Cyber Risks & Liabilities: Complying with HIPAA

By | April 25, 2014

Technology Risk InsightsThe Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses the privacy of individuals’ health information by establishing a federal standard concerning the privacy of health information and how it can be used and disclosed.


As health care institutions began storing larger volumes of private health data digitally, the need to protect this sensitive data from loss or theft grew.

To address this risk, the U.S. Department of Health and Human Services (HHS) issued HIPAA’s Privacy Rule and Security Rule in August 1996.

The Privacy Rule standards address the use and disclosure of individuals’ health information (called “protected health information”) by organizations subject to the Privacy Rule (called “covered entities”) as well as standards for individuals’ privacy rights to understand and control how their health information is used.

The Security Rule establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form.

All covered entities were required to be in compliance by April 14, 2003, for the Privacy Rule and April 20, 2005, for the Security Rule.

What is a Covered Entity?

HIPAA defines “covered entities” as

  • Health care providers
  • Health plans
  • Health care clearing houses

If you are not sure whether your organization is a covered entity, the Centers for Medicare & Medicaid Services (CMS) has an easy-to-follow chart available at

HIPAA Requirements for Your Organization

Essentially, HIPAA has two primary components that your firm must follow:

  • Administrative simplification, which calls for use of the same computer language industry-wide
  • Privacy protection, which requires covered entities to take “reasonable” measures to protect patient health information

If your organization is a covered entity, you must comply with the following:

  • Implement a required level of security for health information, including limiting disclosures of information to the minimum necessary to accomplish the intended purpose. This standard does not apply to:
    • Disclosures to or requests by a health care provider for treatment purposes
    • Disclosures to the individual who is the subject of the information
    • Uses or disclosures made pursuant to an individual’s authorization
    • Uses or disclosures required for compliance with HIPAA’s Administrative Simplification Rules.
    • Disclosures to HHS when disclosure of information is required under the Privacy Rule for enforcement purposes.
    • Uses or disclosures that are required by other law.
    • Designate a privacy officer and contact person
    • Train employees on privacy policies
    • Establish sanctions for employees who violate privacy policies
    • Establish administrative systems that can respond to complaints about health information, respond to requests for corrections of health information by a patient, accept requests not to disclose for certain purposes and track disclosures of health information
    • Create a privacy notice to patients concerning the use and disclosure of their protected health information

Cyber Liability and HIPAA

Patients’ health information is extremely sensitive and should always be handled with the utmost care. All it takes is a simple misclick or misspelling to send private information to the wrong person. Such a mistake could lead to a lawsuit and/or fines.

It’s important to remember that HIPAA protects patients, not covered entities. That’s why it’s critical that your organization has a cyber liability insurance policy to cover any potential data breaches. According to the Ponemon Institute’s Cost of a Data Breach Survey, the average per record cost of a data breach was $188 in 2012, and the average organizational cost of a data breach was $5.4 million.

If a Data Breach Occurs

If a data breach occurs, notify your state’s public health department immediately. Failing to do so can result in fines upward of $250,000.

Under HIPAA, covered entities must immediately notify affected individuals following the discovery of a breach of unsecured protected health information.

Covered entities that experience a breach affecting more than 500 residents of a state or jurisdiction are, in addition to notifying the affected individuals, required to provide notice to prominent media outlets serving the state or jurisdiction.

In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of breaches of unsecured protected health information.

Plan Ahead

You can never see a data breach coming, but you can always plan for a potential breach. Contact The Buckner Company today. We have the expertise to ensure you have the proper coverage to protect your company against a cyber attack.

Cyber Risks & Liabilities: Defining, Identifying, and Limiting Cyber Crime

By | April 25, 2014

Technology Risk InsightsA vast amount of information is now stored on computer servers and databases, and it’s growing every day. Because that information has great value, hackers are constantly looking for ways to steal or destroy it.

Cyber crime is one of the fastest growing areas of criminal activity. It can be defined as any crime where:

  • A computer is the target of the crime
  • A computer is used to commit a crime
  • Evidence is stored primarily on a computer, in digital format

Understanding the various types of cyber crimes can help [C_Officialname] identify and plan for a potential cyber crime against your firm.

Computer Intrusions

It is both a federal and state crime to gain unauthorized access to a computer system. There are seven different offenses that can be characterized as unauthorized access or computer intrusion:

  1. Obtaining national security information
  2. Compromising confidentiality
  3. Trespassing in a government computer
  4. Accessing to defraud and obtain value
  5. Damaging a computer or information
  6. Trafficking in passwords
  7. Threatening to damage a computer

Types of Computer Intrusions

Computer intrusions can come from an internal source, such as a disgruntled employee with an intimate knowledge of the computer systems, or an external source, such as a hacker looking to steal or destroy a company’s intangible assets. The hacker can use a host of different means to try and steal or destroy your data in the following ways:

  • Viruses – A virus is a small piece of software that attaches itself to a program currently on your computer. From there, it can attach itself to other programs and can manipulate data. Viruses can quickly spread from computer to computer, wreaking havoc the entire way. Email viruses became a popular method for hackers to infect computers in the late 1990s. These viruses were triggered when a person downloaded an infected document. When the document was opened, the virus would send that document to the first few recipients in the person’s email address book. Some email viruses were so powerful that many companies were forced to shut down their email servers until the virus was removed.
  • Worms – A worm is a computer program that can copy itself from machine to machine, using a machine’s processing time and network’s bandwidth to completely bog down a system. Worms often exploit a security hole in some software or operating system, spreading very quickly and doing a lot of damage to a business.
  • Trojan horses – Common in email attachments, Trojans hide in otherwise harmless programs on a computer and, much like the Greek story, release themselves when you’re not expecting it. And also like the story, the computer user has a part in letting the Trojan into the system. Trojans differ from viruses in that they must be introduced to the system by a user. A user can knowingly or unknowingly run an .exe file that will let a Trojan into the system.
  • Spyware – Spyware can be installed on a computer without the user ever knowing it, usually from downloading a file from an untrusted source. Spyware can be used by hackers to track browsing habits or, more importantly, collect personal information such as credit card numbers.
  • Logic bombs – Logic bombs are pieces of code that are set to trigger upon the happening of an event. For example, a logic bomb could be set to delete all the contents on a computer’s hard drive on a specific date. There are many examples of disgruntled employees creating logic bombs within their employer’s computer system. Needless to say, logic bombs can cause serious damage to a company’s digital assets.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks – DoS and DDoS attacks are used to send an overwhelming amount of data to a target server, rendering that server useless. A hacker does this by gaining control of several or more computers and then sending a large amount of data to a target server that it can’t possibly handle. The result could be thousands or millions of dollars in lost sales for an online retailer and a complete loss of productivity for many businesses.

Limiting Intrusions

A computer intrusion could put your valuable digital assets at risk. That’s why your company should have the following measures in place to limit computer intrusions and protect your assets:

  • Firewalls – Firewalls are pieces of software that control the incoming and outgoing network traffic on a computer system and decide whether it should be allowed through or not. Most computer operating systems now come with a preinstalled firewall for security. While they are not the be-all and end-all of preventing intrusions, they are a reliable start.
  • Routers – Routers are pieces of hardware that keep unwanted traffic out of a computer system. They differ from firewalls in that they are stand-alone devices that must be bought separately–they are not included in an operating system.
  • Antivirus programs – As their name implies, antivirus programs are designed to catch and eliminate or quarantine viruses before they can harm a computer system. Antivirus programs run in the background to ensure your computer is protected at all times. While they are updated frequently, they may not catch the newest viruses that are floating around.
  • Policies – Every company, no matter its size, should have policies in place to educate employees on the dangers of computer intrusions and ways to prevent them. Make sure your employees know not to open, click on or download anything inside emails from untrusted sources. Employees with an intimate knowledge of the company’s computer network should also be alerted of the potential consequences of hacking into the system.
  • Common sense – Everyone claims to have it, but if that were actually the case, many viruses, worms and Trojans would cease to exist. The simple fact is that everyone in the company needs to exhibit some common sense when using a computer. Encourage employees to disregard emails with subject lines and attachments that seem bogus or too good to be true.

Review Your Risks and Coverage Options

A computer intrusion could cripple your company, costing you thousands or millions of dollars in lost sales and/or damages. Contact The Buckner Company today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from computer intrusions.

Cyber Risks & Liability: Basic Loss Control Techniques

By | April 25, 2014

Technology Risk InsightsProtecting your business from cyber risks can be an overwhelming venture. A new day means more viruses are being discovered, more spam is being delivered to your inbox and yet another well-known company is the victim of a data breach.


The world will never be free of cyber risks, but there are many loss control techniques you can implement to help protect your business from exposures.


  1. 1.     Install a firewall for your network.

Operating systems often come with pre-installed firewalls, but they are generally designed to protect just one computer. Examine the firewall’s options and select the best configuration to keep the computer safe.


If your business has a network of five or more computers, consider buying a network firewall. They can be pricey but network firewalls provide a fine level of coverage for an entire network.


  1. 2.     Install anti-virus, anti-malware and anti-spyware software.

This loss control technique is the easiest and most effective way to increase security at your business. Make sure to install the software on each computer in your network—computers that don’t include these types of software are much more likely to be exposed and can possibly spread malware to other computers in the network. There are a host of viable options for each type of software, ranging in price from free to an annual subscription. Be sure to keep the software as up-to-date as possible.


  1. 3.     Encrypt data.

No firewall is perfect. If a hacker manages to get through your firewall and into your network, your data could be a sitting duck. Encryption will make the data unreadable to a hacker. Consider using an encryption program to keep computer drives, files and even email messages safe from hackers.


  1. 4.     Use a Virtual Private Network (VPN).

A VPN allows employees to connect to your company’s network remotely. VPNs eliminate the need for a remote-access server, saving companies lots of money in remote server costs. In addition to these savings, VPNs also provide a high level of security by using advanced encryption and authentication protocols that protect sensitive data from unauthorized access. If your company has salespeople in the field or employs workers who work from home or away from the office, a VPN is an effective way to minimize cyber risks.


  1. 5.     Implement an employee password policy.

One of the most overlooked ways to keep your business safe is instituting a password policy. Essentially, a password policy should force employees to change work-related passwords every 90 days. The policy should encourage the creation of easy-to-remember, hard-to-guess passwords that include letters, numbers and special characters. For example, an easy-to-remember, hard-to-guess password could be “M1dwbo1025.” (My first daughter was born on Oct. 25th.)


Passwords that contain words from the dictionary or contain sensible combinations (abc123, qwerty, etc.) should never be allowed. Let employees know that they should not write passwords down and leave them in a desk or out in the open. If they are having trouble remembering passwords, there are password-keeping programs available for download.


  1. 6.     Back up data regularly.

Important data should be backed up daily and in multiple locations, one being off-site. In addition to being safe from cyber risks, off-site data would not be exposed from physical attacks, like a fire or tornado.


Restrict access to backed up data. The public should never have access to it. If the data is tangible, keep it in locked filing cabinets in a locked room, and only issue keys to those who absolutely need them.


  1. 7.     Develop a business continuity plan.

If the worst should happen and your company suffers a data breach or similar attack, you should have a business continuity plan in place. A business continuity plan helps:

  • Facilitate timely recovery of core business functions
  • Protect the well-being of employees, their families and your customers
  • Minimize loss of revenue/customers
  • Maintain public image and reputation
  • Minimize loss of data
  • Minimize the critical decisions to be made in a time of crisis


The plan should identify potential cyber risks, along with the recovery team at your company assigned to protect personnel and property in the event of an attack. The recovery team should conduct a damage assessment of the attack and guide the company toward resuming operations.


We Are Your Loss Control Expert

Keeping your data safe from cyber risks requires constant attention to ensure an attack never happens. The Buckner Company has the resources and know-how to help you identify potential risks and keep your business running smoothly in the event of an attack.

Construction Risk Insights: Providing Safety for Women in Construction

By | April 22, 2014

Construction Risk InsightsAs increasing numbers of women enter the construction trades, concerns about their health and safety are growing. In addition to the primary safety and health hazards faced by all construction workers, there are safety and health issues specific to female construction workers. The small percentage of females within the construction trades and the serious health and safety problems unique to female construction workers have a circular effect. Safety and health problems in construction create barriers to women entering and remaining in this field. In turn, the small numbers of women workers on construction worksites foster an environment in which these safety and health problems arise or continue.

Hazards for Women on Construction Sites

  1. 1.       Workplace culture – The construction industry has been overwhelmingly male-dominated for years, and on many job sites, female construction workers are not welcome. Isolation—working as the only female on a job site or being ostracized by co-workers—evokes both stress and fear of assault. Many female construction workers say that they are reluctant to report workplace safety and health problems for fear of tagged as complainers or whiners, which would further strain their workplace relationships and jeopardize their employment.
  2. 2.       Hostile workplace – A hostile workplace presents safety and health concerns on several levels, ranging from a lack of training and safety information to physical assault. The effects of a hostile workplace can be reflected in acute as well as chronic stress reactions. OSHA has already begun to recognize workplace violence as an occupational safety and health issue.
  3. 3.       Sexual harassment – Sexual harassment is a serious problem for female construction workers. Sex discrimination and anti-women attitudes are still prevalent on worksites, despite the fact that sex discrimination is illegal. According to a USA Today analysis of U.S. Equal Employment Opportunity Commission and Bureau of Labor Statistics data, female construction workers had the second-highest rate of sexual harassment complaints per 100,000 employed women. Female miners had the highest rate.

Sexual harassment complaints at worksites range from subtle forms such as being stared at or seeing “pinups” of naked and nearly naked women to more blatant forms such as unwanted sexual remarks (including comments on appearance), being touched in sexual ways and sexual assault.

One illustration of how sexual harassment is an occupational safety and health issue can be found in a recent settlement between a construction company and 14 employees, seven of them female. According to the Department of Labor, L&M Construction permitted sexual harassment, retaliated against workers who complained about a hostile work environment and interfered with a federal investigation. During a workers’ outreach forum in May 2012, department officials were alerted to complaints of sexual harassment that included inappropriate touching, lewd acts, sexual gestures, comments and propositions directed at female employees of L&M between May 1, 2011, and April 30, 2012. Officers discovered that the company terminated nine employees for complaining about the hostile work environment created by this harassment and then fired five more workers to prevent them from being interviewed during a compliance review.

  1. 4.       Hazard reporting – The work culture described above—combined with female construction workers’ more tenuous hold on their jobs than that of the more senior workers or male workers—often deters women from reporting unsafe or unhealthy working conditions. Women in a NIOSH study reported that they could not bring up the issue of proper restrooms or worksite safety, because doing so might threaten their jobs.
  2. 5.       Access to sanitary facilities – Access to sanitary facilities is frequently a problem on new construction sites. Temporary facilities are usually unisex, often without privacy and generally not maintained well. The availability and cleanliness of restroom facilities are major concerns for women. According to a survey report by Chicago Women in Trades (CWIT), 80 percent of female construction workers have encountered worksites with dirty toilets or no toilets. Respondents to the CWIT survey said that facilities, when available, were filthy or were some distance from the site. Unclean facilities and the avoidance of using them can result in disease, including urinary tract infections (which can happen when a person delays urinating). Because of this, women report that they avoid drinking water on the job, risking heat stress and other health problems. Courts have found that the lack of appropriate sanitary facilities is discriminatory and violates OSHA standards.
  3. 6.       Personal protective equipment (PPE) and clothing (PPC) fitment – Many women in nontraditional jobs, such as the construction trades, complain of ill-fitting PPC and PPE. Clothing or equipment that is not sized properly or does not fit can compromise personal safety and the protection offered. It also may not function effectively in the manner for which it was designed. This can cause serious health and safety risks for women.

Ill-fitting PPE may be due to unavailability (i.e., manufacturers don’t make it or distributors don’t stock it), limited availability or lack of knowledge among employers and workers about where equipment designed for a woman’s body structure can be obtained.

  1. 7.       Ergonomics – Studies have shown that to reduce work-related musculoskeletal disorders, tools, materials and equipment should be designed based in part on ergonomic considerations. Tools and equipment, like clothing, are often designed to be used by average-sized men.

Handle size and tool weight are designed to accommodate the size and strength of men, yet the average hand length of women is 0.8 inches shorter than the average man’s. A woman’s grip strength averages two-thirds of the power of a man’s grip. The grips of tools are typically too thick. Tools like pliers require a wide grasp, which puts too much pressure on the palm, leading to the loss of functional efficiency. In addition, women do not receive training on how best to use tools and equipment designed for men.

  1. 8.       Reproductive hazards – There is inadequate information on the extent to which female construction workers are exposed to reproductive hazards in the workplace. Reproductive hazards are defined as chemical, physical or biological agents that can cause either reproductive impairment or adverse developmental effects on fetuses.

Only a few agents or conditions have been identified as being capable of producing structural abnormalities or birth defects, with a fraction of those being common to construction sites (e.g., polychlorinated biphenyls (PCBs), hypothermia and, for hazardous waste workers, ionizing radiation). In addition, several agents such as lead, solvents and pesticides have been recognized to affect sperm development. The vast majority of construction workers are of reproductive age and are at risk of potential harm if exposed to chemicals and conditions which have not been fully studied with respect to their reproductive hazards in humans.

Some employers find it easier to resolve potential problems by denying jobs to women, especially pregnant women. This is in spite of Supreme Court rulings prohibiting employers from continuing this practice. While these actions may be well-intended, their effect is needless limitation on work opportunities for women. This can lead to discriminatory treatment and result in a female construction worker hiding her pregnancy, possibly endangering herself and/or her unborn child.

Recommendations for Improving Female Safety

  • Workplace culture
  • Include sexual harassment prevention training in safety and health programs.
  • Ensure all communication materials are gender-neutral and include women. Visual materials should include examples of female construction workers to promote an integrated construction workplace.
  • To address the problem of workplace isolation, employers, apprenticeship programs and unions (where responsible) should assign female workers to work in groups of two or more when possible, especially those who are relatively new to the construction trade.
  • Make sure supervisors are trained in ensuring the safety of female workers and can answer any questions workers may have.
  • Sanitary facilities
  • Gender-separate sanitary facilities should be provided on worksites.
  • Where changing rooms are provided on construction sites, they should also be gender-separated and provided with inside and outside locking mechanisms.
  • Employees should be allowed to use sanitary or hand-washing facilities as needed.
  • Toilet facilities should be kept clean and in good repair with clean toilet paper within reach.
  • Hand-washing facilities should exist within close proximity to toilet facilities.
  • Health and safety training
  • Employers and unions should make skills training courses available and encourage all workers to take advantage of them.
  • Journeymen should establish mentoring relationships with new workers to provide informal skills and safety training.
  • Supervisors need to emphasize safety as well as productivity on the job site.
  • Employers should emphasize that safety training is as important as skills training.
  • PPE and PPC
  • The design of PPE and PPC for women should be based on female measurements.
  • Union apprenticeship programs should provide female construction workers with resources on where to find equipment and clothing that fits.
  • Employers should make sure that all workers of all sizes have well-fitting PPE and PPC for safe and efficient performance.
  • PPE intended for use by women workers should be based upon female anthropometric (body measurement) data.
  • Ergonomics
  • It should be accepted that some workers need to use different lifting and material handling techniques.
  • Employers, unions, apprenticeship programs and other training entities should review skills training programs to see whether alternative methods are included for getting work accomplished by workers of different sizes or strengths. All programs should emphasize the importance of safe lifting.
  • Workers need to hear from employers and unions that it’s acceptable to ask for help and to explore alternative ways to lift and carry.
  • All workers should be trained in the proper ways to lift and bend.
  • Reproductive hazards
  • Employers should post Safety Data Sheets (SDS) for each chemical present on the worksite.
  • Workers should read all SDSs and share the information with their physicians if they are pregnant or planning to start a family.
  • All workers should educate themselves about the potential reproductive risks from exposure to certain chemicals.
  • Employers should make reasonable accommodations for workers in later stages of pregnancy, rather than forcing them out of the workplace.
  • During the later stages of pregnancy, women should consult with their physicians about strenuous physical activities on the job.


Source: OSHA

Construction Risk Insights: Job-made Wooden Ladders

By | April 22, 2014

Construction Risk InsightsWorkers who use job-made wooden ladders risk permanent injury or death from falls and electrocutions. By understanding the hazards that workers are likely to encounter while working on job-made wooden ladders, employers can take steps to reduce injuries through proper training.

What is a Job-made Wooden Ladder?

A job-made wooden ladder is a ladder built at the construction site. It is not commercially manufactured. A job-made wooden ladder provides access to and from a work area. It is not intended to serve as a work platform. These ladders are temporary, and are used only until a particular phase of work is completed or until permanent stairways or fixed ladders are installed.

Training Requirements

Employers must provide a training program for employees who use ladders and stairways. The training must enable each worker to recognize ladder-related hazards and to use ladders properly to minimize hazards.


Constructing a Safe Job-made Wooden Ladder


Side rails

  • Use construction-grade lumber for all components.
  • Side rails of single-cleat ladders up to 24 feet long should be made with at least 2-by-6-inch nominal stock lumber.
  • Side rails should be continuous, unless splices are the same strength as a continuous rail of equal length.
  • The width of single-rung ladders should be at least 16 inches, but not more than 20 inches between rails measured inside to inside.
  • Rails should extend above the top landing between 36 inches and 42 inches to provide a handhold for mounting and dismounting, and cleats must be eliminated above the landing level.
  • Side rails of ladders that could contact energized electrical equipment should be made using nonconductive material. Keep ladders free of any slippery materials.



  • Cleats should be equally spaced 12 inches on center from the top of one cleat to the top of the next cleat.
  • Cleats should be fastened to each rail with three 12d common wire nails which are nailed directly onto the smaller surfaces of the side rails.
  • Making cuts in the side rails to receive the cleats is not advisable.
  • Cleats should be at least 1 inch by 4 inches for ladders 16 feet to 24 feet in length.


Filler Blocks

  • Filler should be 2-by-2-inch wood strips.
  • Insert filler between cleats.
  • Nail filler at the bottom of each side rail first. Nail the ends of a cleat to each side rail with three 12d common nails. One nail is placed 1½ inches in from each end of the filler block.
  • Nail the next two fillers and cleat, and then repeat. The ladder is complete when filler is nailed at the top of each rail.
  • Make all side rails, rungs and fillers before the ladder is assembled.


Inspecting Ladders

  • A competent person must visually inspect job-made ladders for defects on a periodic basis and after any occurrence that could affect their safe use.
  • Defects to look for include: structural damage, broken/split side rails (front and back), missing cleats/steps and parts/labels painted over.
  • Ladders should be free of oil, grease and other slipping hazards.


Safe Ladder Use—Dos:

To prevent workers from being injured from falls from ladders, employers are encouraged to adopt the following practices:

  • Secure the ladder’s base so that it does not move.
  • Smooth the wood surface of the ladder to reduce injuries to workers from punctures or lacerations and to prevent snagging of clothing.
  • Use job-made wooden ladders with spliced side rails at an angle so that the horizontal distance from the top support to the foot of the ladder is one-eighth the working length of the ladder.
  • Ensure that job-made wooden ladders can support at least four times the maximum intended load.
  • Only use ladders for the purpose for which they were designed.
  • Only put ladders on stable, level surfaces that are not slippery, unless they are secured to prevent accidental movement.
  • Ensure that the worker faces the ladder when climbing up and down.
  • Maintain a three-point contact (two hands and a foot, or two feet and a hand) when climbing a ladder.
  • Keep ladders free of any slippery materials.
  • Maintain good housekeeping in the areas around the top and bottom of ladders.


Safe Ladder Use—Don’ts:

To prevent injuries, employers are encouraged to avoid the following practices:

  • Painting a ladder with nontransparent coatings
  • Carrying any object or load that could cause the worker to lose balance and fall
  • Subjecting a job-made wooden ladder to excessive loads or impact tests


Contact The Buckner Company at [B_Phone] for additional information and employee training materials on ladder safety or fall prevention in general.


Source: OSHA

Work Comp Insights: The Defense Base Act

By | April 22, 2014

Work Comp InsightsThe Defense Base Act (DBA) was established in 1941 to protect workers on military bases outside the United States. Overseas federal military and public works contractors are subject to the same workers’ compensation rules—including the same insurance requirements and schedules of benefits for affected workers—as maritime firms covered by the Longshore and Harbor Workers’ Compensation Act (LHWCA). As an employer, it is your responsibility to buy insurance or to self-insure injuries sustained by workers covered in the DBA.



The DBA is an extension of the LHWCA, which was passed in 1927 to implement the uniformity of workers’ compensation benefits available to longshoremen and harbor workers from injuries that occur on the navigable waters throughout the United States.


The rules of the LHWCA apply to the DBA in regard to:

1. Compensation rates

2. Filing times

3. Forms

4. Appeals

5. Rules of evidence and submission

6. Medical benefits

7. Schedule for permanent loss


An amendment was added in 1958 to clarify that service contracts, even those which do not directly provide for “construction, alteration, removal or repair,” are included in the definition of public work.



Who/What is Covered by the Defense Base Act?

The DBA covers the following employment activities:

  1. Any defense base acquired from any foreign government
  2. Lands occupied or used by the United States for military purposes outside the continental United States
  3. Public work in any Territory or possession under a contract with the United States
  4. Public work outside the United States  not covered under (3)
  5. Contract outside the United States approved and financed by the United States.
  6. Welfare or similar services outside the United States for troops authorized by the Department of Defense


Zone of Special Danger Doctrine

The DBA applies to injuries and deaths that arise out of and in the course of employment abroad. Under the “Zone of Special Danger” doctrine, injuries and deaths that occur outside of regularly assigned job duties or work hours may be covered. Because overseas workers are far away from families and friends, courts of law have ruled that recreational and social activities are in different circumstances from employees working at home. Therefore, personal activities of a social or recreational nature must be considered as incident to the overseas employment relationship and injuries that occur as a result of those activities may be covered under the Zone of Special Danger doctrine.


Defense Base Act Exceptions

Common exceptions to coverage under the Defense Base Act include injuries caused by the willful misconduct of an employee, the drug or alcohol use of an employee, or “acts of God.” Traditionally, only injuries or deaths that resulted from specific accidents were covered by workers’ compensation. Today’s workers’ compensation policies generally provide coverage for illnesses or other conditions, such as hearing loss, that are the result of prolonged exposure to a dangerous workplace environment.


Your Workers’ Compensation Resource

Since Defense Base Act coverage can be a complex issue, depending on both the location and the nature of the employee’s work, it is best to discuss coverage details with The Buckner Company today.


More information is also available from your local Longshore District Director office, which covers DBA claims, at Benefit levels can be calculated using the statistics found at

Work Comp Insights: What’s Driving Your Mod?

By | April 22, 2014

Work Comp InsightsA mod analysis can provide valuable insight into your business operations and workers’ compensation losses. If you have a basic understanding of how a mod is calculated, you can use a few simple equations to gain a deeper understanding of the factors contributing to your number.


Determination of the minimum mod

The minimum mod, also known as the loss-free rating, is the lowest mod possible for your company. This value can be determined by plugging in zero actual primary and excess losses into the mod formula while maintaining the values for expected losses, ballast and weighting value. This gives the lowest mod value theoretically achievable by your company.


The minimum mod is not the same for all companies. For small companies (as measured by expected losses), the minimum mod can be in the range of 0.90. As the size of the company increases, the minimum mod decreases. For very large companies, the minimum mod may be 0.40 or even lower. Knowing your minimum mod is important for large and small companies. A large company with a mod of 0.95 may still be able to achieve significant savings through loss control and loss prevention activities. The company may perceive the 0.95 mod as “good.” However, if the minimum mod is 0.50, there is significant room for improvement. For a small company, the minimum mod can be used for setting realistic expectations; for example, a small company that sets a goal of having a 0.80 mod will not be able to achieve it under any circumstance if the minimum mod is 0.85.


Determining the controllable mod

The controllable mod is the difference between your current mod and your minimum mod. This is the variable piece of your mod that fluctuates with losses. The controllable mod can be broken into the contribution made by primary losses and by excess losses. This helps you to identify the exact contribution of loss frequency and loss severity to your mod. By estimating your basic premium (the premium prior to application of the mod), you can calculate the cost of primary and excess losses in terms of increased premium. You calculate this by multiplying the premium by the increase in the mod caused by primary or excess losses. This will assist you in determining the potential value of loss prevention, loss control and safety programs.


Ratio of actual to expected losses

By computing a simple ratio of actual to expected losses (both primary and excess), you can measure the degree to which your company’s losses differ from the expected loss values. This is a statistic that can be tracked over time to identify trends, improvements or problems relating to loss experience.


Specific loss sensitivity

This analysis identifies the specific impact that a single loss has on your mod and on the premium you pay during the three years that the loss is in the calculation. This can be an extremely helpful analysis to quantify the cost vs. benefit of loss prevention programs you are considering. For example, if your company has had an increase in carpal tunnel syndrome claims and you are trying to justify the purchase of keyboard holders to make workstations ergonomically correct, you can look at how much your mod and therefore your premium increased as a result of these claims. The results can be striking; for example, a single $4,000 claim may increase a small company’s premium by $10,000 to $12,000 over a three-year period. Imagine how much more powerful your funding requests for safety programs will be if you can back them up with these types of numbers. For instance, you might say to senior management, “It will cost us $20,000 to install keyboards at every workstation, but we could have already saved $65,000 if we had made this change four years ago, and our claims are continuing to rise by 15 percent a year.” To perform this calculation, you must subtract the primary and excess (if any) portions of the loss from the totals used in the mod calculation. The resulting mod will be the mod without the loss. The difference between this mod and the actual mod will be the mod impact of the loss. This difference multiplied by the estimated premium yields the cost of the loss in terms of increased premium dollars. Multiplying this value by 3 (the number of years that the loss is in the calculation) will provide an estimate of the ultimate three-year cost of the loss.


Aggregate loss sensitivity

Calculating the sensitivity of the mod to aggregate (total) changes in losses highlights the relationship between losses and your company’s mod. The aggregate loss sensitivity analysis yields a table showing how the mod would vary with increases and decreases in total losses. This analysis is generated by varying both the actual primary and excess losses and then computing the resulting mod. It will help you set a goal for a specific percentage decrease in losses and achieving the corresponding mod


A note about primary and excess values

Since mod analysis often involves both primary and excess losses, it is noteworthy that the “split point” is currently undergoing a significant transition. In all NCCI states and some independent states, the split point is increasing from $5,000 to $15,000 in graduated increments over a three-year period. The process of transitioning to the new split point began in 2013, with an increase in the split point from $5,000 to $10,000. During 2014, most states are increasing the split point to $13,500. In 2015, the split point will increase to $15,000 and also be adjusted for claim inflation. The split point changes should be factored in when making year-to-year comparisons of specific loss sensitivity. Related rate changes may also tend to make minimum mods decrease over time.

Work Comp Insights: Five Steps to Reducing Workers’ Compensation Costs

By | April 22, 2014

Work Comp InsightsWhen a company experiences significant increases in workers’ compensation costs, it usually triggers internal activities aimed at reducing insurance costs and spending. The key to spending fewer dollars is more than just stopping a few accidents; it is having a sound safety program designed to continuously improve. This is where a safety program that, at a minimum, is compliant with the Occupational Safety and Health Administration (OSHA) standards can yield significant savings for  by reducing injuries and illnesses, saving workers’ compensation dollars.

Building a Solid OSHA Program

There are five entry-level steps  can take to have a well-rounded safety program that produces a safe work environment, achieves OSHA compliance, reduces accidents and ultimately reduces workers’ compensation costs.

  1. Develop the various programs required by the OSHA standards.
  2. Integrate those programs into the daily operations.
  3. Investigate all injuries and illnesses.
  4. Provide training to develop safety competence in all employees.
  5. Audit your programs and your work areas on a regular basis to stimulate continuous improvement.


Develop Programs Required by OSHA Standards

Aside from being a requirement for general industry, the OSHA standards provide a good pathway to incident reductions. A good number of accidents stem from poorly developed, trained or implemented OSHA programs: slips or trips may come from poor housekeeping efforts or not keeping walking and working surfaces clear, not using personal protective equipment may result in excessive lacerations, and poor lifting techniques can result in strains.


Many of the OSHA standards require some type of written program be developed and then communicated to employees. Experience shows that companies with thoroughly developed OSHA-compliant programs have fewer accidents, more productive employees and lower workers’ compensation costs.


Integrate Programs into Daily Operations

Policies alone won’t get results; the program must move from paper to practice to succeed. Putting a policy into practice requires a strategic plan clearly communicated to key participants, good execution of that plan based on developed competencies, and a culture that inspires and rewards people to do their best.


When developing any business initiative, there must be an emphasis on frontline supervisors and helping them succeed. Every good business person knows that any new program – safety, quality or anything else – lives and dies with the frontline supervisor. If the frontline supervisor knows the program and wants to make it happen, the program succeeds; if not, the program is a source of constant struggle, and an endless drain on resources and energies. Providing supervisors with knowledge and skills through training is critical to the success of any program.


A solid OSHA program, integrated into the daily operation and led by competent supervisors is just the beginning. Successful safety programs focus on being proactive instead of always reacting to issues. Accident investigations provide an excellent source of information on real or potential issues present in the workplace.


Investigate All Injuries and Illnesses

Workers’ compensation is designed to recompense employees for injuries or illnesses that arise from or out of the course of employment. This should not come as a surprise, but increasing claims drive up workers’ compensation costs. To reduce those costs, you must simply reduce your accidents. And the ability to reduce accidents is significantly enhanced when those accidents are fully investigated instead of simply being reported.

Accident reports are historical records only citing facts, while accident investigations go deeper to find the root cause and make improvements. Businesses that stop rising workers’ compensation costs have an effective accident investigation process that flushes out the root cause of the problem. Unless the root cause is discovered, recommendations for improvement will remain fruitless. Again, training proves beneficial because a supervisor skilled in incident analysis is a better problem solver for all types of production-related issues, not just safety.


All accidents should be investigated to find out what went wrong and why. Some may suggest investigating every accident is a bit over the top and only those that incur significant costs are worthy of scrutiny. But ask yourself this question: If you only investigated serious quality concerns instead of every little deviation, would your quality program still be effective? Companies with solid quality programs investigate and resolve every deviation from quality standards.


If your emphasis is only on those incidents that have to be recorded on the OSHA 300 log, you close your eyes to the biggest accident category: first aid-only incidents. Many companies get upset about recordables or lost time accidents because of the significant costs involved, but they don’t realize that the small costs and high numbers of first aid-only incidents really add up.


Statistics show that for every 100 accidents, 10 will be recordable and one a lost-time incident. If you investigate only recordables or lost time accidents, 89 go unnoticed. Would you consider a quality program that allows an 89 percent failure rate successful? Reducing serious accidents means you must reduce your overall rate of all accidents – including first aid-only incidents. That only happens when every incident is fully investigated to find the root cause, and remedial actions are identified and integrated into the daily operation.


Training and Auditing for Continuous Improvement

The final steps focus on training and auditing your program for continuous improvement. Training plays a significant role in safety and in reducing workers’ compensation costs. The goal of training is to develop competent people who have the knowledge, skill and understanding to perform assigned job responsibilities. Competence, more than anything else, will improve all aspects of your business and drive down costs. Supervisors must have the knowledge and ability to integrate every safety program into their specific areas of responsibility. Every employee must know what is expected of them when it comes to implementing safe work procedures. Once the programs are developed and implemented, they must be reviewed on a regular basis to make sure they are still relevant and effective.


This might require a significant change in how you manage your safety program, but if your workers’ compensation rates are high, it may be time to make this leap.


Tangible Benefits

  1. Studies indicate there is a return on investment and that companies see direct bottom-line benefits with a properly designed, implemented and integrated safety program.
  2. A competency-based safety program is compliant with OSHA requirements and therefore reduces the threat of OSHA fines.
  3. A competency-based safety program lowers accidents, and fewer accidents lower workers’ compensation costs. When incidents do occur, a competency-based safety program fully evaluates the issue and finds the root cause to prevent reoccurrence and provides a workplace that is free from recognized hazards.
  4. A safer workplace creates better morale and improves employee retention. Auditing keeps your programs fresh and effective and drives continuous improvement.
  5. A competency-based program produces people who are fully engaged in every aspect of their job and are satisfied and fulfilled producing high-quality goods and services.


How Can We Assist You?

At The Buckner Company, we are committed to helping you establish a strong safety program that minimizes your workers’ compensation exposures. Contact us today at (801) 937-6700 to learn more about our OSHA compliance, safety program, and accident investigation tools and resources.


Trucking Risk Insights: Medical Certification Requirements for CDL Drivers

By | April 22, 2014

Trucking - Playing it SafeThe Federal Motor Carrier Safety Administration (FMCSA) issued a rule change in the hopes of removing unfit commercial truck and bus drivers from the roadways. According to, this change came after the release of a Government Accountability Office (GAO) report, which found that, in just over a year’s time, 563,000 commercial drivers’ licenses had been issued to drivers who were eligible for full disability benefits. This means that these drivers were not physically able to get behind the wheel safely.

Medical Certification Requirements as Part of Commercial Drivers’ License

The FMCSA amended the Federal Motor Carrier Safety Regulations (FMCSRs) to require interstate commercial drivers’ license (CDL) holders, who are subject to the physical qualification requirements of the FMCSRs, to provide a current original (or copy) of their medical examiner’s certificates to their State Driver Licensing Agency (SDLA). The SDLA is then required to record the certification information made by the driver regarding his/her applicability to the federal driver qualification rules onto the Commercial Driver License Information System (CDLIS).

This rule places the medical certification requirements on drivers who are required to obtain a CDL from states who also require a certification from a medical examiner. The certificate outlines that the driver is physically able to operate a commercial motor vehicle for interstate commerce purposes. As a result, accurate information about the CDL holder’s medical examiner’s certificate should be stored and readily available in the electronic CDLIS driver record maintained by the State. Finally, this rule requires states to place punishments on CDL holders if they fail to provide required and up-to-date medical certification status information.

Drivers Affected

If a CDL holder is driving one of the following vehicles, he or she is subject to this rule:

  • Vehicles with a gross vehicle weight rating (GVWR), gross combination weight rating (GCWR) or gross combination weight (GCW) of 10,001 pounds, depending on which is greater.
  • Vehicles designed or used to transport more than eight passengers, including the driver, for compensation.
  • Vehicles designed or used to transport more than 15 passengers, including the driver, not for compensation.
  • Vehicles used to transport hazardous materials requiring a placard on the vehicle.

Vehicles falling under one of these descriptions must be used for interstate commerce to transport passengers or property. Interstate commercial is defined as trade, traffic or transportation in the following manner:

  • Between a place in one state to a destination outside of that state (including places outside of the U.S.).
  • Between two places in a state, through another state or to a destination outside of the U.S.
  • Between two locations in a state in conjunction with trade, traffic or transporting materials/passengers originating or ending outside of that state or the U.S.

More information on this rule is available at

Trucking Safety Matters: Protect Against Hand Injuries

By | April 22, 2014

Trucking - Playing it SafeOf the many tools that we have available, our hands are the most valuable. They provide us with the dexterity necessary to perform precise maneuvers that even the most advanced technology cannot replicate. Even the simplest tasks are difficult for a person that does not have full use of his or her hands.

Hand injuries on the job are quite common, but many are preventable. There are many things you can do to keep your hands safe, and here are a few of the most common.

Wear Gloves

Always protect your hands by wearing work gloves when handling rough materials or performing operations where you are using your hands to lift or move objects. An Occupational Safety and Health Administration (OSHA) study revealed that 70 percent of workers experiencing hand injuries were not wearing gloves. The remaining 30 percent were making use of damaged, inadequate or inappropriate types of gloves for the job. Choose the right gloves for the task and inspect them thoroughly before use.

Operate Responsibly

Use extreme caution when operating hand trucks or forklifts, and do not attempt to operate them if you are not authorized. They turn in a small radius, and can easily trap your hand between the operating handle and a fixed object.

Be Cautious of Sharp Objects

Utilize the correct safety procedures when handling knives, box cutters and other sharp objects. Never attempt to pick up broken glass, nails or other sharp objects not meant for handling with bare hands; always use appropriate gloves or a broom.

Remove Rings

No matter how much sentimental value they carry, rings put your hands in grave danger on the job. They can very easily catch on machinery and other objects, resulting in lacerations, amputations or broken bones. Always remove rings before beginning work.

Stay Alert for Pinch Points

When using your hands to move an object, whether it is on a hand truck or you are carrying it, be sure your path is wide enough for you to move through safely before you start the job. When you set a heavy object down, be aware of the placement of your hands. Always be alert for possible pinch points, and make sure guards are properly placed over any moving gears.

Speak Up

If you are unsure about the type of gloves to wear to adequately protect yourself, or if you have any other issues regarding the protection of your hands on the job, talk to your supervisor.