sexual predator. Unintentional acts • A volunteer bus driver with a medical history of epilepsy is not properly vetted. He has a seizure and the bus stops on a train crossing, resulting in the death of 15 passengers. • A volunteer in the sheriff’s department inadvertently codes prisoners’ records for release rather than detention, resulting in the release of six violent criminals who go on a rampage. • A volunteer at the office of child protective services inadvertently releases confidential information to the Web.

For example, have written procedures on how to defuse a situation where a client becomes agitated—even verbally abusive—and the volunteer’s emotions could take over. Such training might have prevented this claim: a volunteer working in a classroom got frustrated with an unruly little boy and pushed his head down on his desk – hard enough to require a trip to the emergency room. Bodily injury includes sexual abuse and molestation—a concern for any human services agency with vulnerable clients. Sometimes accusations are false, but still you must defend yourself if there is a lawsuit, which can be expensive, both financially and in terms of community relations and the distraction the incident causes. Do what you can to reduce the risk of an incident, or false accusation.

over and killed the client. Establishing, communicating and enforcing a rule that volunteers could not leave a parking spot until clients were safely buckled in could have prevented that death.

DISHONESTY What access do volunteers (or staff) have to cash, or financial information that might present an opportunity to embezzle? It happens sometimes, and almost always is a surprise. At the volunteer level, there might be an exposure if, for example, volunteers sell tickets at a community event, or handle money for the auxiliary of a public hospital, library, university, etc. Your auditor can provide guidance on separation of duties and other controls to prevent embezzlement.

Sometimes risk management can be simple…no one-on-one contact between volunteers and vulnerable clients, for example. If there are indoor activities, keep doors open. Or if a door needs to be closed – for example, for counseling— cut a window in it, and have someone walk by occasionally.

A SYSTEM TO MANAGE VOLUNTEER RISKS

THE AUTOMOBILE RISK

Sometimes, accidents are very serious; we have had claims involving fatalities. Get motor vehicle records (we suggest annually) to make sure your volunteer drivers haven’t had serious violations. As with background checks, obtaining motor vehicle records helps demonstrate due diligence in volunteer engagement.

Dig deep for risk scenarios—After you’ve considered risks identified already in this article, dig deeper. Public safety agencies, utilities and mass transit systems have been planning for “what could possibly go wrong?” for years. After September 11, 2001, after Hurricane Sandy in 2012, and after the ice storm that gridlocked Atlanta in 2014, new chapters were added. At the Boston Marathon in 2013, lives were saved because the police and fire departments, emergency medical teams and hospitals already had conducted drills on how to respond to multiple bomb attacks. The same risk identification and response can be applied to any volunteer activity.

Vehicle-related accidents don’t always occur in traffic. A volunteer, not realizing her client was behind the car, backed

Consider severity of the risk, and assign a grade of A (high), B, C, or D. Then apply the same grading to the

Collisions at intersections are the most common vehicle accident claim…left turns when the volunteer driver did not have the right of way, turning from the wrong lane, running stop signs, for example. Inclement weather is another frequent cause.

PUBLIC RISK | OCTOBER 2014

The ideal system allows you to identify risks specific to your activities and manage them in a way that will work, even as staff and volunteers come and go.

W W W.PRIMACENTRAL .ORG

likely frequency of each risk. Consider both severity and frequency, as you set priorities. Once you have identified your risks, what can you do to eliminate or reduce them? For serious risks that cannot be eliminated entirely, consider transferring the risk through an insurance policy designed for that exposure.

OTHER ELEMENTS OF A VOLUNTEER RISK MANAGEMENT SYSTEM Selection—Use your volunteer registration form to describe available assignments and ask about areas of interest and special skills. Ask about allergies or other medical conditions that could affect assignments. If you have the completed registration form and a written job description, it’s easier to match volunteers and assignments. Obtain criminal histories for volunteers working with vulnerable clients, criminal histories and credit reports for those handling money, and motor vehicle records for volunteers whose assignments require driving. Orientation—One of the risks with volunteer involvement is not communicating what’s expected—leaving volunteers to improvise. Take improvisation off the table. Does the volunteer know who to report to, and to see if they have a problem? Explain safety rules and recordkeeping requirements such as time sheets and reimbursement forms.

about the cause. Get witnesses’ statements and contact information. If there is a dispute over the facts, get both sides. If it is a situation where a liability claim might arise, don’t admit liability. Get the facts and tell the other party you will report the incident to your risk management team. Report it right away. Claims often are slow to develop— particularly liability claims. Many times, those claims can be traced to incidents happening months earlier. If you have a commercial insurance policy that might respond, notify your insurance company. The insurance contract says you must provide timely notification of claims. Don’t be in a position of arguing about what “timely” means. After your initial response, deconstruct what happened. Were your safety procedures being followed? What should have been done differently? The answers can help with training to prevent a recurrence. To establish and sustain a practical risk management program for volunteer activity, start with the question, “What could possibly go wrong?” and be ready to confront any answer. William R. Henry, Jr., is the executive director of Volunteers Insurance Service Association.

Make sure your staff doesn’t consider volunteers community property, to be taken off one assignment and given another without consulting the volunteer’s supervisor. Training—Make sure volunteers show you—not just tell you—they are capable of doing their work safely before they are allowed to begin. If possible, have veteran volunteers train new ones. That reinforces the veteran’s skills. Establish and communicate formal procedures for responding to an incident. Develop those procedures while you are brainstorming and grading (A, B, C, D) your risk scenarios. Never leave incident response decisions to the volunteer’s discretion. Accountability—Correct poor performance, and discipline as needed. Just because volunteers are unpaid, that doesn’t mean you can’t discipline or even terminate them. Ask supervisors if there have been occasions when they felt the need to criticize volunteers. What happened? If they let the occasion pass, why did they?

WHEN INCIDENTS HAPPEN In the case of an injury, once the injured person gets medical attention, get as much information as you can

Providing Excess Workers’ Compensation Since 1990 For Single Entities, Groups & Public Entities Provided by an A.M. Best “A” (Excellent) IX Rated Carrier Highlights

• Aggregate Coverage Available

• Installment Schedule Available

• SIRs starting at $300,000

• Minimum Premiums:

• Claims Management Available

• Individual: $50,000 • Groups: $100,000

• Risk Management Services Available

excessworkerscomp@midman.com 800.800.4007 midlandsmgt.com

OCTOBER 2014 | PUBLIC RISK

PRIMA 2014

WEBINAR SERIES FREE FOR PRIMA MEMBERS! Looking for a cost-effective way to train your staff while avoiding the frustration of budget cuts and travel expenses? The Public Risk Management Association’s Webinar series is designed to help risk management professionals like you excel in the field without leaving your office.

WEDNESDAY, NOVEMBER 12 | 12 PM – 1:30 PM EST

CONTRACTUAL RISK TRANSFER AND FLYING TOMAHAWKS PRESENTERS: Michael Fann, Loss Control Director, TML Risk Management Pool Amy Larson, Esq, Risk and Litigation Manager, City of Bloomington, MN All day, every day, we transfer risk, even if we don’t recognize it. This Webinar will discuss traditional risk transfer methods such as contracts, insurance, bonds and indemnification agreements; as well as nontraditional methods such as waivers and personal guarantees. The presenters will also discuss how to evaluate what types of risk transfer will work in different situations, as well as when an entity needs to respond with traditional risk transfer methods. Attendee Takeaways • Understand when your entity must use traditional methods of risk transfer • Identify and understand when non-traditional methods are a more practical way of transferring risk • Know how much insurance is enough • Identify what has to be on your certificate of insurance to ensure accurate coverage Who Should Attend • City attorneys and legal assistants • Contract administrators and department heads • Insurance agents and brokers • Purchasing directors and buyers • Risk management professionals

PRIMA members receive complimentary registration and access to the Webinars!

For more information, or to register, visit www.primacentral.org.

Is there a doctor (or nurse) in the house?

MANAGING WELLNESS PROGRAM RISKS By Joe Jarret

Over the course of the last several decades, America has experienced what members of the health care industry refer to as an epidemic of “lifestyle diseases.” As a result of unhealthy lifestyle choices, manifested by inactivity, poor nutrition, tobacco use and frequent alcohol consumption, Americans are displaying increasing susceptibility to various chronic diseases such as diabetes, heart disease and chronic pulmonary conditions. These chronic conditions, according to a study conducted by Rand Corporation and sponsored by the U.S. Department of Labor and the U.S. Department of Health and Human Services1, have become a major burden, as they lead to decreased quality of life, premature death and disability, not to mention increased health care costs. The report suggests that, although chronic disease is most often associated with older age groups, America’s aging workforce is increasingly experiencing illness-related reductions in productivity due to absenteeism and presenteeism, more commonly known as reduced work performance. Because chronic disease has such an adverse impact on employee health and well-being, not to mention the fiscal costs of health care coverage in a volatile insurance market, employers are increasingly adopting health promotion and disease prevention strategies in the form of workplace wellness programs.2 The U.S. Equal Employment Opportunity Commission (EEOC), in accordance with the Americans with Disabilities Act (ADA), has defined a voluntary wellness program as one that neither requires employees to participate nor penalizes them for non-participation. Our federal courts have consistently validated this definition across circuits. Because of the risk, legal and human resources (HR) implications, the most successful wellness programs are created and managed collaboratively by the entity’s risk manager, legal counsel and HR benefits manager.

OCTOBER 2014 | PUBLIC RISK

Managing Wellness Program Risks

Recent studies have revealed that wellness programs designed to emphasize preventive health screenings, smoking cessation and exercise programs can positively impact employee health, cut health care costs and improve employee productivity while reducing absenteeism.

FEDERAL LAW Recent studies have revealed that wellness programs designed to emphasize preventive health screenings, smoking cessation and exercise programs can positively impact employee health, cut health care costs and improve employee productivity while reducing absenteeism. Consequently, public entities are increasingly considering or creating them. Despite the positive health and fiscal benefits of such programs, however, they are not without their risks. Labor and employment attorney Kevin D. Kelly3 recommends that, before implementing a wellness program, employers must consider the requirements of the ADA, the Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Non-Discrimination Act (GINA), as well as the laws of the state in which they are operating. Regarding the ADA, Ellen Sampson4, a labor and employment attorney at Leonard, Street and Deinard in Minneapolis, notes that employers who question employees about issues such as weight, diabetes, mental health issues or arthritis want to ensure employees are not compelled to provide information that can put the employer in conflict with the ADA. One way in which the ADA can affect wellness programs concerns the law’s “safe harbor” provision. This provision allows employers to charge different health insurance premiums based on health factors, provided they can show proof that those health factors cause increased medical costs. In a recent decision handed down in the federal court case, Seff v. Broward County Florida, the Eleventh Circuit Court of Appeals found that the safe harbor provision allowed an employer to impose, as part of its wellness program, a penalty on those employees who did not participate in a health screening and disease management coaching program. Nevertheless, employers must be sure to treat all similar conditions and similarly situated employees

PUBLIC RISK | OCTOBER 2014

in the same way. In other words, employers cannot single out particular medical conditions for higher rates. Regarding HIPAA, it is not all unusual for employers choose to provide discounted health insurance rates to those employees who participate in a wellness program. Kelly admonishes, however, that HIPAA strictly regulates the extent to which employers can charge different insurance premiums to employees based on health factors. Specifically, HIPAA limits the ability of employers to charge higher rates to those who choose not to participate in a wellness program or who fail to meet the standards of the program. Additionally, under HIPAA, employers cannot use eight recognized health-status factors to discriminate against workers when determining enrollment eligibility or premium contributions. These factors are: • Health status • Medical condition • Claims experience • Receipt of health care • Medical history • Evidence of insurance • Disability • Genetic information, covered under GINA. • Regarding issues relating to GINA, Kelly notes: “GINA prohibits employers from discriminating based on an employee’s genetic information. In conjunction with this prohibition on genetic discrimination, GINA prohibits employers from inquiring into the genetic history of employees. Health screenings or other questionnaires related to wellness programs could potentially involve inquiries into an employee’s family medical history. Employers should ensure that any medical inquiries that are conducted as part of their wellness programs do not impermissibly request genetic information in violation of GINA.”

W W W.PRIMACENTRAL .ORG

PROGRAM INCENTIVES It is important to note that the recently enacted Affordable Care Act makes specific reference to employee wellness plans, with special attention given to employee incentives or rewards. The most common incentives or rewards come in the form of financial incentives, such as reduced employee program contributions or lower co-pays, gift cards or cash equivalents (e.g., discounted gym memberships), as well as novelty items in the form of mugs, t-shirts, etc. A set of U.S. Department of Labor-proposed regulations would require employer wellness programs to follow certain rules when it comes to rewards, mandating that programs: Be reasonably designed to promote health or prevent disease. To be considered reasonably designed to promote health or prevent disease, a program would have to offer a different, reasonable means of qualifying for the reward to any individual who does not meet the standard based on the measurement, test or screening. Programs must have a reasonable chance of improving health or preventing disease and not be overly burdensome for individuals. Be reasonably designed to be available to all similarly situated individuals. Reasonable alternative means of qualifying for the reward would have to be offered to individuals whose medical conditions make it unreasonably difficult, or for whom it is medically inadvisable, to meet the specified health-related standard. Be designed in such a manner that individuals are provided with notice of the opportunity to qualify for the same reward through other means. These proposed rules provide new sample language intended to be simpler for individuals to understand and to increase the likelihood that those who qualify for a different means of obtaining a reward will contact the plan or issuer to request it.5

STATE LAW Despite the ever-increasing federal regulation of workplace conduct, the savvy risk manager will not overlook the laws in her/his state. For instance, several states have enacted legislation that prohibits discrimination based on an employee’s use of lawful products (e.g., tobacco), as well as lawful activities conducted outside of the workplace (which could include such things as eating unhealthy foods or other relatively unhealthy lifestyle choices). By penalizing those who engage in certain behaviors, employers may unwittingly violate such laws. Another aspect of wellness programs that is governed by state law involves the increasingly popular aspect of employee wellness programs that provide off-site gym memberships or exercise programs. It is recommended that the employer obtain waivers from employees that acknowledge the risks associated with exercise and that waive any liability against the employer for any injuries that may occur during exercise. According to Kelly, although such waivers are similar to what an individual would sign upon starting a private gym membership, their enforceability should be reviewed on a state-by-state basis.

CALENDAR OF EVENTS PRIMA’s calendar of events is current at time of publication. For the most up-to-date schedule, visit www.primacentral.org.

WEBINARS 2014 • November 12: Contractual Risk Transfer and Flying Tomahawks

PRIMA ANNUAL CONFERENCES June 7–10, 2015 PRIMA 2015 Annual Conference Houston, TX George R. Brown Convention Center June 5–8, 2016 PRIMA 2016 Annual Conference Atlanta, GA Hyatt Regency Atlanta June 4–7, 2017 PRIMA 2017 Annual Conference Phoenix, AZ Phoenix Convention Center

OTHER MEETINGS November 3-7 PRIMA Institute 2014 Louisville, KY

It is not unusual for public employers to defer to third-party administrators when it comes to wellness-related medical inquiries, in an effort to transfer the risk by insulating themselves from direct contact with an employee’s medical information. Although this risk management device proves more effective than having the employer conduct medical inquiries directly, our courts have not handed down any bright line rules as to whether this step protects an employer from liability under the ADA with respect to medical inquiries. In one sense, if an employer never sees any medical information regarding an

OCTOBER 2014 | PUBLIC RISK

Managing Wellness Program Risks employee because it is handled exclusively by a third-party administrator, the employer is not itself making any direct medical inquiries. On the other hand, it is conceivable that a court could find that because a third-party administrator is merely acting on behalf of the employer, it is simply an extension of the employer for purposes of ADA liability. Consequently, the best risk management tool, when it comes to programs of this ilk, is risk avoidance. This is best achieved by closely monitoring federal and state laws as they continue to evolve.

GETTING THE WORD OUT Those entities that report success with their wellness programs consistently engage their employees and in so doing, render wellness activities as convenient and easily accessible for as many employees as possible. Some entities are embracing social media, others create a dedicated Web site or blog, while others go low-tech by distributing writtenÂ brochures. Employee wellness programs can prove to be a sound risk management and fiscal tool, as well as a boost to employee morale. By approaching such programs collaboratively while keeping abreast of the changes in federal and state

law, risk managers can go a long way in enhancing the health, safety and productivity of their workforce while reducing the possibility of running afoul of federal and state laws or experiencing discrimination claims asserted by employees. Joe Jarret is an attorney, federal and state mediator and former public risk manager who lectures full-time for the University of Tennessee. FOOTNOTES 1 Workplace Wellness Programs Study: Final Report, The Rand Corporation, sponsored by the U.S. Department of Labor and the U.S. Department of Health and Human Services, 2013. 2 Id. 3 Kelly, K. (2013) The Legal Risks Behind Workplace Wellness Programs, Locke Lord Publications. 4 Spors, K (2014) Employee Wellness Programs Come With Legal Risks, American Express Leadership On-line 5 U.S. Department of Labor website: www.dol.gov

Reduce the device shape to the required size, then make a new clipping mask.

We know your risks. Specialty insurance and reinsurance for public entity pools, reciprocals, trusts, and JPAs

Markel Global Reinsurance

PUBLIC RISK | OCTOBER 2014

markelre.com

W W W.PRIMACENTRAL .ORG

Advertiser Index

ADVERTISER INDEX AED Authority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 5 CIMA Volunteers Insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 9 Genesis Underwriting Management Company.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Back Cover Markel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 18 Midlands Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page 13 Munich Reinsurance America.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inside Back Cover Travelers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inside Front Cover

Has your entity launched a successful program? An innovative solution to a common problem? A money-saving idea that kept a program under-budget? Each month, Public Risk features articles from practitioners like you. Share your successes with your colleagues by writing for Public Risk magazine! For more information, or to submit an article, contact Jennifer Ackerman at jackerman@primacentral.org or 703.253.1267.

FIND US ON FACEBOOK!

Keep up with whatâ&#x20AC;&#x2122;s happening at PRIMA and connect with your risk management peers! Visit us at www.facebook.com/primacentral.

OCTOBER 2014 | PUBLIC RISK

Member Spotlight

ARIZONA VIDEO REINFORCES SAFETY AGAIN…AND AGAIN Each month, Public Risk features a member who has

entral Arizona Water Conservation District (CAWCD) is a three-county water conservation district serving Maricopa, Pima and Pinal Counties, roughly 80 percent of the state’s population.

safety rules. It happened to be Groundhog Day, again and again. His coworkers prompt him to do the right thing, his supervisor coaches, and Russ, the safety guy, counsels. The day keeps repeating until he gets it right.

With 480 employees, CAWCD manages and operates the Central Arizona Project, delivering Colorado River water to customers through the conveyance system that includes 336 miles of aqueduct and 15 pumping plants.

“Employees are regularly exposed to a variety of safety training delivery methods, so creating an entertaining and engaging ‘hook’ was the goal of the video,” said Debbie Jo Maust, insurance and risk administrator for CAWCD. “Our goal was achieved and the message was well-received across the organization.”

gone above and beyond “Member Spotlight.” Do you know someone who deserves recognition, has made a contribution or excelled in their profession? If so, we’d like to hear from you for this exciting column, as PRIMA shines the spotlight on its members. To be considered for the Member Spotlight column, contact Jennifer Ackerman at jackerman@primacentral.org or 703.253.1267.

“

Through CAWCD’s safety efforts, it has achieved and held the rigorous OSHA Voluntary Protection Program designation, which recognizes employers and workers who have implemented effective safety management systems. One of its most effective safety management tools is the Safety Vision Support Team, an employee-led committee promoting safety. The team was responsible for creating the Safety for Life video series, including the Working Safely Gets You Home video that took home an honorable mention achievement award at PRIMA’s Annual Conference in Long Beach, Calif.

When asked about the cost of the video, Maust said, “While it's difficult to assess the dollar amount of an injury NOT occurring, we know intuitively that sending employees home uninjured has high value. To quantify, the cost for producing the video was $3,800, but that’s less than the cost of an employee suffering a concussion with a head laceration, for example. Safety for Life will continue to be our passion, recognizing that even one injury or accident is too many.”

The purpose of the video is to engage employees to be mindful of their own safety and take responsibility for their coworkers’ safety as well.

Maust says that the video’s message is easily transferable to other entities.

The video follows Kenny, an employee working at the Mark Wilmer pumping plant, as he ignores a variety of

For more information on CAWCD’s Working Safely Gets You Home video, contact Maust at dmaust@cap-az.com.

“Employees are regularly exposed to a variety of safety training delivery methods, so creating an entertaining and engaging ‘hook’ was the goal of the video…Our goal was achieved and the message was well-received across the organization.

“

in a feature column titled

Debbie Jo Maust, insurance and risk administrator for CAWCD

PUBLIC RISK | OCTOBER 2014

W W W.PRIMACENTRAL .ORG

Public services

Local connections

#CommunityMR

Connect your community to the source for innovative risk solutions. Nonprofits, schools, public entities and religious organizations support the communities we live inâ&#x20AC;&#x201C;the true social network. Munich Re has worked with public and nonprofit organizations to create innovative insurance solutions and risk management strategies for over 25 years. Our resources, creativity and expertise help to secure a financially stable and safe future for single risks and group risks. Let us be a part of your social network â&#x20AC;&#x201C; #CommunityMR. Learn more at www.munichreamerica.com/alternativemarket

NOT IF, BUT HOW Products and services provided by Munich Reinsurance America, Inc. Princeton, New Jersey

Going Above and Beyond “Sometimes I have to go above and beyond—literally. “Traveling the Alaskan bush to over 150 cities, boroughs and school districts is daunting, but I love what I do. Helping our members is hugely rewarding. They aren’t just risk partners, they’ve become personal friends. “To protect them from risk and losses, we rely on Genesis for reinsurance. When we encounter a little turbulence — or worse— it’s comforting to know we can trust their specialized expertise and top notch security. “With Genesis, we can always count on safe landings no matter what risks cross our path.”

Visit our website at www.GenesisInsurance.com

— Kevin Smith, Executive Director Alaska Municipal League Joint Insurance Association

Genesis Management and Insurance Services Corporation, 120 Long Ridge Rd, Stamford, CT 06902

A.M. Best A++ XV

S&P AA+

A Berkshire Hathaway Company