Don’t Forget to Post OSHA Injury and Illness Data at Your Worksite
Employers who are covered by the Occupational Safety and Health Administration's (OSHA's) record-keeping rule must post a summary of 2018 work-related injury and illnesses in a noticeable place from Feb. 1 to April 30. Read this blog post from SHRM to learn more.
Employers that are covered by the Occupational Safety and Health Administration's (OSHA's) record-keeping rule must post a summary of 2018 work-related injury and illnesses in a noticeable place from Feb. 1 to April 30. Here are some compliance tips for employers to review.
Required Posting
Many employers with more than 10 employees—except for those in certain low-risk industries—must keep a record of serious work-related injuries and illnesses. But minor injuries that are treated only by first aid do not need to be recorded.
Employers must complete an incident report (Form 301) for each injury or illness and log work-related incidents on OSHA Form 300. Form 300A is a summary of the information in the log that must be posted in the worksite from Feb. 1 to April 30 each year.
"This information helps employers, workers and OSHA evaluate the safety of a workplace, understand industry hazards, and implement worker protections to reduce and eliminate hazards," according to OSHA's website.
Employers should note that they are required to keep a separate 300 log for each "establishment," which is defined as "a single physical location where business is conducted or where services or industrial operations are performed."
If employees don't work at a single physical location, then the establishment is the location from which the employees are supervised or that serves as their base.
Employers frequently ask if they need to complete and post Form 300A if there were no injuries at the relevant establishment. "The short answer is yes, " said Tressi Cordaro, an attorney with Jackson Lewis in Washington, D.C. "If an employer recorded no injuries or illnesses in 2018 for that establishment, then the employer must enter 'zero' on the total line."
Correct Signature
Before the OSHA Form 300A is posted in the worksite, a company executive must review it and certify that "he or she has examined the OSHA 300 Log and that he or she reasonably believes, based on his or her knowledge of the process by which the information was recorded, that the annual summary is correct and complete," according to OSHA.
A common mistake seen on 300A forms is that companies forget to have them signed, noted John Martin, an attorney with Ogletree Deakins in Washington, D.C.
There are only four company representatives who may certify the summary:
- An owner of the company.
- An officer of the corporation.
- The highest-ranking company official working at the site.
- The immediate supervisor of the highest-ranking company official working at the site.
Businesses commonly make the mistake of having an HR or safety supervisor sign the form, said Edwin Foulke Jr., an attorney with Fisher Phillips in Atlanta and Washington, D.C., and the former head of OSHA under President George W. Bush.
They need to get at least the plant manager to sign it, he said, noting that the representative who signs Form 300A must know how numbers in the summary were obtained.
Once the 300A form is completed, it should be posted in a conspicuous place where other employment notices are usually posted.
Electronic Filing
The Improve Tracking of Workplace Injuries and Illnesses rule requires covered establishments with at least 20 employees to also electronically submit Form 300A to OSHA.
Large establishments with 250 or more employees were also supposed to begin electronically submitting data from the 300 and 301 forms in 2018, but the federal government recently eliminated that requirement. However, those establishments still must electronically submit their 300A summaries.
The deadline to electronically submit 2018 information is March 2.
SOURCE: Nagele-Piazza, L. (1 February 2019) "Don’t Forget to Post OSHA Injury and Illness Data at Your Worksite" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/don%E2%80%99t-forget-to-post-osha-injury-and-illness-data-at-your-worksite.aspx/
While Talk About Opioids Continues In D.C., Addiction Treatment Is In Peril In States
How is Washington handling the opioid crisis? Let's find out in this article from Kaiser Health News.
Opioids were on the White House agenda Thursday — President Trump convened a summit with members of his administration about the crisis. And Congress authorized funds for the opioid crisis in its recent budget deal — but those dollars aren’t flowing yet, and states say they are struggling to meet the need for treatment.
The Oklahoma agency in charge of substance abuse has been told by the state’s legislature to cut more than $2 million from this fiscal year’s budget.
“Treatment dollars are scarce,” said Randy Tate, president of the Oklahoma Behavioral Health Association, which represents addiction treatment providers.
It’s like dominoes, Tate said. When you cut funding for treatment, other safety-net programs feel the strain.
“Any cuts to our overall contract,” he said, “really diminish our ability to provide the case management necessary to advocate for homes, food, shelter, clothing, primary health care and all the other things that someone needs to really be successful at tackling their addiction.”
In just three years, Oklahoma’s agency in charge of funding opioid treatment has seen more than $27 million dollars chipped away from its budget — thanks to legislative gridlock, slashed state taxes and a drop in oil prices (with the additional loss in state tax revenue that resulted).
Jeff Dismukes, a spokesman for Oklahoma’s Department of Mental Health and Substance Abuse Services, says the already lean agency has few cost-cutting options left.
“We always cut first to administration,” he said, “but there’s a point where you just can’t cut anymore.”
The agency may end up putting off payments to treatment providers until July — the next fiscal year. Tate says that could be devastating.
“Very thinly financed, small rural providers are probably at risk of going out of business entirely — up to and including rural hospitals,” he said.
Getting treatment providers to open up shop in rural areas is really hard, even in good times, and more financial uncertainty could make that problem worse. In the meantime, according to an Oklahoma state commission’s opioid report, just 10 percent of Oklahomans who need addiction treatment are getting it.
That statistic is similar in Colorado. And as 2018 began, Colorado’s escalating opioid crisis got worse, when the state’s largest drug and alcohol treatment provider, Arapahoe House, shut its doors.
The facility provided recovery treatment to 5,000 people a year. Denise Vincioni, who directs another treatment center, the Denver Recovery Group, says other facilities have scrambled to pick up the patients.
Most of Arapahoe’s clients were on Medicaid. Autumn Haggard-Wolfe, a two-time Arapahoe House client who is now in recovery, worries the facility’s closing will have dire consequences, especially for people who need inpatient care, as she did.
“I feel like the only other option right now in therapy would be jail for people,” she said, “and people die in there from withdrawing.”
Arapahoe House’s CEO blamed its closure on the high cost of care and poor government reimbursement for services.
The mother of Colorado state lawmaker Brittany Pettersen struggled with addiction, and was treated at Arapahoe House. Pettersen says treatment centers rely on a crazy quilt of funding sources and are chronically underfunded — often leaving people with no treatment options.
“We have a huge gap in Colorado,” Pettersen said, “and that was before Arapahoe House closed.”
She is pushing legislation in the state to increase funding for treatment. But to get tens of millions of dollars in federal matching funds, Colorado lawmakers need to approve at least $34 million a year in new state spending.
That price tag may simply be too high for some lawmakers. But either way, she added, “It’s going to take a lot to climb out of where we are.”
Colorado did get new federal funds to fight the opioid crisis through the 21st Century Cures Act, passed in December of 2016, but it was just $7.8 million a year for two years — divvied up among a long list of programs.
Read the article.
Source: Daley J.,Fortier J. (5 March 2018). "While Talk About Opioids Continues In D.C., Addiction Treatment Is In Peril In States" [Web Blog Post]. Retrieved from address https://khn.org/news/while-talk-about-opioids-continues-in-dc-addiction-treatment-is-in-peril-in-states/
Absent federal action, states take the lead on curbing drug costs
What's your state's stance on the cost of prescription drugs? See how Maryland has moved forward in their decision making for drug prices, giving themselves the ability to say "no" in this article from Benefits Pro written by Shefali Luthra.
You can read the original article here.
Lawmakers in Maryland are daring to legislate where their federal counterparts have not: As of Oct. 1, the state will be able to say “no” to some pharmaceutical price spikes.
A new law, which focuses on generic and off-patent drugs, empowers the state’s attorney general to step in if a drug’s price climbs 50 percent or more in a single year. The company must justify the hike. If the attorney general still finds the increase unwarranted, he or she can file suit in state court. Manufacturers face a fine of up to $10,000 for price gouging.
As Congress stalls on what voters say is a top health concern — high pharmaceutical costs — states increasingly are tackling the issue. Despite often-fierce industry opposition, a variety of bills are working their way through state governments. California, Nevada and New York are among those joining Maryland in passing legislation meant to undercut skyrocketing drug prices.
Maryland, though, is the first to penalize drugmakers for price hikes. Its law passed May 26 without the governor’s signature.
The state-level momentum raises the possibility that — as happened with hot-button issues such as gay marriage and smoke-free buildings — a patchwork of bills across the country could pave the way for more comprehensive national action. States feel the squeeze of these steep price tags in Medicaid and state employee benefit programs, and that applies pressure to find solutions.
“There is a noticeable uptick among state legislatures and state governments in terms of what kind of role states can play in addressing the cost of prescription drugs and access,” said Richard Cauchi, health program director at the National Conference of State Legislatures.
Many experts frame Maryland’s law as a test case that could help define what powers states have and what limits they face in doing battle with the pharmaceutical industry.
The generic-drug industry has already filed a lawsuit to block the law, arguing it’s unconstitutionally vague and an overreach of state powers. A district court is expected to rule soon.
The state-level actions focus on a variety of tactics:
“Transparency bills” would require pharmaceutical companies to detail a drug’s production and advertising costs when they raise prices over certain thresholds. Cost-limit measures would cap drug prices charged by drugmakers to Medicaid or other state-run programs, or limit what the state will pay for drugs. Supply-chain restrictions include regulating the roles of pharmacy benefit managers or limiting a consumer’s out-of-pocket costs.
A New York law on the books since spring allows officials to cap what its Medicaid program will pay for medications. If companies don’t sufficiently discount a drug, a state review will assess whether the price is out of step with medical value.
Maryland’s measure goes further — treating price gouging as a civil offense and taking alleged violators to court.
“It’s a really innovative approach. States are looking at how to replicate it, and how to expand on it,” said Ellen Albritton, a senior policy analyst at the left-leaning Families USA, which has consulted with states including Maryland on such policies.
Lawmakers have introduced similar legislation in states such as Massachusetts, Rhode Island, Tennessee and Montana. And in Ohio voters are weighing a ballot initiative in November that would limit what the state pays for prescription drugs in its Medicaid program and other state health plans.
Meanwhile, the California legislature passed a bill earlier in September that would require drugmakers to disclose when they are about to raise a price more than 16 percent over two years and justify the hike. It awaits Democratic Gov. Jerry Brown’s signature.
In June, Nevada lawmakers approved a law similar to California’s but limited to insulin prices. Vermont passed a transparency law in 2016 that would scrutinize up to 15 drugs for which the state spends “significant health care dollars” and prices had climbed by set amounts in recent years.
But states face a steep uphill climb in passing pricing legislation given the deep-pocketed pharmaceutical industry, which can finance strong opposition, whether through lobbying, legal action or advertising campaigns.
Last fall, voters rejected a California initiative that would have capped what the state pays for drugs — much like the Ohio measure under consideration. Industry groups spent more than $100 million to defeat it, putting it among California’s all-time most expensive ballot fights. Ohio’s measure is attracting similar heat, with drug companies outspending opponents about 5-to-1.
States also face policy challenges and limits to their statutory authority, which is why several have focused their efforts on specific parts of the drug-pricing pipeline.
Critics see these tailored initiatives as falling short or opening other loopholes. Requiring companies to report prices past a certain threshold, for example, might encourage them to consistently set prices just below that level.
Maryland’s law is noteworthy because it includes a fine for drugmakers if price increases are deemed excessive — though in the industry that $10,000 fine is likely nominal, suggested Rachel Sachs, an associate law professor at Washington University in St. Louis who researches drug regulations.
This law also doesn’t address the trickier policy question: a drug’s initial price tag, noted Rena Conti, an assistant professor in the University of Chicago who studies pharmaceutical economics.
And its focus on generics means that branded drugs, such as Mylan’s Epi-Pen or Kaleo’s overdose-reversing Evzio, wouldn’t be affected.
Yet there’s a good reason for this, noted Jeremy Greene, a professor of medicine and the history of medicine at Johns Hopkins University who is in favor of Maryland’s law.
Current interpretation of federal patent law suggests that the issues related to the development and affordability of on-patent drugs are under federal jurisdiction, outside the purview of states, he explained.
In Maryland, “the law was drafted narrowly to address specifically a problem we’ve only become aware of in recent years,” he said. That’s the high cost of older, off-patent drugs that face little market competition. “Here’s where the state of Maryland is trying to do something,” he said.
Still, a ruling against the state in the pending court case could have a chilling effect for other states, Sachs said, although it would be unlikely to quash their efforts.
“This is continuing to be a topic of discussion, and a problem for consumers,” said Sachs.
“At some point, some of these laws are going to go into effect — or the federal government is going to do something,” she added.
Kaiser Health News, a nonprofit health newsroom whose stories appear in news outlets nationwide, is an editorially independent part of the Kaiser Family Foundation. KHN’s coverage of prescription drug development, costs and pricing is supported in part by the Laura and John Arnold Foundation.
Source:
Luther S. (29 September 2017). "Absent federal action, states take the lead on curbing drug costs" [Web Blog Post]. Retrieved from address https://www.benefitspro.com/2017/09/29/absent-federal-action-states-take-the-lead-on-curb?page=2
Helping Your Employees Protect Against Identity Theft
Are you doing enough to help your employees protect themselves from identity theft? Make sure to take a look at this article by Irene Saccoccio from SHRM on what employers can do to protect their employees from identity theft.
Social Security is committed to securing today and tomorrow for you and your employees. Protecting your identity and information is important to us. Security is part of our name and we take that seriously.
Identity theft is when someone steals your personally identifiable information (PII) and pretends to be you. It happens to millions of Americans every year. Once identity thieves have your personal information they can open bank or credit card accounts, file taxes, or make new purchases in your name. You can help prevent identity theft by:
- Securing your Social Security card and not carrying it in your wallet;
- Not responding to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail, or online;
- Shredding mail containing PII instead of throwing it in the trash; and
- Reviewing your receipts. Promptly compare receipts with account statements. Watch for unauthorized transactions.
It is important that your employees take the necessary steps to protect their Social Security number. Usually, just knowing the number is enough, so it is important not to carry your Social Security card or other documents unless they are needed for a specific purpose. If someone asks for your employees’ number, they should ask why, how it will be used, and what will happen if they refuse. When hired, your employees should provide you with the correct Social Security number to ensure their records and tax information are accurate.
If your employees suspect someone else is using their Social Security number, they should visit IdentityTheft.gov to report identity theft and get a recovery plan. IdentityTheft.gov guides them through every step of the recovery process. It’s a one-stop resource managed by the Federal Trade Commission, the nation’s consumer protection agency. You can also call 1-877-IDTHEFT (1-877-438-4338); TTY 1-866-653-4261.
Your employee should also contact the Internal Revenue Service (IRS), and file an online complaint with the Internet Crime Complaint Center at www.ic3.gov.
Don’t let your employees fall victim to identity theft. Advise them to read our publication Identity Theft and Your Social Security Number or read our Frequently Asked Questions for more information. If you or an employee suspects that they’re a victim of identity theft, don’t wait, report it right away!
See the original article Here.
Source:
Saccoccio I. (2017 May ). Helping your employees protect against identity theft [Web blog post]. Retrieved from address https://blog.shrm.org/blog/helping-your-employees-protect-against-identity-theft
Cyberbullies: Worse than Swirlys in the Bathroom Stall?
Insightful post from the Society for Human Resource Management (SHRM) by Jillian Caswell
Technology and an unending stream of social media messages, notifications, and alerts have invaded our personal lives more than ever before – leaving the door wide open for the bullies of yesterday to get off the playground and into the Twittersphere. It’s almost comical to hear of exes who continue to stalk one another on Instagram and we all compare our traditional 9-to-5 careers to the jet setting elite on Snapchat, but have you ever stopped to think how this can impact our work lives? Unfortunately, the reality is the more connected we become, the more insidious bullying, and its close relative harassment, can become. As HR professionals, we have a duty and responsibility to understand not only how technology and social media can hinder business operations such as lost productivity, but also how it creates an environment of opportunity for employees to fall victim to bullying and harassment.
Become Aware and Observant
This goes beyond monitoring your own company’s social media channels! Before you can hope to identify and rectify potential cyberbullying incidents in your workplace, you must first prepare yourself with an understanding of what kinds of harassment and bullying can transpire in the digital realm. If you’re new to social media, there are numerous resources online to get you the crash course you need to become familiar with popular resources such as Facebook, Instagram, Snapchat, and Twitter. Live streaming functionality with outlets such as Periscope and Facebook Live create additional areas of opportunity for workplace bullies to exploit. Knowing how to monitor, identify, and respond swiftly and appropriately to harassment in these mediums is key to building a solid company policy relating expectations for employee interaction with company social media channels as well as harassment policies that are inclusive of online activities, privately or on public channels. There are dozens of masks that the face of cyberbullying can wear, whether it’s an Instagram post poking fun at a specific employee shared with other staff members, a ceaseless spewing of threats on Twitter, or an employee texting explicit content to coworkers. By becoming familiar both with the platforms themselves and the different forms of harassment and bullying that can occur in these environments, you will add another resource to your HR toolkit in navigating potentially sticky employee relations issues.
It may at first feel overwhelming to think of all the different variations of harassment that can play out on the stage of our smart phones and personal devices; however, employers are responsible to ensure they can provide a workplace free of harassment – a bridge that bullying can often rapidly cross over. Cyberbullying is often also more difficult to detect as it can transpire well out of the watchful eyes of the company HR department. In addition to familiarizing yourself with the different social media channels, consider the following suggestions to build a robust defense to cyberbullying:
- Training – For both your HR department and the other staff, it can become quite enlightening to provide trainings on what does and does not constitute harassment. This is also a great opportunity to provide a refresher on company policy relating to bullying and harassment.
- Demonstrate Appropriate Behavior – Take inventory of your own social media use. Are there potentially offensive postings or messages on your personal channels (which we’re sure you’ve already have on a private setting – right?!) or are you yourself aware of (even if not participating in) derogatory commentary circulating online about other staff members?
- Respond Adequately to Violations – Multiple court cases have provided substantial monetary awards to bullied employees who proved their arguments that their employer was aware harassment was occurring. Ensuring appropriate discipline occurs for those violating bullying policies demonstrates company efforts to provide workplaces free of harassment.
What’s Next?
So you’ve brought yourself up to speed with the most popular forms of social media and established a solid company policy with no tolerance for bullying and harassment. Think you’re set? Not always. Social media and technology is evolving and morphing into new formats at the speed of light – meaning that as HR professionals, our organizations rely on us to stay just as current with the latest trends and changes in the digital realm as much as in the office space. Stay current with the changing world of social media and digital communications and you’ll continue to be as effective as you are in all your other HR competencies!
See the original article Here.
Source:
Caswell, J. (2016 September 15). Cyberbullies: worse than swirlys in the bathroom stall? [Web blog post]. Retrieved from address https://blog.shrm.org/blog/cyberbullies-worse-than-swirlys-in-the-bathroom-stall
Is There Really A Five-Second Rule About Food On The Floor?
Are your employees being break-room conscious about food safety? The article below gives more insight on the "five-second" rule and how it may effect your employees safety.
Original Post from CNN.com on June 15, 2016
When you drop a piece of food on the floor, is it really OK to eat if you pick up within five seconds? This urban food myth contends that if food spends just a few seconds on the floor, dirt and germs won't have much of a chance to contaminate it. Research in my lab has focused on how food and food contact surfaces become contaminated, and we've done some work on this particular piece of wisdom.
Where did the five-second rule come from?
Five seconds is all it takes
Should you eat food that's fallen on the floor?
New Workers Are at Highest Risk for Heat-Related Death
Did you know new employees or workers coming back from an extended break are at more risk of heat stroke? It is important to make sure these workers review safety procedures and gradually build up their tolerance to the heat. See the article by Dana Wilkie below and make sure your new workers are safe.
Original Post from SHRM.org
Who would you guess is most at risk for heat-related death while on the job?
It’s not necessarily older workers, first responders or those who toil outside all day.
Instead, the majority of recent heat-related deaths investigated by federal authorities involved workers who’d been on the job for three days or less.
That finding by the Occupational Safety and Health Administration (OSHA) highlights how important it is for employers to ensure that new workers—and returning employees who have been back to the job for a week or less—are prepared to protect themselves, OSHA authorities said.
With weather forecasters calling for above-average temperatures across much of the country this summer, the standard precautions—drink lots of water, take frequent breaks and spend time in the shade—may seem obvious. Yet those precautions may not be enough for new workers or employees returning to the job after extended time away. OSHA recommends allowing new or returning workers to gradually increase their workload and take more frequent breaks as they build up a tolerance for working in the heat.
Prevention
Construction workers make up about one-third of heat-related worker deaths, but employees who work outdoors across many industries—agriculture, landscaping, transportation, utilities, grounds maintenance, emergency response, and oil and gas operations—are at risk when temperatures go up. Additionally, indoor employees who do strenuous work or wear bulky, protective clothing and use heavy equipment are also at risk. High humidity increases the chances of heat-related maladies such as heat exhaustion or heat stroke.
In 2014, 2,630 workers suffered from heat illness, and 18 died from heat stroke and related causes on the job, according to OSHA.
Under the general duty clause of the Occupational Safety and Health Act, employers are responsible for protecting workers from hazards on the job, including extreme heat. To prevent heat-related illness and fatalities, OSHA offers these suggestions:
- Prepare a heat acclimatization plan and medical monitoring program. Closely supervise new employees, including those who are temporary workers or returning seasonal workers, for the first 14 days on the job—or until they acclimate to the heat. Though most heat-related worker deaths occur in the first three days on the job, more than one-third occur on the first day. If someone has not worked in hot weather for at least a week, his or her body needs time to adjust.
- Encourage workers to drink about one cup of water every 15-20 minutes, even if they say they’re not thirsty. During prolonged sweating lasting several hours, they should drink sports beverages containing electrolytes.
- Provide shaded or air-conditioned rest areas for cooling down, and encourage workers to use them.
- Provide workers with protective equipment and clothing, such as hats, light-colored clothing, water-cooled garments, air-cooled garments, ice-packet vests, wetted overgarments, and heat-reflective aprons or suits.
- Be familiar with heat illness signs and symptoms, and make sure employees are, too. Some heat exhaustion signs are dizziness, headache, cramps, sweaty skin, nausea and vomiting, weakness, and a fast heartbeat. Heat stroke symptoms include: red, hot, dry skin; convulsions; fainting; and confusion. In general, any time a worker has fainted or demonstrates confusion, this represents an emergency situation.
- Tell workers to notify a supervisor or to call 911 if they or their co-workers show signs of heat illness. Implement a buddy system where workers observe each other for early signs and symptoms of heat intolerance. Have someone stay with a worker who is suffering from the heat until help arrives.
- Encourage supervisors and workers to download OSHA’s Heat Safety Tool on their iPhone or Android device. [https://www.osha.gov/SLTC/heatillness/heat_index/heat_app.html] This app calculates the heat index, a measurement of how hot it is when taking humidity into account. The app also has recommendations for preventing heat illness based on the estimated risk level where one is working.
Dana Wilkie is an online editor/manager for SHRM.
Read original article here.
Wilkie, D. (2016, June 6). New workers are at highest risk for heat-related death [Web log post]. Retrived from https://www.shrm.org/ResourcesAndTools/hr-topics/employee-relations/Pages/New-Workers-Are-at-Highest-Risk-for-Heat-Related-Death.aspx
Keep Employee Data Safe
Original post benefitspro.com
When a cyber breach occurs, lawsuits are usually not far behind. It’s a chain of events that has become de rigueur in the consumer realm when retailers experience a breach and it is bleeding over into the workplace, too.
Employees whose data is exposed are increasingly pointing the finger at failings in the technology employers use to secure their information and lapses in protocols that allow vulnerabilities to be exploited.
Who is responsible if your employees’ personal information is stolen on company time? Where does the company’s obligations begin and end under the duty of care laws? How might state and federal breach regulations impact an organization’s proactive and reactive data security efforts?
How a breach happens and how the company responds both play a major role in determining the potential legal ramifications. To mitigate the risks, it is critical for HR professionals to understand their responsibilities before a cyber criminal strikes.
Many employers aren’t even aware of either the enormous security risks their organizations face or the best strategies to protect the employee data they hold.
Ensuring that employers have access to the right tools and expertise to address data breach concerns is an important role for benefits managers and the brokers and agents who support them.
Know the risks, have a plan
Financial information is what comes to mind most frequently when businesses consider where breach risks exist, but that thinking is too narrow. It overlooks the incredible value inherent in employee data. Not only does financial information lurk within HR’s employment records in the form of salary histories and bank routing numbers used for automatic deposits, but standard consumer data is also present.
Full names, birth dates, addresses and social security numbers exist in every employee’s file. Health and benefit data may be present, too, such as carrier names, subscriber numbers, or details on beneficiaries and dependents. And where there’s smoke, there’s fire. The same servers and systems that host employee and customer data, likely hold data pertaining to trade secrets, M&As, business plans, and more. All the more reason to get your company’s cyber strategy in gear.
Adding complexity to the situation is the fact that employers must be concerned with two types of data breaches — those that are the result of a purposeful act, such as a hacker or a malicious insider, and those that occur by accident. Lost laptops and cell phones are just one common example where an inadvertent exposure could easily happen.
Each flavor of breach represents a different risk profile and each requires its own mitigation measures. A two-pronged approach to breach prevention that marries technology and best practices enables employers to address any existing security gaps while also providing improved protection for employee data.
Deploying technology tools to safeguard sensitive information assets is one part of a comprehensive data security strategy that keeps employers in line with duty of care laws and other breach regulations.
Firms have a range of solutions to choose from and they should tailor their approach based on their network and infrastructure architecture, the information types that are vulnerable to exposure, the volume of data that must be protected, resource availability — from funding to staffing — and any regulatory guidelines or compliance mandates that must be considered.
Encryption is a perfect example of a technology that is relatively simple, but still enormously effective when it comes to securing employee data. Free and low-cost encryption platforms are available which can help to protect confidential information from unauthorized access even if a hardware item (thumb drive, laptop, etc.) falls into the wrong hands.
Other technology tools may also be appropriate depending on the employer’s needs, including firewalls, mobile device management software, and multi-factor authentication to protect access to more sensitive systems.
Security best practices are the second half of a successful data protection strategy. These protocols largely deal with the ways humans interact with the organization’s information and they also cover what to do in the event of a breach. Employers will want to manage network and data access in a way to limits who is able to view and change employee information.
Methodologies for storing, processing, analyzing, archiving, and destroying employee data should be documented in detail and anyone responsible for those tasks must be trained on the organization’s security practices.
An incident response plan is another best practice employers should include under the data security umbrella. This doesn’t need to an exhaustive plan, but it should outline the steps employees are to take if they suspect a breach has occurred — everything from blocking access to compromised servers to contacting the company’s privacy or information security employee or consultant. (Don’t have one? Here’s why you should.)
A strong plan can significantly limit the potential harm that is likely to fall upon any employee whose data was exposed. And as risks evolve, so should the incident response plan – it should be a living, breathing part of a comprehensive cyber strategy with routine reviews.
Retain the right expertise
Another concern often faced by employers, particularly those smaller organizations where internal resources are lean, is that they don’t have good insight into the evolving cyber threat environment and the latest data protection strategies.
Efforts to craft, deploy, and maintain an effective privacy and security program are made more difficult when industry expertise is lacking. Without a strong understanding of where security vulnerabilities exist, or which new threat vectors are likely to be of concern, employers could find themselves directing their limited resources in too many directions and without much effect.
Because many breach scenarios involve little or no technology — hard copies of completed enrollment forms accidentally left in a shared conference room, for example — simply turning responsibility for data privacy over to the IT function isn’t going to work. It’s important that employers are able to seek guidance from someone experienced in data protection in all its forms.
Continuously educate the front line
Employees themselves may pose potential security challenges, so continuous training is essential to protect a company’s own data and that of its customers. Companies should consider implementing educational sessions about new scams and privacy and security refreshers as part of their annual compliance training.
By partnering with employees to help protect their data, the organization can maximize its technology investment and ensure that everyone is committed to the company’s culture of security.
Social engineering schemes are increasingly popular among hackers, effectively turning the workforce into either an employer’s first line of defense or its greatest weakness.
The most recent spoof comes courtesy of a company’s top executive — or so the scammer wants you to think. An employee will receive a request from the CEO — either by way of a hacked email account or an email address that closely resembles the real thing — to cough up documents, usually W-2s. With a few clicks, countless data about a company’s employees has been exposed.
Rather than quickly react, employees should be trained that if they see something, say something.
Identity management
Along with taking appropriate security measures internally, employers may also consider offering identity-related benefits to their employees. These packages bring a powerful suite of tools to the table that provide workers with proactive education and reactive support. Informational resources teach individuals how to spot corrupt websites and suspicious e-mail links.
They give details on what to look for when conducting annual credit report reviews. And workers concerned their personal data may have been exposed — whether at work or through a health care provider, retailer or other avenue — have access to identity theft experts able to help them navigate the resolution process.
The fraud team can assist them in replacing important documents that may have been lost due to theft, fire or flood. They can even monitor known black market websites to see if an employee’s stolen data is being used fraudulently.
Together, these strategies give employers a way to keep employees’ information safe while providing workers with assurances that they’ll have the support they need if the worst should happen.
In Case of: Effective Responses to Workplace Emergencies
Within sixty seconds of its launch on November 14, 1969, the Apollo 12 spacecraft was struck twice by lightning, which caused critical navigation systems and fuel cells to shut down.
A N.A.S.A. engineer who remembered his training for a similar scenario immediately recommended a fix, which saved the entire mission and quite possibly the lives of the Apollo 12 astronauts.
Four months later, those same engineers faced and successfully responded to challenges that they never anticipated with the ill-fated Apollo 13 mission.
Emergencies can and do happen in every workplace, but it does not take a rocket scientist to plan for them or to fashion an intelligent response when they do happen.
Emergencies and Violence: The Stats
Workplace emergencies are not limited to high-tech or high-risk operations light rocket launches. Statistics compiled by the Occupational Safety and Health Administration (OSHA) and the Bureau of Labor Statistics (BLS) reveal more than 23,000 employee were injured in 2013 solely from workplace assaults.
The latest data available from the BLS show that the annual rate of workplace violence has held steady for more than twenty years, and violence continues to be the second leading cause of employee fatalities after transportation accidents.
This does not even account for injuries or fatalities that result from other workplace emergencies, including fires, natural disasters, chemical spills and contamination, or civil disturbances or terrorism. In 2010, more than three million workers suffered injuries following workplace emergencies. How a business responds to emergencies is typically a function of the nature of the emergency itself.
What Is Categorized as an Emergency?
OSHA defines a workplace emergency as an “unforeseen situation that threatens your employees, customers, or the public; disrupts or shuts down your operations; or causes physical or environmental damage”.
Most individuals might limit their concept of a workplace emergency to newsworthy, large-scale evacuations caused by natural or man-made causes, but lesser-scale emergencies are far more common. One employee might suffer an injury or a sudden medical event.
A small fire might be easily contained by sprinkler systems, but that fire will be no less disruptive of business operations than a larger conflagration. A single disgruntled individual can start an emergency situation that shuts a business down for days. If that individual is armed, the emergency becomes a national tragedy.
OSHA has issued Emergency Action Plan standards for workplace emergencies that are codified in the Federal Regulations. Those standards define, for example, when and where businesses need to have fire extinguishers, building evacuation plans, and medical emergency response protocols.
The New Focus: Armed Shooter Scenarios
Because of high-profile publicity and responses, businesses are also becoming more attuned to armed shooter scenarios. Although not without objection or controversy, some workplaces are training employees in a run/hide/fight protocol that was popularized by a video produced by the City of Houston.
The gist of that protocol is to train employees first to run from an armed assailant. If running is not possible, the employees should hide, and if hiding is impossible, only then should employees attempt to fight the assailant.
Technology can be a boon during a workplace emergency if it is used as a tool and not a solution. The Federal Emergency Management Agency (FEMA) places a high priority in communication technology in emergencies. Excessive reliance on technology can be a downfall, however, if an emergency removes the option to use technology. Businesses should consider deeper contingency plans in the event that the emergency takes down their communication networks.
A Wireless Emergency Alert (WEA) is a notification that is sent to mobile devices in cases of tornadoes, hurricanes, tsunamis and other serious emergencies. These emergency alerts are complimentary public safety service provided by participating wireless service providers. But, if employees have trouble with cellphone reception inside their workplace, they may or may not receive these alerts.
If workplaces were able to plan for all possible workplace emergencies, then to the extent that they were anticipated those events would not be emergencies. The responses by the NASA engineers in the Apollo program are more instructive in developing an effective workplace emergency response plan.
The Apollo 12 lightning strike shows the efficacy of contingency planning for potential emergencies and trusting an employee to implement his or her training when the emergency happens.
The engineer who recommended the solution after the lightning strike was in his early twenties, but his co-workers and the ship’s crew had developed enough of a cohesive relationship and a sense of trust among themselves that they did not hesitate to implement his solution.
During the Apollo 13 mission, the entire workforce again worked cohesively toward a common purpose to develop an effective response that, almost fifty years later, remains one of NASA’s finest efforts.
A workplace will not always have the luxury of implementing thorough contingency training to prepare for an emergency. A business’s ability to survive a workplace emergency is on a par with the conduct of its regular business operations. As with other aspects of those operations, the most effective emergency response requires mutual employee trust and cohesiveness.
Here are the top 10 most costly U.S. workplace injuries
Original post lifehealthpro.com
Workplace injuries and accidents are the near the top of every employer’s list of concerns.Here is the countdown of the top 10 causes and direct costs of the most disabling U.S. workplace injuries. The definitions and examples can be found at the BLS website.
- Repetitive motions involving micro-tasks
Some of these tasks may include a word processor who looks from the computer monitor to a document and back several times a day or the cashier at the local grocery store who is scanning and bagging groceries for several hours at a time.
- Struck against object or equipment
This category of workplace injury applies to workers who are hurt by forcible contact or impact, for example, an office worker who bumps into a filing cabinet or an assembly line worker who stubs a toe on stacked parts.
- Caught in or compressed by equipment or objects
These workplace injuries result from workers being caught in equipment or machinery that’s still running as well as in rolling, shifting or sliding objects.
Picture the scene in a movie in which wine barrels topple over, catching the bad guy beneath them, only in this case, it’s the employee whose job it may be to stack the barrels. Perhaps it’s the experienced worker who removes a machine guard to dislodge material that’s stuck and gets a finger caught when the machine starts moving again.
- Slip or trip without fall
Occasionally, workers do slip or trip without hitting the ground. Think of the employee entering the workplace who slips on icy stairs but is able to grab the handrail to prevent hitting the ground. But the action of grabbing the handrail may cause the employee to injure his shoulder or wrench her knee.
- Roadway incidents involving motorized land vehicle
The worker may be the driver, a passenger or a pedestrian, but the cause of the injury is an automobile, truck or motorcycle.
- Other exertions or bodily reactions
These motions include bending, crawling, reaching, twisting, climbing or stepping, according to the BLS. Consider, for example, a roofing contractor’s employees who are continually climbing up and down ladders.
- Struck by object or equipment
This category covers a range of possible injuries, from being struck by an object dropped by a fellow worker to being caught in a swinging door or gate. Picture the construction worker on a scaffold dropping a hammer on the worker below.
- Falls to lower level
The roofer could fall to the ground from the roof or ladder, or an office worker standing on a stepstool, reaching for a heavy file box, could fall to the floor.
- Falls on same level
The second most costly workplace injury, surprisingly, is a fall on the same level. Picture the employee who is walking through the office and falls over an uneven floor surface or someone leaning too far back in an office chair and toppling over.
- Overexertion involving an outside source
The BLS explains that overexertion occurs when the physical effort of a worker who lifts, pulls, pushes, holds, carries, wields or throws an object results in an injury.
The object being handled is often heavier than the weight that a worker should be handling or the object is handled improperly. For example, lifting from a shelf that’s too high, or in a space that’s cramped. Within the broad category of sprains, strains, and tears caused by overexertion, most incidents resulted specifically from overexertion in lifting.
Risk managers should work with their carriers and workplace safety specialists to minimize injuries, lost work days and workers’ compensation costs.With a little effort, employers can understand more about the causes of accidents and injuries in their organizations, identify the appropriate actions to reduce the number of injuries and minimize employee disabilities from workplace accidents.