Aetna 2006 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2006 Aetna annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 102

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102

Page 30
The federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) generally requires insurers and
other carriers that write small business in any market to accept for coverage any small employer group applying for
a basic and standard plan of benefits. HIPAA also mandates guaranteed renewal of health care coverage for most
employer groups, subject to certain defined exceptions, and provides for specified employer notice periods in
connection with product and market withdrawals. The law further limits exclusions based on preexisting conditions
for individuals covered under group policies to the extent the individuals had prior creditable coverage within a
specified time frame. HIPAA is structured as a “floor” requirement, allowing states latitude to enact more stringent
rules governing each of these restrictions. For example, certain states have modified HIPAA’ s definition of a small
group (2-50 employees) to include groups of one employee.
In addition, a number of states provide for a voluntary reinsurance mechanism to spread small group risk among
participating insurers and other carriers. In a small number of states, participation in this pooling mechanism is
mandatory for all small group carriers. In general, we have elected not to participate in voluntary pools, but even in
the voluntary pool states, we may be subject to certain supplemental assessments related to the state’ s small group
experience.
HIPAA Administrative Simplification; Gramm-Leach-Bliley Act
The regulations under the administrative simplification provisions of HIPAA also impose a number of additional
obligations on issuers of health insurance coverage and health benefit plan sponsors. The law authorizes the U.S.
Department of Health and Human Services (“HHS”) to issue standards for electronic transactions, as well as
privacy and security of medical records and other individually identifiable health information (“Administrative
Simplification”).
Administrative Simplification requirements apply to self-funded group health plans, health insurers and HMOs,
health care clearinghouses and health care providers who transmit health information electronically (“Covered
Entities”). Regulations adopted to implement Administrative Simplification also require that business associates
acting for or on behalf of these Covered Entities be contractually obligated to meet HIPAA standards. The
Administrative Simplification regulations establish significant criminal penalties and civil sanctions for
noncompliance.
Under Administrative Simplification, HHS has released rules mandating the use of standard formats in electronic
health care transactions (e.g., health care claims submission and payment, plan eligibility, precertification, claims
status, plan enrollment and disenrollment, payment and remittance advice, plan premium payments and
coordination of benefits). HHS also has published rules requiring the use of standardized code sets and unique
identifiers for employers and providers. We have met all applicable Administrative Simplification requirements to
date. We are required to comply with the provider identifier rules by May 2007.
The HIPAA privacy regulations adopted by HHS established limits on the use and disclosure of medical records
and other individually identifiable health information by Covered Entities. In addition, the HIPAA privacy
regulations provide patients new rights to understand and control how their health information is used. The HIPAA
privacy regulations do not preempt more stringent state laws and regulations that may apply to us and other
Covered Entities, and complying with additional state requirements could require us to make additional investments
beyond those we have made to comply with the HIPAA regulations. HHS has also adopted security regulations
designed to protect member health information from unauthorized use or disclosure.
In addition, states have adopted regulations to implement provisions of the Gramm-Leach-Bliley Act (“GLBA”)
which generally require insurers to provide customers with notice regarding how their non-public personal health
and financial information is used and the opportunity to “opt out” of certain disclosures before the insurer shares
such information with a non-affiliated third party. In addition to health insurance, the GLBA regulations apply to
life and disability insurance. Like HIPAA, this law sets a “floor” standard, allowing states to adopt more stringent
requirements governing privacy protection. GLBA also gives banks and other financial institutions the ability to
affiliate with insurance companies, which may lead to new competitors in the insurance and health benefits
businesses.