HHS releases voluntary cybersecurity practices for health industry

(Washington, DC – Insurance News 360) – On Dec. 28, the Department of Health and Human Services (HHS) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four volume publication, aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.

This was report came from a mandate to develop practical cybersecurity guidelines to reduce risks for the industry, as part of the Cybersecurity Act of 2015 Section 405(d). The publication is an end of a two-year effort bringing together over 150 cybersecurity and healthcare experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. It was the result of a true public-private partnership to better secure the nation’s health systems.

“Cybersecurity is everyone’s responsibility.  It is the responsibility of every organization working in healthcare and public health.  In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” said Janet Vogel, HHS Acting Chief Information Security Officer.

Technologies that are vital to the healthcare industry and help provide life-saving treatments and improve patient care are also susceptible to attacks. They can be exploited for personal data or to shut down entire hospital systems.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine.

The HICP publication aims to provide cybersecurity practices for this sector to improve the security and safety of patients. It recommends 10 Cybersecurity Practices to help mitigate these threats. It also lays out a call to action for all industry stakeholders, from C-suite executives and healthcare practitioners to IT security professionals, that protective and preventive measures must be taken now.

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at www.phe.gov/405d.

Source: U.S. Department of Health and Human Services (HHS).

U.S. Department of Labor recovers $49,269 for employees after investigating overtime violations by Jacksonville, FL Company

(Jacksonville, FL – Insurance News 360) – Following an investigation by the U.S. Department of Labor Jacksonville-based Stone World Imports and Manufacturing, Inc. paid $49,269 in back wages to 21 employees. The investigation revealed that the company paid only straight time rates to employees, not overtime when warranted. The failure to pay time-and-a-half for hours worked above 40 in a work week is a violation of the Fair Labor Standards Act.

“The Fair Labor Standards Act requires employers to maintain accurate records of the number of hours employees work, and pay proper overtime when they work more than 40 hours in a workweek,” said Wage and Hour Division District Director Daniel White, in Jacksonville. “The Wage and Hour Division works to ensure that employees receive the wages they rightfully earned, and that employers compete on a level playing field. We encourage all employers to reach out to us and to use the wide variety of tools we offer to help them understand their responsibilities.”

For more information about the FLSA and other laws enforced by the Wage and Hour Division, contact the toll-free helpline at 866-4US-WAGE (487-9243). Employers who discover overtime or minimum wage violations may self-report and resolve those violations without litigation through the PAID program. Information is also available at https://www.dol.gov/whd.

Source: U.S. Department of Labor.

Edgar hacking case ends in charges by SEC

(Washington, DC – Insurance News 360) – On Jan. 15, the Securities and Exchange Commission charged nine individuals participating in a previously-disclosed scheme to hack the SEC’s EDGAR system to get non-public information for illegal trading.

Those charged are an Ukranian hacker, six individuals in California, Ukraine, Russia and two entities.

According to the SEC complaint, Ukrainian hacker Oleksandr Ieremenko hacked newswires, then turned his attention to EDGAR and, using deceptive hacking techniques, gained access in 2016. He extracted files containing non-public earnings results and passed the information to individuals who used it to trade before companies released info to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Enforcement Division Co-Director Stephanie Avakian. “Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”

The SEC’s complaint alleges that the following traders received and traded on the basis of the hacked EDGAR information:

• Sungjin Cho, Los Angeles, California
• David Kwon, Los Angeles, California
• Igor Sabodakha, Ukraine
• Victoria Vorochek, Ukraine
• Ivan Olefir, Ukraine
• Andrey Sarafanov, Russia
• Capyield Systems, Ltd. (owned by Olefir)
• Spirit Trade Ltd.

In a parallel action, the U.S. Attorney’s Office for the District of New Jersey also announced related criminal charges.

Source: U.S. Securities and Exchange Commission.

Audit firm, partners charged for deficient audits

(Washington, DC – Insurance News 360) – On Dec. 21, the Securities and Exchange Commission filed settled charges against national audit firm Crowe LLP, two of its partners, and two partners of a now-defunct audit firm for their significant failures in audits of Corporate Resource Services Inc., which went bankrupt in 2015 after the discovery of approximately $100 million in unpaid federal payroll tax liabilities.

The SEC’s order against Crowe finds that its audit team identified pervasive fraud risks in connection with its 2013 audit of Corporate Resource Services yet failed to:

Include procedures designed to detect the company’s undisclosed payroll tax obligations;

Properly identify and audit the company’s related-party transactions;

Obtain sufficient appropriate audit evidence to respond to these fraud risks, support recognition of revenue, and otherwise support the audit opinion;

Evaluate substantial doubt about the company’s ability to continue as a going concern; and

Conduct a proper engagement quality review.

According to the order, Crowe was not independent, because of an ongoing direct business relationship with Corporate Resource Services. Audit deficiencies occurred despite the involvement of Crowe’s national office, which was aware of the high-risk nature of the engagement and the inability to obtain appropriate evidence. The order also finds that Crowe’s engagement partner, Joseph C. Macina, and engagement quality reviewer, Kevin V. Wydra, caused Crowe’s audit failures.

A related order finds that Mitchell J. Rubin and Michael Bernstein, former partners at Rosen, Seymour, Shapps, Martin & Co., LLP, engaged in fraud and performed a highly deficient audit of Corporate Resource Services’ 2012 financial statements, which amounted to no audit at all, and that Bernstein caused the firm to lack the required independence when he failed to comply with partner rotation requirements.

“The audit standards are designed to ensure that public accounting firms have reasonable procedures to identify and respond to illegality and issues that pose material risks to the integrity of an issuer’s financial statements,” said Anita B. Bandy, Associate Director in the Division of Enforcement. “As set out in our order, the pervasive audit failures of Crowe and these accountants left investors with a misleading picture of Corporate Resource Services’ financial condition.”

Crowe will pay a $1.5 million penalty, be censured, and retain an independent compliance consultant to review its audit policies and procedures. Macina, Rubin, and Bernstein each agreed to pay a $250,000 penalty. Wydra will pay a $15,000 penalty. Macina, Wydra, Rubin, and Bernstein are suspended from appearing and practicing before the SEC as an accountant, which includes not participating in the financial reporting or audits of public companies. The SEC’s order permits Macina and Wydra to apply for reinstatement after three years and one year, respectively. Crowe, Macina, Wydra, Rubin, and Bernstein, who settled without admitting or denying the findings, also were ordered to cease and desist from future violations.

The SEC’s investigation continues and has been conducted by Sharan K.S. Custer, Ernesto Amparo, Regina Barrett, and Kam Lee, and supervised by Ms. Bandy and Kristen Dieter.

Source: U.S. Securities and Exchange Commission.

U.S. Department of Commerce Finds Dumping and Countervailable Subsidization of Imports of Plastic Decorative Ribbon from China

(Washington, DC – Insurance News 360) – On Dec. 21, 2018, the U.S. Department of Commerce announced the final determinations in investigations into the antidumping duty and countervailing duty (CVD) of imports of plastic decorative ribbon from China. These investigations revealed that exporters sold plastic decorative ribbon at less than fair value in the United States at rates ranging from 54.21 to 370.04 percent. Exporters also received countervailable subsidies at rates ranging from 14.27 to 94.67 percent.

After publication of the final affirmative antidumping determination, the Department of Commerce is to direct U.S. Customs and Border Protection to take antidumping cash deposits equal to the applicable final weighted-average dumping margins. Regarding the CVD determination, if the International Trade Commission makes an affirmative injury determination, the U.S. Department of Commerce will also tell U.S. Customs and Border Protection to collect CVD cash deposits that equal subsidy rates.

In 2017, imports of certain plastic decorative ribbon from China were valued at an estimated $22.5 million.

The ITC is set to make final determinations on Feb. 4. If there are affirmative injury determinations, Commerce will issue orders to Customs and Border Patrol. If the determinations are negative, the investigations will be dropped.

As a primary focus of the Trump Administration, Commerce has initiated 137 new antidumping and countervailing duty investigations since President Trump took office. This is an increase of more than 300 percent over the same time frame in the previous administration.

Click HERE for a fact sheet on  these decisions.

Source: U.S. Department of Commerce.

Oklahoma Oil Service Waste Disposal Company Resolves Overtime, Child Labor Violations Found in U.S. Department of Labor Investigation

(Oklahoma City, OK – Insurance News 360) – Following an investigation by the U.S. Department of Labor’s Wage and Hour Division, Oklahoma City’s Backyard Energy Services paid $253,399 in back wages and a civil penalty of $2,163 for violations of the Fair labor Standards Act, child labor laws, and record keeping issues.

The Department of Labor notes that Backyard Energy Services violated federal overtime law by misclassifying employees as independent contractors paid a flat daily rate when they worked more than 40 hours in a week. They also misclassified intrastate drivers as exempt from FLSA-overtime rules, paying flat salaries without overtime pay for work over 40 hours in a week. The DOL also says they didn’t keep records of how long employees worked.

In addition, Backyard Energy Services violated child labor laws when it employed a 17-year-old to operate a front-end loader and track hoe.

“Employers have a legal responsibility to pay their employees for all of the hours that they work, including overtime hours,” said Wage and Hour Division District Director Michael Speer, in Oklahoma City, Oklahoma. “By enforcing the FLSA, the U.S. Department of Labor helps to level the playing field for all employers and ensure workers get the wages and employment protections they are due.”

Source: U.S. Department of Labor.

Model, dealer selection affected by word-of-mouth and online research when looking for a new car

(Singapore – Insurance News 360) – In the United Arab Emirates, nearly 75 percent of buyers ask friends or relatives for car advice, or do online research to choose a model and brand of vehicle to purchase, according to the JD Power 2018 UAE Sales Satisfaction Index study.

Vehicle pricing, features specifications, warranty, sale promotions, and dealer information are the most-cited information searched for by vehicle buyers who look online. But, 18 percent visit the dealer they end up purchasing from

Sixty-eight percent of new vehicle buyers who looked online did contact the purchasing dealership for one reason or another. The study did reveal that individuals who shop online are slightly less satisfied with their purchase than those who buy in person.

“As the path to new vehicle purchases increasingly relies on online sources, it is imperative for manufacturers and dealerships to design websites that feature the required information sought by buyers and are easy to navigate across multiple devices,” said Shantanu Majumdar, Regional Director Automotive Practice at J.D. Power. “Given that word-of-mouth plays a strong role in influencing purchase decisions, dealerships that can actively manage their reputation online stand a better chance to enhance their retail experience, and ultimately, win new customers.”

Study Rankings

In the mass market category, Kia ranks highest in sales satisfaction, followed by Ford and Nissan. In the luxury category, Land Rover has the highest satisfaction ratings, followed by BMW and Infiniti.  859. Ford ranks second with a score of 855, while Nissan ranks third with a score of 854.

The 2018 U.A.E. Sales Satisfaction Index (SSI) Study measures satisfaction with the sales experience among new-vehicle buyers. Buyer satisfaction is based on six measures: dealership facility (25%); delivery process (23%); dealer sales consultant (20%); paperwork completion (17%); working out the deal (10%); and dealership website (5%).

The study is based on responses from 2,083 buyers who purchased or leased their new vehicle between March through November 2018. The study is a comprehensive analysis of the new-vehicle purchase experience and measures customer satisfaction with the selling dealer (satisfaction among buyers). The study occurred  from July through November 2018.

Source: J.D. Power.

Final Rule Creates Pathways to Success for the Medicare Shared Savings Program

(Baltimore, MD – Insurance News 360) – The Centers for Medicare and Medicaid Services (CMS) issued a final rule which creates a new direction for the Medicare Shared Savings Program. The new direction is called Pathways to Success and redesigns participation options to encourage Accountable Care Organizations to move to performance-based risk more quickly, and for those ACOs that are eligible to increase savings for trust funds. They also address additional tools and flexibilities for these organizations, as established in the Bipartisan Budget Act of 2018.

These additional tools include new beneficiary incentives, telehealth services and choice beneficiary assignment methodology. This final rule also finalizes the program’s policy for extreme and uncontrollable circumstances for performance year 2017.

CMS will offer an application cycle for a single new agreement period starting July 1, 2019, to avoid interrupting participation by ACOs  that elected on Dec. 31, 2018 to extend their agreement period for an additional six month performance year.

CMS will resume the usual annual application cycle for agreement periods starting on January 1, 2020, and in subsequent years.

Major changes include the availability of an optional 6-month extension for ACOs whose agreements expired on Dec. 31, 2018, methodology for determining financial and quality performance, ; a reduction in the Shared Savings Program core quality measure set by eight measures and a new Certified EHR Technology (CEHRT) threshold criterion to determine ACOs’ eligibility for program participation in order to promote interoperability among ACO providers/suppliers; refinements to the voluntary alignment process. They also implement policies to address the impact of these changes are expected to allow beneficiaries more flexibility when choosing medical providers.

Shared Savings Program ACOs serve more than 10.5 million Medicare fee-for-service beneficiaries. This program helps CMS payment systems to move from pay for volume to instead look at paying for value and outcomes.  The Shared Savings Program originally had three tracks, and the most popular seems to be a one-sided shared savings-only model in Track 1. ACOs receive a share of savings under their benchmark, but are not required to repay a share of spending over the benchmark.  Tracks two and three give ACOs a larger portion of savings under benchmark, but those ACOs are required to share the losses if they spend above the benchmark.

There are now two options starting July 1, 2019 and in subsequent years:

(1) BASIC track, which would allow eligible ACOs to begin under a one-sided model and incrementally phase-in higher levels of risk that, at the highest level, would qualify as an Advanced Alternative Payment Model (APM) under the Quality Payment Program, and

(2) ENHANCED track, based on the program’s existing Track 3, which provides additional tools and flexibility for ACOs that take on the highest level of risk and potential reward. Appendix A summarizes the characteristics of the participation options.

The BASIC track’s glide path offers an incremental approach to transitioning eligible ACOs to higher levels of risk and potential reward. The glide path includes 5 levels:  a one-sided model available only for the first two years to most eligible ACOs (ACOs identified as having previously participated in the program under Track 1 would be restricted to a single year under a one-sided model, but new, low revenue ACOs that are not identified as re-entering ACOs would be allowed up to three years under a one-sided model); and three levels of progressively higher risk in years 3 through 5 of the agreement period.

Under Levels A and B of the glide path, an ACO’s maximum shared savings rate under a one-sided model will be 40 percent based on quality performance, applicable to first dollar shared savings after the ACO meets the minimum savings rate. Under Levels C, D, and E of the glide path, an ACO can earn up to a maximum 50 percent sharing rate under a two-sided model, based on quality performance. The glide path concludes with a maximum level of risk that qualifies as an Advanced APM for purposes of the Quality Payment Program.

ACOs in the BASIC track glide path generally will be automatically advanced at the start of each performance year along the progression of risk/reward levels or could elect to move more quickly to a higher level of risk/reward, over the course of their agreement period. While the typical agreement period will be 5 years in duration, with 12-month performance years based on calendar years, ACOs entering an agreement period beginning on July 1, 2019, would participate in a first performance year of 6 months for the period from July 2019 – December 2019 plus 5 additional years in their first agreement period. For ACOs entering the BASIC track’s glide path for an agreement period beginning on July 1, 2019, the first automatic advancement occur at the start of performance year 2021.  Additionally, a new, low revenue ACO in the glide path that is not identified as a re-entering ACO will be permitted to choose to remain at Level B for an additional year, in exchange for agreeing to progress immediately to Level E at the start of the fourth performance year (or fifth, in the case of an agreement period starting on July 1, 2019).

The eligibility criteria for the BASIC track and ENHANCED track recognize differences in ACO participants’ Medicare FFS revenue and the experience of the ACO and its ACO participants with performance-based risk Medicare ACO initiatives. We will determine whether an ACO is a low revenue ACO versus a high revenue ACO, and whether an ACO is experienced or inexperienced with performance-based risk Medicare ACO initiatives. Based on stakeholder feedback, we have increased the threshold for low revenue ACOs to include ACOs with ACO participants’ total Medicare Parts A and B FFS revenue of less than 35 percent of the total Medicare Parts A and B FFS expenditures for the ACO’s assigned beneficiaries to capture additional ACOs, especially those that include clinics or smaller institutional providers, including rural ACOs. Ultimately, all ACOs are expected to transition to the ENHANCED track under the redesigned program. Low revenue ACOs are allowed additional time under lower-risk options within the BASIC track, while ACOs identified as high revenue are required to transition to the ENHANCED track more quickly.

Source: Centers for Medicare & Medicaid Services.

Department of Transportation announces $908 million loan for Cotton Belt Corridor Regional Rail Project

(Washington, WA – Insurance News 360) – On Dec. 21, U.S. Transportation Secretary Elaine L. Chao announced the Build America Bureau has awarded a $908 million Railroad Rehabilitation and Improvement Financing (RRIF) direct loan to Dallas Area Rapid Transit to finance the Cotton Belt Corridor Regional Rail Project.

“This financing demonstrates the Department’s commitment to serving as a trustworthy partner to regional and local agencies, which are at the forefront of developing infrastructure solutions to meet the needs of their communities,” said Secretary Chao.

The Cotton Belt Corridor Regional Rail Project is a 26-mile passenger railroad from Dallas-Fort Worth (DFW) International Airpor to the Plano/Richardson area, covering three counties and seven cities.  The project will be constructed primarily within the existing DART-owned railroad right-of-way. The tracks are currently used for freight rail service provided by short line and regional carriers. The project will upgrade existing track to meet passenger rail standards, convert single-track to double, and build 10 new stations. Funds will also be  used to acquire eight vehicles.

The Cotton Belt Corridor Regional Rail Project is expected to improve mobility, accessibility, and system linkages to major employment, population, and activity centers in the northern part of Dallas, which has long been identified as a heavily congested area in need of additional capacity and mobility solutions.  When operational, the project will provide a cross regional route linking DART’s Red, Green, and Orange lines, as well as the Denton County Transportation Authority (DCTA) A-Train.

The Bureau, which administers the RRIF credit program, was established as a “one-stop shop” to streamline credit opportunities, while also providing technical assistance and encouraging innovative best practices in project planning, financing, delivery, and monitoring.

Source: U.S. Department of Transportation.

Vermont Department of Financial Regulation and Secretary of State Collaborate on Captive Insurance Blockchain Pilot

(Montpelier, VT – Insurance News 360) – Vermont Department of Financial Regulation Commissioner Michael Pieciak and Secretary of State Jim Condos on Jan. 9 signed a memorandum of understanding regarding a collaboration to explore blockchain technology and its use in digital record keeping practices of the captive insurance industry.

The next day the two offices issued a request for information to identify vendors who may work with Vermont to create a pilot program allowing new captive insurance companies to register with the Secretary of State’s office using blockchain technology.

The program is meant to test the functionality of blockchain in the state’s regulatory processes. It will include a review and revision of relevant statutes, rules, regulations and bulletins to ease implementation.

“Developments in technology provide opportunities for government to improve efficiency and transparency, cut red tape, and improve services for Vermonters,” said Secretary Condos. “This pilot will allow us to examine whether or not the application of blockchain technology for digital recordkeeping can improve aspects of the state regulatory process.”

Blockchain or similar digital ledger technology is designed to create a transparent and validated record of transactions, while providing increased efficiency, accuracy, and security for users when compared to traditional recordkeeping methods.

“Financial services firms are innovating at lightning speed and regulators have an obligation to keep up,” said Commissioner Pieciak. “This partnership with the Secretary of State provides a great opportunity for our teams to become better acquainted with distributed ledger technology and understand how the state and Vermont businesses might benefit.”

Vermont is the world-wide leader in captive insurance by premium written and third in the world by active licenses.

The pilot program will help the state identify areas where the use of blockchain technology in regulatory and other government business may increase data security and reduce costs for residents and those doing business in Vermont.

The adoption of this emerging technology may yield significant benefits such as more efficient administration of their respective duties while maximizing taxpayer value for Vermont’s citizens.

Questions related to the RFI are due on January 24, 2019 and the RFI is due on February 14, 2019.

Connect with the Vermont Department of Financial Regulation on Twitter, Facebook, and on our website.

Source: Vermont Department of Financial Regulation.