Aetna 2008 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2008 Aetna annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 98

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98

Annual Report - Page 26
conditions for individuals covered under group policies to the extent the individuals had prior creditable coverage
within a specified time frame. HIPAA is structured as a “floor” requirement, allowing states latitude to enact more
stringent rules governing each of these restrictions. For example, certain states have modified HIPAA’ s definition of
a small group (2-50 employees) to include groups of one employee.
In addition, a number of states provide for a voluntary reinsurance mechanism to spread small group risk among
participating insurers and other carriers. In a small number of states, participation in this pooling mechanism is
mandatory for all small group carriers. In general, we have elected not to participate in voluntary pools, but even in
the voluntary pool states, we may be subject to certain supplemental assessments related to the state’ s small group
experience.
HIPAA Administrative Simplification and Privacy; Gramm-Leach-Bliley Act
The regulations under the administrative simplification provisions of HIPAA also impose a number of additional
obligations on issuers of health insurance coverage and health benefit plan sponsors. The law authorizes the U.S.
Department of Health and Human Services (“HHS”) to issue standards for electronic transactions, as well as privacy
and security of medical records and other individually identifiable health information (“Administrative
Simplification”).
Administrative Simplification requirements apply to self-funded group health plans, health insurers and HMOs,
health care clearinghouses and health care providers who transmit health information electronically (“Covered
Entities”). Regulations adopted to implement Administrative Simplification also require that business associates
acting for or on behalf of these Covered Entities be contractually obligated to meet HIPAA standards. The
Administrative Simplification regulations establish significant criminal penalties and civil sanctions for
noncompliance.
Under Administrative Simplification, HHS has released rules mandating the use of standard formats in electronic
health care transactions (for example, health care claims submission and payment, plan eligibility, precertification,
claims status, plan enrollment and disenrollment, payment and remittance advice, plan premium payments and
coordination of benefits). HHS also has published rules requiring the use of standardized code sets and unique
identifiers for employers and providers.
The HIPAA privacy regulations adopted by HHS established limits on the use and disclosure of medical records and
other individually identifiable health information by Covered Entities. In addition, the HIPAA privacy regulations
provide patients with new rights to understand and control how their health information is used. The HIPAA privacy
regulations do not preempt more stringent state laws and regulations that may apply to us and other Covered Entities,
including laws that place stricter controls on the release of information relating to specific diseases or conditions, and
complying with additional state requirements could require us to make additional investments beyond those we have
made to comply with the HIPAA regulations. HHS has also adopted security regulations designed to protect
member health information from unauthorized use or disclosure.
In addition, states have adopted regulations to implement provisions of the Financial Modernization Act of 1999
(also known as Gramm-Leach-Bliley Act (“GLBA”)) which generally require insurers to provide customers with
notice regarding how their non-public personal health and financial information is used and the opportunity to “opt
out” of certain disclosures before the insurer shares such information with a non-affiliated third party. In addition to
health insurance, the GLBA regulations apply to life and disability insurance. Like HIPAA, this law sets a “floor”
standard, allowing states to adopt more stringent requirements governing privacy protection. GLBA also gives
banks and other financial institutions the ability to affiliate with insurance companies, which may lead to new
competitors in the insurance and health benefits businesses.