Pandemic: A Plan of Action
Recent outbreaks demonstrate the need for a different planning approach to meet the unique challenges posed by pandemics
There are few risks more resilient and more difficult to control than pandemic. It is by its very nature unpredictable, often emerging virtually undetected, travelling quickly from human to human, crossing continents at the speed of international travel, and resisting most forms of medical intervention. Even attempts to define pandemic have proved problematic, as witnessed during the H1N1 influenza outbreak in 2009 when many questioned the World Health Organization’s decision to declare the event a pandemic.
The recent surge of Ebola cases in West Africa, the growing threat posed by the Middle East Respiratory Syndrome coronavirus (MERS-CoV), and the multi-state measles outbreak in the U.S. have once again escalated the need for robust pandemic planning, but have also exposed deficiencies in preparedness strategies. It requires a resilience approach which goes far beyond the parameters of standard business continuity planning.
Planning for pandemic
Planning for a pandemic event presents a number of unique challenges. Unlike other disruptive events, such as natural catastrophes, malicious attacks or terrorist events, determining the potential scale and scope of a pandemic event is extremely difficult. Further, its impact can spread far beyond the actual reach of the virus itself, driven by the public fear it generates, which can be almost as debilitating as the pandemic.
To address these challenges, the pandemic plan must incorporate a number of core elements:
The program spans a number of critical components, including steps for monitoring potential outbreaks, a strategy for educating employees, as well as clear processes for communicating and coordinating with critical service providers and suppliers. In addition, it must provide appropriate hygiene tools for employees.
The strategy provides for the escalation of pandemic efforts to reflect the particular phase of the outbreak. It is imperative that clearly defined trigger points are developed to identify when preparedness activities should move to the next level, for example when the first case is confirmed, confirmed in a particular region, or confirmed within the organization itself. The strategy must also span the recovery phase from a pandemic wave and proper preparations for any following wave(s).
Comprehensive framework of facilities, systems or procedures
The framework must outline the capabilities and procedures required to maintain critical operations in the event that large numbers of staff are unavailable for prolonged periods. This may include social distancing to minimize staff contact,
telecommuting, or conducting operations from alternative sites.
To ensure the organization’s pandemic planning practices and capabilities are effective, and will allow critical operations to continue, regular exercises should be conducted, where possible involving key suppliers.
The program ensures ongoing review and updates to the pandemic plan so that policies, standards, and procedures include up-to-date, relevant information provided by governmental sources.
Given the multiple moving parts within the pandemic plan, a central coordinator role should be established to oversee all elements, ideally supported by a pandemic team including representation from across the organization, including HR, legal, communications.
A duty of care
At the core of pandemic planning is the duty of care placed on an organization – the social contract between employer and employee that ensures the health and safety of each and every member of staff, as well as their families, before, during and after a pandemic event occurs.
To enable it to maintain its CSR commitment, a company must adopt an integrated strategic approach to managing its duty of care obligations. Policies and practices must be established to provide a support framework to employees in the event of a pandemic outbreak. These can range from telework agreements allowing employees to work from remote locations, and absenteeism surveys to identify staff members most likely to be unavailable for work in the event of a pandemic; through to international travel policies tracking employee trips and imposing travel restrictions, and employee health policies detailing contact procedures in cases of infection and compensation plans for time off work.
However, the implementation of such procedures must be carefully managed. Policy agreements must recognize the specific circumstances created by a pandemic. For example, international policies must address how and when the company may restrict an employee’s travel to outbreak areas. Further, employees travelling to high-risk areas must receive training to reduce the risks of exposure and potential infection. In terms of teleworking agreements, companies should also consider how the potential for remote working might impact information security requirements if employees are using their own devices.
Such policies must reflect the prevailing regulatory framework both at a national and international level. From a U.S. perspective, there are numerous pieces of legislation which have the potential to impact on pandemic-related policies. For example, the Family and Medical Leave Act allows (during a flu pandemic) for employees caring for infected relatives to be absent from the workplace; while the implications of the Occupational Safety and Health Act on policy decisions are extensive, given that it requires employers to provide a safe and healthy work environment for all employees.
Legislation also imposes data restrictions on employers that could affect their pandemic strategy. The Health Insurance Portability and Accountability Act contains numerous federal privacy protections for individually identifiable health information; although does allow for disclosure to public health officials in specific circumstances. Extending out into the international arena, data privacy laws such as those in place in the EU can restrict the ability of European-based subsidiaries to share medical information with parent companies outside of the EU.
A question of when
Pandemic is an ever present threat – and yet it is one that many are simply not ready to respond to. To prepare effectively, companies must generate pandemic-specific plans, building on the foundations of a robust business continuity strategy, but encompassing the unique characteristics of this threat. The Ebola outbreak proved that even in the face of a unified, international response, countries remain critically exposed. As Jim Yong Kim, president of the World Bank, declared in the aftermath
of the event, the world is “dangerously unprepared” for the next major pandemic.
The insurance response
A pandemic outbreak has the potential to impact a broad range of insurance programs. Below is an outline of some of the traditional P&C coverages that could respond:
Business Interruption (BI): While most BI policies are triggered by direct physical damage to or loss of property stemming from a covered peril, specialty BI policies with pandemic-related triggers which do not require physical damage are available – although cover is limited.
Workers’ Compensation: Workers’ compensation will likely be triggered in the event of an employee contracting a virus in the course of their employment. This would cover costs including treatment, loss of wages and, in worst case scenarios, death benefits.
Employers’ Liability: Employers’ Liability could apply in situations where an insured employee choose to file a suit against their employer for negligence.
Directors’ & Officers’ Liability (D&O): D&O cover will generally apply in cases of perceived mismanagement. For example, an employer may face allegations of failing to implement proper protocols, or to safeguard employees’ wellbeing.
Medical Errors & Omissions: Medical E&O coverage could apply in circumstances where a patient alleges they were exposed to a pandemic-related illness due to a medical facilities’ errors or omissions in their medical care.