America's Benefit Specialist August-September 2022

Get the Expertise in ancillary benefits to help you reach new heights.

See how far the support of a Specialist you can trust will take you.

Discover more at RenaissanceStandsOut.com

SPECIAL ADVERTISING FEATURE

Renaissance has the ancillary benefits expertise to Successfully Support You every step of the way. Many employers are recognizing that ancillary benefits are a powerful incentive for attracting and retaining quality employees. However, many brokers and employers don’t have much time to devote to these product offerings. That’s why you need an expert who can help make the entire process easier for you, your clients and their employees. And that’s where Renaissance shines—helping you create a Stand Out benefits experience.

Ancillary benefits matter. These benefits can be complicated. Fortunately, our sole focus on them means we know how to make them easier for all concerned. The end result: you spend less time on ancillary benefits, while still delivering an exceptional experience for clients and their employees. Personalized attention helps you Stand Out . Your sales representative and experienced account management team ensure you have points of contact you know by name to help answer questions promptly. This takes the pressure off you and simplifies benefits for your clients as well. Confident support throughout the process. We work with you to land the sale. But our help doesn’t stop there. We apply our hands-on approach from onboarding to employee utilization and renewals. Our goal is to effectively support you and your clients of all sizes through the entire ancillary benefits experience.

Dental Vision Life Disability

To discover how our benefits expertise helps you reach new heights, visit RenaissanceStandsOut.com

Underwritten by Renaissance Life & Health Insurance Company of America, Indianapolis, IN, and in New York by Renaissance Life & Health Insurance Company of New York, Binghamton, NY. Both companies may be reached at PO Box 1596, Indianapolis, IN 46206. Products may not be available in all states and jurisdictions. For broker use only. Not intended for distribution.

PRESCRIPTION PLANS TO FIT YOUR CLIENTS’ NEEDS

Mutual of Omaha Rx

Your clients can count on Mutual of Omaha Rx SM .

Medicare-age clients who are looking for an affordable, reliable prescription drug plan that can help make their savings last and offers broad prescription coverage can turn to Mutual of Omaha Rx SM .

Backed by the strength and stability of Mutual of Omaha Insurance Company, Mutual of Omaha Rx will offer three affordable prescription drug plans in 2023.

Mutual of Omaha Rx Essential SM (PDP)

Mutual of Omaha Rx Premier SM (PDP)

Mutual of Omaha Rx Plus SM (PDP)

• Low monthly premium • $0 Tier 1 deductible

• Comprehensive formulary • Select insulinprogramcoverage • $0 deductible on Tiers 1 & 2 • $505 deductible on Tiers 3-5 • $1 Tier 1, 30-day copay at preferred pharmacies • $2.50 Tier 1, 90-day copay with mail order

• Stable and reliable • $505 deductible on all Tiers • $1 Tier 1, 30-day copay at preferred pharmacies • $2.50 Tier 1, 90-day copay with mail order

• $505 deductible on Tiers 2-5 • $0 Tier 1, copay for 30- or 90-day supply at preferred and mail order pharmacies

What’s New?

The Mutual of Omaha Rx Essential plan is our newest plan, which offers a low monthly premium, no deductible on Tier 1 drugs and zero-dollar Tier 1 copay. This plan is ideal for newly eligible Medicare clients with few prescriptions or clients on low-cost maintenance medications.

For members who use mail order for tiers with copays, the mail order 90-day supply is now less expensive than a 90-day retail supply. To learn more about the Mutual of Omaha Rx prescription drug plans, contact your marketer or visit mutualofomaha.com/sales-professionals.

*Pending CMS approval, benefits and premiums are subject to change. For producer use only. Not for use with the general public. Product not available in New York or U.S. territories. S7126_22470133_O

A u g u s t / S e p t e m b e r 2 0 2 2

YOUR INDUSTRY

16 Cybersecurity 2.0:

6 Recent Mergers and Acquisitions 9 Industry Events 10 Women’s Leadership Summit Elevates and Educates Female Leaders By Cerrina Jensen 14 People on the Move

The Latest on Cyber Attacks, Ransomware and the Need for Risk Assessments, Part Two By Dorothy Cociu

21 Product News 25 NAHU Bestows Its

16

Highest Honor on Mike Gray and John Word III

MEDICARE MATTERS 30 CMS Releases 2023 Projected Medicare Basic Part D Average Premium

31 The Lesser-Known

Medicare Plan Benefits That Help Seniors Live

Healthier Lives By Jamie Needham

30 Seniors Increasingly Favor Lower-Cost Medigap Insurance Options

33 Report Reveals

Significant Gaps in Medicare Knowledge Among Older Adults

31

33 Medicare Conferences

benefitspecialistmagazine.com | ABS 1

YOUR SALES

34 HSAs: A Health and Wealth Strategy for Employer-Sponsored Health Plans during

38 Five Tips to Make Health Insurance Renewal

More Successful By Marcus Newman

Inflationary Times By Christine Cooper

40 Unique Benefit

Accounts Can Help Attract and Retain Talent By Phil Mason and Brian Hutchin

36 Voluntary Disruption Get out of Your Own Way By Eric Silverman

34

YOUR ASSOCIATION

52 LPRT’s Soaring Eagles

42 Highlights of NAHU’s Annual Convention

53 Association Events

46 Congratulations,

Registered Employee Benefits Consultants!

54 NAHU’s Board of Trustees

38

47 2022 Award Winners

55 Your NAHU Staff

48, 51 Where in the World?

56 The Final Word By Kelly Fristoe

49 CPC Quiz

40

2 ABS | benefitspecialistmagazine.com

Stability for those balancing risk and reward.

Those who self-fund a health plan seek autonomy and control over their benefits program and costs. It can be rewarding, but it does come with risk. Stop Loss protection from HM Insurance Group works to mitigate that risk for self-funded employers should high-dollar claims arise – delivering steadiness to the performance and confidence in the outcome. Find more on hmig.com .

CONNECT WITH ONE OF OUR EXPERTS ON OUR INSURANCE AND REINSURANCE OPTIONS:

Employer Stop Loss: Traditional Protection • Small Group Solutions • Coverage Over Reference Based Pricing Managed Care Reinsurance: Provider Excess Loss • Health Plan Reinsurance

In all states except New York, coverage may be underwritten by HM Life Insurance Company, Pittsburgh, PA, or Highmark Casualty Insurance Company, Pittsburgh, PA. In New York, coverage is underwritten by HM Life Insurance Company of New York, New York, NY. The coverage or service requested may not be available in all states and is subject to individual state approval.

MTG-3355 (R3/21)

benefitspecialistmagazine.com | ABS 3

Delivered 10 times per year to the country’s top benefits professionals.

VOLUME 69, NO. 7

EDITOR Martin Carr (202) 595 0724

ADVERTISING SALES The YGS Group (717) 430 2238

GRAPHIC DESIGN The iMage Worx (703) 731 6515 theimageworx@aol.com PRINTER Walsworth (573) 442 8714 www.walsworth.com REPRINTS The YGS Group (717) 505 9701, x2205 Send editorial submissions to editor@nahu.org Back issues are $4 each. Call (202) 595 0724 MAILING ADDRESS 999 E Street NW, Suite 400 Washington DC 20004

The Rise of Telehealth Examining the Insurance Workforce Strategies for Reducing Prescription Costs

BENEFIT TRENDS FOR 2021

All About ICHRAs The Medicare Advantage OEP POP Documents

BENEFIT SPECIALIST E AM E R I C A’S Th e O f f i c i a l P u b l i c a t i o n o f t h e Na t i o n a l A s s o c i a t i o n o f H e a l t h Un d e r w r i t e r s

CONVERT THE LOW-HANGING FRUIT IN YOUR BOOK OF BUSINESS

April 2021

Solving Compliance Problems Managing Remote Employees NAHU Award Winners

NAHU’S LEGISLATIVE SUCCESSES

Anatomy of a Bill Medicare Matters Value-Based Care

Advertise today!

The opinions expressed in this magazine are not necessarily endorsed by NAHU nor does the magazine assume responsibility for statements made in advertisements or published articles. Send editorial submissions to: America’s Benefit Specialist Editor, 999 E Street NW,

The YGS Group • 717-430-2238 justin.wolfe@theygsgroup.com

Suite 400, Washington DC 20004. America’s Benefit Specialist (ISSN 2475-5826, publication no. 238660), 2022, volume 69, number 7 Published 10 times per year (January/February, March, April, May, June, July, August/September, October, November and December) by the National Association of Health Underwriters, 999 E Street NW, Suite 400, Washington DC 20004. $25 annual subscription price is included in NAHU member dues. Periodical postage paid at Washington DC and additional mailing offices. POSTMASTER: Please send address changes to America’s Benefit Specialist, 999 E Street NW, Suite 400, Washington DC 20004.

4 ABS | benefitspecialistmagazine.com

benefitspecialistmagazine.com | ABS 5

RECENT MERGERS AND ACQUISITIONS

The combination of FormFire and the AgencyBloc AMS will streamline broker workflows. In addition, the combined com pany plans to expand its connections with carriers to enable efficient information flow across a broader set of small-group quoting and enrollment stakeholders. “FormFire is a leader in digitizing the health insurance quoting and enrollment process and we were very excited to get involved in their mission,” said Adam Lewis, CEO of AgencyBloc. “This acquisition will allow us to better serve our broker clients and improve workflow efficiency.” UMB HEALTHCARE SERVICES TO ACQUIRE HSA BUSINESS FROM OLD NATIONAL BANK UMB Bank announced the execution of a definitive agreement to acquire the Health Savings Account business of Old National Bank, a wholly owned subsidiary of Old National Bancorp. The transaction contem plates the transfer of approximately $500 million in client assets, of which approx imately $400 million are held in deposit accounts (based on numbers as of March 31, 2022). The assets, which are comprised of approximately 157,000 accounts across more than 3,000 employer groups, will significantly expand UMB’s direct-to- employer accounts. Old National Bancorp, one of the largest bank holding companies headquartered in the Midwest, has offered direct-to- employer HSAs since 2004. Upon closing, the nine-person Old National team will transition to UMB Healthcare Services. This acquisition is pending regulatory approval and is expected to close during the fourth quarter.

Kevin Slawin. “Trustmark will focus on markets where we can grow in the future, deliver differentiated capabilities for our clients and members and lead at a national level. In an evolving work environment, we will accelerate our efforts to become vastly more consequential in the markets we serve by helping employers offer benefits that build engaged, healthy teams.” Health Benefits will continue to support its existing employers and members with the same level of service following the acquisition. Completion of the transaction is subject to customary closing conditions, including regulatory approvals, and is expected to close later this year. AGENCYBLOC ACQUIRES FORMFIRE AgencyBloc, an agency management system provider for independent insurance agencies, has announced the acquisition of FormFire, a provider of quoting and enrollment for small-group benefits and medical health questionnaire data collection for carrier underwriting. The FormFire solution supports benefits quoting and enrollment, streamlining the many steps of the application process across many carriers and plan types into a single workflow across medically underwritten and community-rated small-group health plans. FormFire makes brokers more efficient and ensures that carriers receive accurate data for underwriting, quoting and enrollment. With a customer base of over 600 retail brokers and connectivity with leading health insurance carriers across 33 states, FormFire is dedicated to pro viding enhanced customer service and simplifying the distribution of small-group medical insurance.

TRUIST ACQUIRES BENEFITMALL Truist Insurance Holdings Inc. has signed a definitive agreement to acquire BenefitMall, the nation’s largest benefits wholesale gen eral agency, from funds managed by global investment firm Carlyle. The transaction will add approximately $150 million of an nual revenue to Truist Insurance Holdings’ wholesale division. Financial terms were not disclosed. The transaction is expected to close in the third quarter. “This acquisition of BenefitMall enables us to further diversify the solutions we offer to our clients and create an enhanced client experience,” said Truist Chairman and CEO Bill Rogers. BenefitMall has been serving clients for over 40 years, providing medical, dental, life, vision and long-term care benefits solu tions. Through its network of approximately 20,000 retail brokers, the company provides employee benefits to more than 140,000 small and medium-sized businesses across the country, leveraging a combination of in novative technology and human expertise to deliver a seamless benefits selling experience for its carriers, brokers and their clients. BenefitMall will be combined into CRC Group, a national wholesale distributor of specialty insurance products. HCSC TO ACQUIRE TRUSTMARK HEALTH BENEFITS Health Care Service Corporation has signed a definitive agreement with Trustco Holdings Inc. to purchase its wholly owned subsidiary, Trustmark Health Benefits, a third-party administrator of health benefits. “With this transaction, I am confident that, with HCSC, Health Benefits and its associates will be well-positioned for future success,” said Trustmark President and CEO

6 ABS | benefitspecialistmagazine.com

mana was also recently awarded contracts in Ohio and Louisiana. INTEGRITY ADDS FIRMS Integrity Marketing Group LLC has an nounced several recent acquisitions: • It has acquired American Business, a provider of life insurance products to high-net-worth clients. As part of the acquisition, Alan Grad, chairman and CEO, and Bruce Mesner, president, will become managing partners in Integrity. Founded in 1967, American Business is an independent agency headquartered in New York City. Licensed with over 50 in surance companies throughout the U.S., American Business serves over 35,000 current policy holders with $60 billion in active policies. The primary insurance products it provides to clients are life, dis ability, and long-term care insurance. • Integrity has acquired Richman Insur ance Agency, an insurance marketing organization based in Dallas. Rob Rich man, president of Richman Insurance Agency, will become a managing partner in Integrity. Richman Insurance Agency, founded in 2019, specializes in mortgage protection, final expense and retirement planning. In 2021, Richman Insurance Agency served over 20,000 Americans and provided over $15 million in annual paid premium. • Integrity has entered into an agreement to acquire Annexus, an independent insurance and financial product design and distribution company. Ron Shurts, co-founder and CEO of Annexus, will become a managing partner in Integrity. Previous Annexus investors, including funds managed by Blackstone, will sell

their interests as part of the transac tion. Annexus designs solutions to help Americans grow and protect their retirement savings. Annexus has won multiple awards including Barron’s Best Product for Seniors and, most recently, the Annuity Innovator of the Year award from EQDerivatives. In 2022, Annexus expects to place approximately $7 billion in annuity premium and $150 million in target life insurance premium. • Integrity has entered into an agreement to acquire PHP Agency, a field marketing organization based in Addison, Texas. Patrick Bet-David, founder and CEO, will become a managing partner in Integrity. PHP, which stands for “People Helping People,” serves nearly half a mil lion Americans nationwide by offering life and annuity products through its team of more than 27,000 agents across 170 offices. • Integrity has entered into an agreement to acquire Legacy Insurance and Finan cial Services, an independent marketing organization and financial services pro vider based in Salt Lake City, Utah. Larry Gray, managing partner of Legacy, will become a managing partner in Integrity and Wayne Gray, founding partner of Legacy, will become a partner in Integ rity. Since 2006, Legacy has expanded to operate in offices throughout the Western United States, serving seniors in the states of Utah, Oregon, Washington, Nevada and Idaho. The agency specializes in Medicare Supplement and Medicare Advantage plans, indemnity policies, life insurance and annuities. As a master brokerage, Legacy maintains relation ships with well over 200 companies. In

HUB INTERNATIONAL EXPANDS MEDICAL STOP-LOSS SERVICES HUB International Limited has acquired the assets of Stop Loss Insurance Brokers Inc. and Berkeley Insurance Brokers Inc. (collectively, Stop Loss Insurance Brokers). Located in Boston, Massachusetts, Stop Loss Insurance Brokers is an independent broker for medical stop-loss for the self-funded municipal market and businesses through out Massachusetts and New England. “We are thrilled to have Denise Doyle and the talented Stop Loss Insurance Bro kers team join Hub’s benefits practice,” said Shawn McLaughlin, president of Hub New England. HUMANA TO EXPAND SERVICES IN WISCONSIN WITH ACQUISITION Humana Inc. will acquire substantially all of the assets of Inclusa Inc., a managed-care organization in Wisconsin that provides long-term care services and supports to ap proximately 16,600 older adults and adults with disabilities through the state’s Family Care program. Inclusa works with over 6,000 service providers in approximately 40 service categories and is contracted with the State of Wisconsin and permitted through the Office of the Commissioner of Insurance to provide Family Care services and sup ports in 68 of Wisconsin’s 72 counties. The acquisition of Inclusa follows Humana’s 2020 acquisition of Wisconsin healthcare company iCare and will further increase the number of Medicaid recipients served by Humana, which currently totals approximately 1 million Medicaid members across five states—Florida, Illinois, Ken tucky, South Carolina and Wisconsin. Hu

benefitspecialistmagazine.com | ABS 7

Insurance are now members of the new WRM Group. This strategic partnership unites two successful agencies, each more than 75 years old. The complementary nature of their portfolios and cultures presents a substan tial opportunity. Byars|Wright has six offices across Alabama. Pritchett-Moore’s office is in Tuscaloosa. There are no plans to change locations. Current employees remain in their existing offices. The agencies will continue offering commercial insurance, surety/bonding, employee benefits solu tions, personal and life insurance. EMPLOYEE BENEFITS BUSINESS World Insurance Associates LLC acquired Sagacity Benefits of Burlington, Iowa, on July 1. Sagacity Benefits is a comprehensive consultant firm for employer-based benefits and specializes in health benefits platforms for companies of all sizes. Specialty markets include fully insured, partial self-funded and self-funded platforms. WORLD INSURANCE ASSOCIATES GROWS

Consulting. Based in Wyomissing, Pennsyl vania, PK Benefits provides comprehensive employee benefits insurance and wellness consulting. PK Benefits consults with clients on the best plans for their business ranging from traditional plans, consumer-driven health plans, fully insured to alternative funding arrangements. PK Benefits’ wellness division holds a Clinical Laboratory Improvement Amend ment (CLIA) Certificate of Waiver, which is supported by the FDA, CMS and CDC and meets federal standards for collecting specimens through biometric screenings for health assessments, diagnosing, and disease prevention. PK Benefits also provides testing for COVID-19, onsite vaccination clinics, and onsite nurse clinics. It works closely with clients to evaluate current wellness programs, determine employer objectives and employee needs, and imple ment wellness strategies to reduce employer costs and increase employee engagement for a healthier workforce. ALABAMA INSURANCE AGENCIES MERGE Byars|Wright Insurance and Pritch ett-Moore Insurance have entered into a merger agreement. As a result of the deal, the Where Relationships Matter Group LLC (WRM) formed. While the agencies will continue operating under their respective names, Byars|Wright and Pritchett-Moore

2021, Legacy served over 30,000 existing policyholders and issued over 5,000 new policies, securing more than $8 million in paid premium. • Integrity has acquired Statz Agency, an independent marketing organization based in Phoenix, Arizona. Suzanne Tatz, founder and CEO, will become a man aging partner in Integrity. Statz Agency focuses on helping seniors understand their Medicare options and get the cover age they need. • Integrity has acquired Velocity Life Insurance Agency, a rapidly growing independent marketing organization based in Roanoke, Virginia. As part of the acquisition, Dave Whichard, presi dent of Velocity, will become a managing partner in Integrity. Velocity specializes in providing final expense, mortgage protection and other insurance products to consumers nationwide. In 2021, the agency was able to support its network of thousands of agents in placing $33 million in annual paid premium while serving more than 40,000 Americans. PATRIOT GROWTH INSURANCE SERVICES AND PK BENEFITS CONSULTING CREATE PARTNERSHIP Patriot Growth Insurance Services LLC has announced a partnership with PK Benefits

8 ABS | benefitspecialistmagazine.com

INDUSTRY EVENTS

SEPTEMBER 12-14 CONSUMER EXPERIENCE & DIGITAL HEALTH FORUM

OCTOBER 19-22 TOP OF THE TABLE ANNUAL MEETING Santa Barbara, CA www.mdrt.org

JUNE 11-14 SHRM23 ANNUAL CONFERENCE & EXPO

Nashville, TN www.ahip.org

Las Vegas, NV www.shrm.org

OCTOBER 16-18 LIMRA ANNUAL CONFERENCE Chicago, IL www.limra.com

NOVEMBER 13-16 HLTH 2022

Las Vegas, NV www.hlth.com

Next Generation Broker Services. Less of everything that holds you back. More of everything that makes you great.

Digital Technology The Human Factor + BenefitMall.com | 800.350.0500

©2022 BenefitMall. All rights reserved. BenefitMall, the BenefitMall Logos, and NEXT GENERATION BROKER SERVICES are trademarks or registered trademarks of Centerstone Insurance and Financial Services, Inc. d/b/a BenefitMall or its affiliates in the U.S. California License #0639679.

benefitspecialistmagazine.com | ABS 9

WOMEN’S LEADERSHIP SUMMIT ELEVATES AND EDUCATES FEMALE LEADERS JOIN US TO LIFT OFF AND SOAR AT UPCOMING MARCH 2023 EVENT

By Cerrina Jensen

diversity, equity and inclusion. This is an interesting concept—one that many remain unfamiliar with, based on the number of conversations I’ve had in which people have asked me, “What’s DEI again?” I’m not 100% sure myself, but I’m learning. HERE’S WHAT I DO KNOW—WHY WE NEED TO DO THIS. This leadership summit could not be more timely and applicable. I am overwhelmed with gratitude that the universe is helping this venture lift off and soar. I’m exhilarated reflecting on the first two events, in March of 2019 and 2022. The resulting nation al buzz surrounding this event, and the astounding first week of incoming partner ships for 2023, are testimony to its powerful effect. We are so thankful for and proud of these innovative and forward-thinking companies for leaning in and elevating

just a little. Lisa challenged us with small group activities that resulted in a dynamic and refreshing large-group dialogue to wrap it up. It struck me several days later that the Women’s Leadership Summit falls within the emerging DEI landscape. At first, I resisted the idea, but it’s true. Promoting and elevating female leadership within our industry is most certainly a matter of

Recently I enjoyed a diversity, equity and inclusion CE course presented by my friend and colleague Lisa Hutcherson (of Summus and Darlis LLC) at the Sacramento AHU Business Expo. Well, truthfully, I didn’t enjoy every moment of it. And that was the point, Lisa shared. Her intention was to create some discomfort. Because that’s where growth happens – in the discomfort. She gently nudged us to squirm in our seats

ELLEVATE FOUNDATION IS A NEW EDUCATIONAL NON-PROFIT FORMED FOR THE PURPOSE OF ELEVATING WOMEN BY PROVIDING TOOLS AND RESOURCES TO GROW PERSONALLY AND PROFESSIONALLY.

10 ABS | benefitspecialistmagazine.com

WOMEN’S LEADERSHIP SUMMIT

What: Ellevate Foundation is a new edu cational non-profit formed for the purpose of elevating women by providing tools and resources to grow personally and profes sionally. Our revenues are used specifically for the foundation’s mission to provide fi nancial support for women new to our field with grants to attend industry events and advance their professional development. When: The 2023 Women’s Leadership Summit will begin on the afternoon of Monday, March 13, and concludes around noon on Wednesday, March 15, 2023. Where: We are returning to where it all began, at the JWMarriott Resort & Spa just outside Las Vegas. Our plan is that the en tire summit, including the infamous Ladies Night Out, will take place on the property in 2023. Why: Current and aspiring female lead ers both within and outside the insurance industry find this a valuable program that fosters personal growth, leadership and self-awareness. Our participants get a deep er sense of self, and tools to unleash their own unique magic once they return home equipped, empowered, engaged and ELLEVATED. How: By nurturing, elevating, training and uplifting female leaders, Ellevate Foun dation will contribute to the critical need for more upward mobility for women in our industry through personal and professional development and strategic networking. Join us to be ELLEVATED: http://ellevate foundation.org. Cerrina Jensen is a broker consultant with Solv Independent Insurance Associates. She is founder of a complimentary consultancy, Stellar Stories, as well as a founding officer of Ellevate Foundation, which hosts the Women’s Leadership Summit. Cerrina has been honored with many local, state and national awards for her leadership and consumer advocacy.

female leadership in our industry. Because it’s time. According to a compilation of data curated by S&P Global Market Intelligence, only 23% of executives and officers at large insurance companies are women. However, a study by McKinsey & Company revealed that women make up 67% of entry-level staff. They go on to assert that creating sponsorship opportunities is one way to help women advance professionally. With women being 21% less likely to be promot ed than men, there’s a clear need for both informal and formal social networks for women. The purpose of the Women’s Leadership Summit, which we founded through CAHU (now CAHIP) in 2019, is to foster personal growth, leadership and self-awareness for both current and aspiring female leaders in our industry. Our goal from the outset was to provide an atmosphere that encourag es intimacy, relationship building, frank discussions and, most of all, an opportunity to learn and grow. Immediately following the conclusion of WLS this past March, many conversations ensued around the country about the pro found and life-changing impact the event had on many of our participants. As we said before, we appreciate all the thanks, acco lades and feedback. We are beyond excited to share some of those “exciting develop ments” we promised back in May. The original founders of the CAHIP Women’s Leadership Summit, along with a couple of additional key contributors, have formed a brand-new, insurance-focused educational non-profit called Ellevate Foundation. We officially began operations shortly after the conclusion of WLS 2022. Our Ellevate Foundation board of direc tors includes: • President Stephanie Berger (VCAHU) • Vice President Jolene Bibian (VCAHU) • Secretary/Treasurer Cerrina Jensen (SAHU)

• Korey Ashton (Treasure Valley AHU) • Sue Wakamoto-Lee (GGAHU/OCAHU)

• Jill Pedersen (Oregon AHU) • Dawn McFarland (LAAHU)

We are honored to enjoy the support and collaboration of our founding body, CAHU/ CAHIP, in making this transition. We are extra proud that our president, Stephanie Berger, has been elected to serve as the regional vice president of NAHU repre senting Region 8. Also, board member Sue Wakamoto-Lee has been elected to serve as the president of our state chapter of NAHU. This synergy has been critical to ensuring the ongoing success and growth of the Women’s Leadership Summit. We also value our participants, partners, speakers and fans in so many other chapters of NAHU across the country! I want to give kudos to AmWins Connect (amwinsconnect.com) for their quick and pivotal decision to join us in launching Elle vate’s first WLS as our Exclusive Partner. We see you, and we appreciate you! We are also immensely thankful to our rapidly growing list of additional partners for WLS 2023. We can’t wait to share this event with everyone March 13-15, 2023! General registration is open now and we are expecting this event to sell out, so if you want to join our move ment, be sure to act quickly: https://bit. ly/3P9unke. Being that we’re an educational founda tion, let’s take it way back to schoolhouse days when we all learned the key points of any good story: Who: We believe in and support female leadership. We welcome and encourage like-minded innovators in our industry to partner with us for this important sum mit. It’s a unique conference that attracts a diverse group of women who work with insurance carriers, general agencies, administrators, technologists and various products and programs that encourage female success.

benefitspecialistmagazine.com | ABS 11

12 ABS | benefitspecialistmagazine.com

benefitspecialistmagazine.com | ABS 13

PEOPLE ON THE MOVE Five trailblazers from Alliant Insurance Services have earned the prestige of being named Elite Women by Insurance Business America. The 2022 honorees were recog nized for their inspiration, excellence and influence on the insurance profession and their peers. Among the honorees is Chicago Downtown AHU member Adriana

In his role at Risk Strategies, Ellison will focus nationally on coordinating the re sources of two of the firm’s largest national practices to better service clients – employ ee benefits and health care—while develop ing processes to expand this model to other business segments. Ellison is a graduate of Texas Christian University and holds a Master of Business Administration from the Olin School of Business at Washington University in St. Louis.

in the Pacific Northwest. The Vancouver, Washington-based Larson joins Alliant with a diverse expertise spanning the fields of benefits consulting, HR consulting, ana lytics, employee communications and plan design. Prior to joining Alliant, Larson was vice president, business development and employee benefits strategic advisor with an international insurance brokerage and con sulting firm. She was also the co-organizer for Oregon’s DisruptHRPDX, an innovative HR platform designed to energize, inform and empower HR professionals in a TED talk like setting. Orlando, Florida-based consultant Alex Gibson has joined Alliant as vice president within its Employee Benefits Group. Gibson will work with a diverse base of regional and national clients, deploying customized employee benefits programs and solutions. Gibson’s expertise encompasses the areas of analytics, strategic planning, HR consult ing, employee wellness, pharmacy benefit consulting and compliance. Prior to joining Alliant, Gibson was an employee bene fits consultant with a national insurance brokerage and consulting firm. Gibson has a creative, solution-oriented approach inspired by his extensive experience in the music industry as a Grammy-nominated music engineer, producer and founder of a music production and management company. He holds a bachelor’s degree in chemistry from the University of Florida and a bachelor’s degree in music production and engineering from the Berklee College of Music in Boston. Veteran employee benefits consultant Eric Kaufman has joined Alliant as senior vice president within its Employee Benefits Group. Based in Los Angeles, Kaufman joins Alliant with extensive experience designing and deploying strategic employee benefits and retirement solutions to a diverse client base. Kaufman joins Alliant with experience

Duenas . Duenas is senior vice president at Alliant, and a top producer with a focus in life, health, dental

Industry veteran Stephanie Williams has joined UMB Healthcare Services as vice president and third-party program administrator of UMB Healthcare Services. In

and disability insurance. She delivers a range of powerful solutions to midsize employers that enhance employee well-be ing and strengthen the bottom line. Duenas is a dedicated mentor who strives to build and nurture a diverse team of professionals at Alliant. She co-founded the Women at Alliant employee resource group and is a member of Chief, a private network designed to strengthen and advance women in leadership. Jason Ellison has joined Risk Strategies, a national specialty insurance brokerage and risk-management firm, as employee benefits leader, National Health Care Practice. Elli son has more than two decades of hands-on experience leading teams that help clients design, fund and administer their employ ee benefit programs. Based in Nashville, Tennessee, he most recently served as area senior vice president of Gallagher’s Health and Welfare Consulting business. While at Gallagher, he served on its National Healthcare Practice leadership team as well as its National Innovation Advisory Group. Before Gallagher, he was a principal and senior consultant at Mercer and previously held various leadership positions at United Healthcare.

this role, she is responsible for developing, implementing and overseeing effective processes supporting the Health Savings Account and employer benefit spending account programs offered by UMB Healthcare Services and its third-party partners. Stephanie also provides support for UMB Healthcare Services and its third-party partners to facilitate growth and applies quality assurance measures to ensure the success of the programs offered. Stephanie has more than three decades of experience in the healthcare field. She previ ously worked in various roles during her 32 years at Medical Mutual of Ohio, where she received the Medical Mutual Emerg ing Leader Award. She is also certified in Flexible Compensation Instructor (CFCI) through the Employer’s Council on Flexible Compensation, of which she is a member. Alliant Insurance Services recently an nounced several key hirings: Shawna Larson joins Alliant as vice president of the Employee Benefits Group

14 ABS | benefitspecialistmagazine.com

PEOPLE ON THE MOVE

Group. The Orlando, Florida-based consul tant joins Alliant with extensive experience working with organizations in the public and private sectors, including fully insured and self-insured organizations. Prior to join ing Alliant, Fox was vice president with a national insurance brokerage and consulting firm. He earned his bachelor’s degree in finance from Florida State University. Employee benefits consultant Charles Cook has joined Alliant as executive vice president within its Employee Benefits Group. Based in Orlando, Florida, Cook has more than three decades of experience across all aspects of the benefits space and will work with a diverse client base as Alliant continues to expand its presence in the Southeast and nationally. Prior to joining Alliant, Cook was senior vice president with a national insurance brokerage and consulting firm. He earned his undergraduate and graduate degrees from Florida State University. Integrity Marketing Group LLC has made the following personnel announcements: Ryan Kimble will become president, Integrity Health. With more than 20 years of industry experience, Kimble will oversee Integrity’s extensive health insurance efforts, including Medicare, individual and group coverage. Kimble will be responsible for leading Integrity’s health insurance initia tives, ensuring that revenue and production goals are met. Additionally, he will play a key role in managing relationships between Integrity’s distribution and carrier partners. Shortly after beginning his career at Agent Pipeline, Kimble introduced Medi care products to the company’s portfolio. That led to rapid national expansion as the agency helped pioneer Medicare marketing and distribution. Today, Kimble is recog nized as an expert on Medicare Advantage, Medicare Supplement, individual ACA and Continued on page 48

the business. Aicher attended the University of Southern California. Los Angeles-based benefits consultant Eric Faust has joined Alliant Insurance Services as assistant vice president within its Employee Benefits Group. Faust joins Alliant with experience working with clients across a breadth of industries and sizes. Prior to joining Alliant, Faust was a benefits consultant with a national insur ance brokerage and consulting firm. He also has experience as a financial advisor. Faust earned his MBA from Pepperdine Univer sity’s Graziadio Business School and his bachelor’s degree in economics from Loyola Marymount University. Jeremy Joe has joined Alliant as senior vice president within its Employee Benefits Group. Based in Los Angeles, Joe will design and implement strategic employee benefits solutions that add value and provide long term financial strength to a diverse client base. Joe has nearly 25 years of experience in benefits consulting, working with clients across a broad range of industries and dis ciplines. Prior to joining Alliant, Joe was se nior vice president, senior consultant with a national insurance brokerage and consulting firm. He earned his bachelor’s degree from the University of California, Riverside. Employee benefits consultant Patrick De ggelman has joined Alliant as first vice pres ident within its Employee Benefits Group. Based in the Greater Washington DC area, Deggelman will leverage his experience in ac tuarial science, data and analytics to provide strategic benefits solutions to a diverse base of clients. Prior to joining Alliant, Deggelman was senior director with a London-based financial services organization. He received his bachelor’s degree in mathematics from the University of Notre Dame. Alliant has hired employee benefits consultant Andrew Fox as vice president, adding strength to its Employee Benefits

across all aspects of the employee benefits landscape, including health and welfare benefits, qualified and non-qualified retire ment planning and executive benefits. Prior to joining Alliant, Kaufman was senior vice president with a national insurance brokerage and consulting firm. He also has experience on the carrier side of the business. Kaufman is active in his community, having served on the boards of Pepperdine University, Professional Child Development Associates, and West Coast Care. He earned his MBA and bachelor’s degrees from the University of Southern California. Veteran employee benefits consultant Jenna Klein has joined Alliant as vice president within its Employee Benefits Group. Based in Chicago, Klein will design and deploy a full range of employee benefits solutions to a diverse portfolio of regional and national clients. Klein brings 20+ years of industry experience to her role with Alliant. Prior to joining Alliant, Klein was a principal with a global investment and consulting firm. Klein attended Creighton University where she studied finance. Alliant Retirement Consulting, a division of Alliant Insurance Services, has hired Kathy Aicher as vice president within its Los Angeles office. The longtime retirement con sultant will provide a full range of retirement solutions and services to a diverse client base. Aicher has extensive experience designing and delivering retirement programs that assist businesses in mitigating risk and pro viding long-term financial security to their employees. She has experience with a breadth of solutions that include defined contribu tion plans, executive benefits, and health and wellness plans. Prior to joining Alliant Retirement Consulting, Aicher was a partner and senior retirement consultant with a national brokerage and consulting firm. She also has experience in the financial services industry, as well as the recordkeeper side of

benefitspecialistmagazine.com | ABS 15

CYBERSECURITY 2.0: THE LATEST ON CYBER ATTACKS, RANSOMWARE

AND THE NEED FOR RISK ASSESSMENTS

PART TWO

By Dorothy Cociu, RHU, REBC, GBA, RPA President, Advanced Benefit Consulting & Insurance Services, Inc. Vice President, Communications, California Agents & Health Insurance Professionals

Every article I write about this topic and every training I do includes my preaching about the need to do risk assessments. This means you must look at every device, every tool, every router, every network and everything else to determine where the risks are—and figure out how to mitigate those risks. According to Ted Flittner, “In basic terms, this is a comprehensive review of you or your business to consider what risks you may face (stolen computer, ransomware attack, even physical break-in), what inher ent vulnerabilities you have (staff bringing their own computers, work at home, out of

date software), the likelihood of each type of problem actually happening, and the impact if they do. Then we decide which items are really critical to address, which are less seri ous and on down. Sometimes we conclude that chances are low that a problem hap pens, but the impact would be catastrophic, so we take steps to avoid or easily recover. (Think life insurance.)” Flittner continued: “The result should be action to address the dangers. HIPAA and HITECH require it for businesses that fall under HIPAA. And it’s often mentioned by the federal investigators as missing or lacking in HIPAA violations.”

Identifying technical vulnerabilities to include in their risk analysis, according to OCR in its March 17 Newsletter (which I’ll mention again below and include the link to view it), include the following: • subscribing to Cybersecurity and Infra structure Security Agency (CISA) alerts (https://us-cert.cisa.gov/ncas/alerts) and bulletins (https://us-cert.cisa.gov/ncas/ bulletins) • subscribing to alerts from the HHS Health Sector Cybersecurity Coordina tion Center (www.hhs.gov/about/agen cies/asa/ocio/hc3/contact/index.html) • participating in an information sharing and analysis center (ISAC) or informa tion sharing and analysis organization (ISAO) • implementing a vulnerability-manage ment program that includes using a vulnerability scanner to detect vulner

SECURITY IS ALWAYS EVOLVING AND WHERE YOU DIDN’T THINK YOU HAVE RISK IN THE PAST MAY BE TOTALLY DIFFERENT TODAY.

16 ABS | benefitspecialistmagazine.com

CYBERSECURITY 2.0

abilities such as obsolete software and missing patches • periodically conducting penetration tests to identify weaknesses that could be exploited by an attacker. Regulated entities, according to OCR, should not rely on only one of the above techniques, but should consider a combi nation of approaches to properly identify technical vulnerabilities within their enterprise. Once identified, assessed and prioritized, appropriate measures need to be implemented to mitigate these vulnera bilities (e.g., apply patches, harden systems, retire equipment). How often should a risk assessment be done? Flittner recommends a yearly review or when major changes happen with the business. Who should be involved in a risk assessment—just IT? “Risks involve the whole team,” stated Flittner. “Key sup porters of risk assessments should include executives, especially financial leadership, but really everyone should be involved in some way.” What are some of the areas in an orga nization that need to be looked at in a risk assessment? “Everywhere that sensitive info moves throughout your business,” replied Flittner. “This could just be one de partment like human resources, or it could affect everyone.” What sort of questions, tasks, need to be included in a risk assessment? Ted Mayeshi ba of Aditi Group responded: “Physical inventory—what devices hold sensitive data (PHI in HIPAA terminology). Important questions include: Where does the data re side? What’s in ‘the cloud’ with third-party companies? Who should access the sensitive info? And how do you control access? Is there a BA agreement in place? Does the third-party company have access to the data? All of these should be considered and discussed within your organization.” We always recommend that a risk assess ment be done by an independent third par ty. Why? Flittner lists three main reasons:

WEAK PASSWORD RULES AND SINGLE-FACTOR AUTHENTICATION ARE AMONG THE PRACTICES THAT CAN CONTRIBUTE TO SUCCESSFUL ATTACKS.

“First it’s not the main job of employees, so it rarely gets priority. Second, outside eyes tend to notice problems that people who see the process every day can miss (can’t see the forest through the trees in front of them). Third, employees sometimes are reticent to admit to weaknesses in the process.” I asked Flittner what message he would share with every business owner, large or small, related to risk assessments and their importance in protecting their data? “Know before it’s too late. Be prepared. As a former Boy Scout, I learned to live by the motto long ago. Security is always evolving and where you didn’t think you have risk in the past may be totally different today. And the cost of problems like data breaches and ransomware are much higher than the cost of prevention.” WEAK CYBERSECURITY PRACTICES It is well known that a regulated entity that has weak cybersecurity practices makes itself an attractive soft target for hackers and cyber criminals. Weak authentication re quirements are frequent targets of successful cyber-attacks. Over 80% of breaches due to hacking involved compromised or brute forced credentials, according to OCR. 1 Weak password rules and single-factor authentication are among the practices that can contribute to successful attacks. Once inside an organization, if the entity has weak access controls, this can further contribute to an attacker’s ability to com promise systems by accessing privileged accounts, moving to multiple computer systems, deploying malicious software, and exfiltrating sensitive data.

HIPAA rules state that regulated entities are required to verify that persons or entities seeking access to ePHI are who they claim to be by implementing authen tication processes. (See 45 CFR 164.312(d): Standard: Person or Entity Authentication.) A regulated entity’s risk analysis should guide its implementation of appropriate authentication solutions to reduce the risk of unauthorized access to ePHI. For example, authenticating users that access a regulated entity’s systems remotely (e.g., working from home) may present a higher level of risk to a regulated entity’s ePHI than users logging into their desktop computer at work. To appropriately reduce the higher level of risk of remote access, a regulated entity may consider implementing stronger authentication solutions, such as multi-fac tor authentication. According to OCR’s March 17 th news letter, implementing access controls that restrict access to ePHI to only those requiring such access is also a requirement of the HIPAA Security Rule. (See 45 CFR 164.312(a)(1): Standard: Access Control.) Here, too, the risk analysis should guide the implementation of appropriate access controls. For example, a regulated entity may determine that because its privileged accounts (e.g., administrator, root) have access that supersedes other access controls (e.g., role- or user-based access)—thus can access ePHI, the privileged accounts present a higher risk of unauthorized access to ePHI than non-privileged accounts. Not only could privileged accounts supersede access restrictions, but they could also delete ePHI or even alter or delete hardware or software configurations, rendering devices inoper

benefitspecialistmagazine.com | ABS 17

CYBERSECURITY 2.0

covered entities on keeping you safe against common cyber threats. I’ll try to high light some of the most important tips. I would suggest you read the HHS Office for Civil Rights in Action March 17 Newsletter, “OCR Cybersecurity Newsletter: Defending Against Common Cyber Attacks,” which I mentioned earlier. 2 In addition, the IRS published several releases in February to protect taxpayers from scams and fraud ulent activity, 3 as well as announcing a transition away from the use of third-party verification involving facial recognition. 4 I will attempt to summarize some of the more important items discussed in these publica tions. I want to point out that since we don’t have a single national entity regulating all forms of electronic and cybersecurity, even if you’re not a covered entity under HIPAA rules, the HIPAA Security and HITECH rules are very effective in protecting your organization from all types of electronic and cybersecurity threats. Simply put: It’s all we have, for the most part, so use those rules to your advantage. PHISHING, SPEAR-PHISHING AND WHALING One of the most common attack vectors is phishing. This is a type of cyber-attack that is used to trick individuals into divulging sensitive information via electronic commu nications, such as by email, or by imperson ating a trustworthy source. According to HHS, 42% of ransomware attacks in Q2 of 2021 involved phishing. If you’re subject to HIPAA Security and HITECH (meaning you are a HIPAA covered entity such as a sponsor of a health plan, an insurance company or a provider of healthcare services), your workforce members should understand that they have an important role in protecting the ePHI of their organization from cyber-attacks, according to OCR. Part of that role involves being able to detect and take appropriate actions if someone in the organization encounters a suspicious email. The problem

is, if they are not trained to detect suspicious emails, they will go unnoticed, and bad things generally tend to happen as a result. These regulated entities should train their workforce (there is that word again… train) to recognize phishing attacks and imple ment a protocol on what to do when such attack or suspected attack occurs. Do you have such protocols in place in your organi zation? Do your employees know who they are supposed to report suspicious emails to in your organization? Is anyone assigned to be that person or department? Mayeshiba had these words to share: “In the latest Office of Civil Rights newsletter, the government has tipped their hand as to the raising of the threshold of ‘reasonable ef forts’ for evaluating companies ’best efforts’ defending against common cyber-attacks. There is a new and repeated reference to ‘penetration attacks’ as a best practice which should be adopted by companies. “Penetration testing is usually a third par ty outside attack on your company’s network by ‘friendly’ forces that test weaknesses in your network. This is really nothing new; this is done by Fortune 500 firms. It is the first time that we’ve witnessed this idea put forth in a regular OCR cybersecurity newsletter. Of particular interest was the reference to tie cybersecurity training pro grams with a follow-up friendly ‘phishing,’ ‘spear-phishing’ and ‘whaling’ attacks to test the effectiveness of the training. As attacks become more frequent and target even small firms, it is becoming increasingly urgent to tighten cybersecurity for all firms.” According to Mayeshiba, phishing is a type of social engineering attack commonly used to steal user data including login cre dentials or other financial data. It commonly occurs when an attacker, masquerading as a trusted entity, dupes a victim into revealing sensitive information by opening an email, link or text message. Spear phishing is similar to phishing, but the attack includes specific information unique to the individ ual being attacked, thereby increasing the

able. To reduce the risk of unauthorized access to privileged accounts, the regulated entity could decide that a privileged access management (PAM) system is reasonable and appropriate to implement. A PAM sys tem is a solution to secure, manage, control and audit access to and use of privileged accounts and/or functions for an organiza tion’s infrastructure. A PAM solution gives organizations control and insight into how its privileged accounts are used within its environment, thus can help detect and pre vent the misuse of privileged accounts. Regulated entities should periodically examine the strength and effectiveness of their cybersecurity practices and increase or add security controls to reduce risk as appropriate. Regulated entities are required to periodically review and modify imple mented security measures to ensure such measures continue to protect ePHI. (See 45 CFR 164.306(e): Maintenance.) Further, regulated entities are required to conduct periodic technical and non-technical eval uations of implemented security safeguards in response to environmental or operational changes affecting the security of ePHI to ensure continued protection of ePHI and compliance with the Security Rule. (See 45 CFR 164.308(a)(8): Standard: Evaluation.) Examples of environmental or operational changes could include the implementation of new technology, identification of new threats to ePHI, and organizational changes such as a merger or acquisition. But even if you’re not a HIPAA covered entity, these practices should apply to any organization due to the many other state and federal pri vacy and security rules, and as a matter or overall good business practice to keep your organization’s data safe. NEW FEDERAL GUIDANCE ON DEFENDING AGAINST COMMON CYBER-ATTACKS In the past few months, both the IRS and HHS’s Office of Civil Rights have issued guidance and newsletters for HIPAA

18 ABS | benefitspecialistmagazine.com