Q4 2022 Legislative Updates

Here is a summary of legislative and regulatory developments and challenges for the fourth quarter of 2022 and their practical implications:

Major State Privacy Legislation: On January 2, 2023, the Wall Street Journal reported that many new state laws in the coming year would focus on consumer data privacy. Nearly two years ago we noted that California and Virginia had enacted new and comprehensive privacy statutes, both becoming effective on January 1, 2023.

The California Privacy Rights and Enforcement Act (CPRA) expands upon the current California privacy statute, the California Consumer Privacy Act (CCPA), by regulating not only the buying and selling of consumer information, but also its “sharing.” This term, while appearing to be broad, actually is narrowly defined as targeted advertising based on the consumer’s personal information.  The focus of California’s privacy protection measures was and continues to be on commercial use of consumers’ personal information for sales and marketing purposes.

The Virginia Consumer Data Protection Act (CDPA) takes a different approach to consumer privacy, following many of the concepts found in the European Union’s General Data Protection Regulation (GDPR). A business that determines the purpose and means of processing personal data (a “controller”) may collect and use this information for only specific purposes, must allow a consumer to access and in many cases to delete the data, and is responsible for compliance of third party “processors” acting on its behalf.

There are a number of thresholds and exemptions that will relieve most workers’ compensation payers and their service providers from CDPA compliance obligations.  Of more relevance to the workers’ compensation industry is the NAIC Insurance Data Security Model Law, which has now been enacted, in whole or part, in 21 jurisdictions.

Similar in many ways to the New York’s Cybersecurity Requirements for Financial Services Companies (NYCCR §500), the Model Law establishes a comprehensive regulatory framework applying to claim payers and protecting the non-public data of insurance “consumers,” including claimants.  Key features of the Model Law include the following:

  • Defines “consumers” to include claimants as well as applicants, policyholders and insureds.
  • Defines a “cybersecurity event” to include both data loss or misuse and access to, disruption or misuse of, an information system.
  • Defines “licensees” subject to the law to include all entities licensed or registered under the state’s insurance laws.
  • Defines protected “nonpublic information” to include both personally identifiable information and licensees’ sensitive business information.
  • Requires licensees to develop and implement a comprehensive information security program, including a written incident response plan, which identifies and mitigates against reasonably foreseeable internal or external threats.
  • Requires licensees to annually certify their compliance to their domiciliary insurance regulator.
  • Requires licensees to promptly investigate and, if confirmed, remediate any suspected cybersecurity event, notifying regulatory authorities within 72 hours of discovery.
  • Requires licensees to follow applicable state data breach laws notifying consumers of an incident.
  • Requires licensees to oversee their third party service providers’ compliance with information security laws and to take responsibility for managing their third party service providers’ cybersecurity events.

Implications: All business entities participating in adopting states’ workers’ compensation systems are either directly or indirectly subject to the Model Law, so it is important that payers and their trading partners establish a comprehensive information security program complying with the Model Law. Further, because the Model Law has not been enacted in every jurisdiction and has been enacted with important revisions in others, it is important to review the relevant statute for key variances. For example, the Maryland statute, effective October 1, 2022, applies specifically to third party administrators as well as insurers, but this clarifying provision does not appear in the NAIC Model Law.

Psychosocial Issues and Functional Limitation: Is there a connection?

Psychosocial Issues and Functional Limitation: Is there a connection?

⏰ It’s Clinical Minute! ⏰

There has been a lot of talk about the presence of psychosocial issues among patients who get injured at work.

But here’s an interesting question: Is there a connection between a patient’s psychosocial issues and their functional limitations?

In under two minutes, join Brian Peers, MedRisk’s VP for Clinical Services and Provider Management, as he dives into a recent study to find out:

1️⃣ The connection between the extent of a patient’s psychosocial issues and the amount of functional limitations they are experiencing; and

2️⃣ What this connection may mean when it comes to developing treatment plans for patients experiencing psychosocial issues.

Subscribe to our YouTube channel for more episodes of Clinical Minute!

How to catch a claim before it goes off track

How to catch a claim before it goes off track

A patient could be experiencing stress and worry over feeding their family or paying the bills.

Or they might have mixed feelings about returning to work because of fear of reinjury or concerns about conflicts with their supervisor that were bubbling before the injury.

Maybe they suffer from a comorbid condition that hasn’t been treated for a variety of reasons.

Unlike bruises or lacerations, psychological setbacks tend to be invisible. And they’re likely to stay that way unless someone asks questions and makes observations that haven’t typically been a part of the intake process on an average claim.

 

Subscribe to our YouTube channel for more videos like this one!

Clinical Minute: PT vs OT – what’s the difference?

Clinical Minute: PT vs OT – what’s the difference?

⏰ It’s Clinical Minute! ⏰

Physical therapy and occupational therapy may be two very closely connected disciplines, but they play slightly different roles in the road to recovery.

In under two minutes, join Brian Peers, MedRisk’s VP of Clinical Services and Provider Management, for Clinical Minute and find out:

1️⃣ The similarities between physical therapists and occupational therapists;

2️⃣ The key differences between how physical therapists and occupational therapists approach recovery; and

3️⃣ The situations where each type of therapist may be more appropriate.

Subscribe to our YouTube channel for more episodes of Clinical Minute!

Clinical Minute: The Secret to Managing Patients Expectations

⏰ It’s Clinical Minute! ⏰

It’s no secret that managing the expectations of patients is crucial to their recovery.

But did you know that injury labels may have a significant effect on these expectations?

Let’s take a look at an interesting study that dives into this concept.

In under two minutes, join Brian Peers, MedRisk’s VP for Clinical Services and Provider Management, and find out:

1️⃣ Why managing patient expectations matters; and

2️⃣ How injury labels can affect a patient’s expectations towards recovery.

Subscribe to our YouTube channel for more episodes of Clinical Minute!