Author, Jeremy Hoolihan, Account Executive, Rancho Mesa Insurance Services, Inc.

The Employment Practices Liability Insurance (EPLI) marketplace has faced a number of factors that are contributing to skyrocketing premiums and deductibles. Many insurance companies are facing the choice of whether to remain in the marketplace or exit altogether. Those willing to remain are then faced with having to consider the following changes:

• Increase their premiums to offset increased claim activity

• Increase their deductibles

• Consider adding exclusions of previously covered exposures

• Consider only renewing existing clients’ policies

• Pulling out of certain business segments such as retail, hospitality, leisure, and transportation which is currently being impacted the most from COVID-19.

Below are some of the main factors causing the hardening EPLI marketplace. As you will see, they vary significantly but combined they have created a perfect storm.

COVID-19

These are unprecedented times with businesses being forced to shut down for months due to COVID-19, employees having to work remotely and our economy seemingly coming to a standstill. Couple this with a significant increase in layoffs, severance packages, furloughs, and unemployment, and we have seen a significant increase in claims filed. By January 2021, the plaintiff’s bar had filed over 1,200 COVID-19 related employment lawsuits. These types of lawsuits have continued to grow each month since the pandemic began.

We have also seen the unemployment rate spike from 3.5% in March of 2020 to 14.7% in April 2020. Currently the unemployment rate has settled to about 8% but this still represents a double digit increase from2019.

EPLI claims often follow large changes in workforce, including reductions, promotions and demotions. Three areas of particular growing concern include:

• Sexual Harassment

• Privacy

• Retaliation

Sexual Harassment

The heightened awareness and increased public intolerance for harassment developed in part from the #MeToo movement has given a voice to people that are now not only speaking out but filing lawsuits against their employer for sexual harassment. This national attention has also altered the legal environment surrounding these types of claims, often leading to much higher settlements outcomes..  Industry wide, the total monetary benefits awarded to sexual harassment victims has increased 68% from 2016 to 2019 according to the U.S. Equal Employment Opportunity Commission.

Privacy

In addition to discrimination and sexual harassment claims, insurance carriers also anticipate privacy-related claims. As businesses begin to reopen, there are new policies and procedures in place that require a Human Resources department to question employees about their personal health, their health history, and their family’s health history. The nationwide Health Insurance Portability and Accountability Act (HIPAA) and other state-specific laws like the Illinois Biometric Information Privacy Act (BIPA) regulates how companies collect, store, use, and share biometric information. With temperature-taking requirements and a certification form filled out, there is a concern that some employees may feel their privacy has been invaded. 

Retaliation

There is also a growing concern that there will be more retaliation type claims relating to an employee’s use of social media. With COVID-19 in mind, employees are already expressing their concerns via social media about their employers’ lack of safety measures or personal protective equipment (PPE). It’s reasonable to consider that if these employees are terminated that they may feel they were retaliated against because of their posts.

Retaliation could also be a result of employees exercising their rights under Family Medical Leave Act (FMLA) or other benefits such as workers compensation or paid sick leave.

US Supreme Court LGBTQ Decision

The Supreme Court ruled in June 2020 that Title VII of the 1964 Civil Rights Act protects employees from discrimination based on sexual orientation and gender identification. 

Previously only 28 States awarded such protections. Now that these protections are law in all 50 states, we will likely see additional claims alleging employment discrimination based on gender identity and sexual orientation.

In conclusion, running a business remains a challenge under normal circumstances. Add in the many side effects of the pandemic and it can feel overwhelming. EPLI-related claims can result in catastrophic financial impacts to a company’s balance sheet. The cost of defending your business alone can potentially put a company out of business. While EPLI premiums continue to rise, so does your exposure to a myriad of claims that fall under this coverage umbrella. Having EPLI in place can mean the difference between absorbing fair and reasonable claim costs or forcing an uninsured business to close their doors. To learn more about EPLI coverage and ways to construct a policy that meets your needs, please reach out to me at 619-937-0174 or jhoolihan@ranchomesa.com.   

Author, Jim Malone, Workers’ Compensation Claims Advocate, Rancho Mesa Insurance Services, Inc.

Timely reporting of an employee’s work-related serious injury, illness or death can pose a challenge to the employer. As of January 1, 2020, these incidents (including any hospitalizations, unless the injured worker is admitted for medical observation or diagnostic testing) must be reported immediately to Cal/OSHA. Immediately means as soon as practically possible but not longer than 8 hours after the employer knows or, with diligent inquiry, would have known of the serious injury, illness or death.

Monitoring the employee’s status at a hospital can be difficult if the employer has not put in place procedures and policies that will authorize a healthcare provider to disclose information that is covered by the Health Insurance Portability and Accountability Act (HIPAA). For example, the employer must follow-up with the hospital providing care to the injured employee to determine if the incident must be reported to Cal/OSHA. The employer will need to know if the employee has been moved from the emergency room and admitted to the hospital for in-patient treatment. 

Ensuring policies and procedures are developed and implemented to restrict the use and disclosure of protected health information (PHI), are important elements of HIPAA compliance. If health information is used for purposes not permitted by the HIPAA Privacy Rule, or is deliberately disclosed to individuals not authorized to receive the information, there are possible penalties for the covered entity or individual responsible.

HIPAA permits PHI to be used for healthcare operations, treatment purposes, and in connection with payment for healthcare services. It can be argued that employers need this information to comply with State and Federal OSHA laws. Information may be disclosed to third parties for said purposes, provided an appropriate relationship exists between the disclosing covered entity (i.e., the hospital) and the recipient’s covered entity or business associate (i.e., the employee or employer). A covered entity can only share PHI with another covered entity if the recipient had previously or currently has a treatment relationship with the patient. The PHI has to relate to that relationship. In the case of a disclosure to a business associate, a Business Associate Agreement must have been obtained. Disclosures must be restricted to the minimum necessary information that will allow the recipient to accomplish the intended purpose of use. 

Prior to any use or disclosure of health information that is not expressly permitted by the HIPAA Privacy Rule, one of two steps must be taken:

1. A HIPAA authorization must be obtained from a patient, in writing, permitting the covered entity or business associate to use the data for a specific purpose not otherwise permitted under HIPAA.

2. The health information must be stripped of all information that allows a patient to be identified.

Employers may consider obtaining signed business associate agreements or HIPAA authorizations from their employees before any injury or accident occurs. This will ensure they are able to get the appropriate protected medical information from the hospitals so they can report “serious injury or illness” accurately and timely to Cal/OSHA. 

Therefore, it is extremely important for employers to learn the existing laws and new changes to these laws and have a plan of action in place to address these concerns before the next serious injury, illness, or death occurs.

Currently, reporting to Cal/OSHA can be made by telephone or e-mail. With these reporting changes, Cal/OSHA has also been directed to establish an on-line mechanism for reporting these injuries. It is always important to document when these incidents are reported to Cal/OSHA. Until an online mechanism is established, use of e-mail would be such method for documentation. Monitoring of the Cal/OSHA website for implementation of the on-line mechanism of reporting is also suggested.

For more information on how to report serious injuries and illnesses to Cal/OSHA, please reference “Cal/OSHA Updates: AB 1804 Changes How Injuries and Illnesses Are Reported.”

For more information about what is considered a serious injury or illness under Cal/OSHA, please reference “Cal/OSHA Updates: AB 1805 Changes Definition of Serious Injury or Illness.”

As technology and the common usage of the internet in business grow, Cyber Crime is an ever increasing exposure for businesses.  Most businesses carry large quantities of sensitive data that if breached, can create a financial and administrative headache.  Many business owners are unaware of the real exposures they have should their information be compromised, whether directly or indirectly.  Here are two of the most common costs:

Required Notifications under HIPAA
Businesses are required to notify affected individuals following the discovery of a breach.  If more than 500 individuals are affected in a given state or jurisdictions, they are required to notify the media as well.  A 2015 article from the HIPAA Journal estimated the average cost per record is $154.  That means if you had a known breach resulting in 100 clients’ information being breached (regardless of what they do with the information) you would be paying roughly $15,000 just to notify the public.  This does not include the added IT costs needed to further investigate/mitigate any losses.

Violations Under HIPAA
Violations vary depending on the degree to which a business is found negligent.  The mildest violation is a Category 1, while the most severe is a Category 4.  In the case of a Category 1 violation, a business will be penalized $100 per violation, even if they were unaware and reasonably could not have avoided a breach.  Category 4 violations can be up to $50,000 per violation.

This is an ever growing exposure that is often overlooked until it happens and then the realization of what’s required hits home.  However, there is a way for companies of all sizes to protect themselves from these exposures by including Cyber Liability coverage as a part of their risk management program.  This coverage is available and will step in and pay some of the costs associated with a breach.  These costs include HIPAA fines, notification costs, credit protection costs and forensic investigation. 

This is such a growing area of concern that we have scheduled a “Cyber Liability” workshop for May 10th where an expert on this topic from Philadelphia Insurance Company will lead the workshop and provide both an overview of the trends and threats as well as answering specific questions.  If you or someone from your company is interested in attending this workshop, you can register for it below.  

Contact our Rancho Mesa staff to learn more about Cyber Liability.