Aetna 2015 Annual Report Download - page 38

Download and view the complete annual report

Please find page 38 of the 2015 Aetna annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 168

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168

Annual Report- Page 32
The HIPAA privacy regulations do not preempt more stringent state laws and regulations that may apply to us and
other Covered Entities, including laws that place stricter controls on the release of information relating to specific
diseases or conditions and requirements to notify members of unauthorized release or use of or access to PHI.
Complying with additional state requirements requires us to make additional investments beyond those we have
made to comply with the HIPAA regulations. HHS also has adopted security regulations designed to protect
member health information from unauthorized use or disclosure. HHS has begun to audit health plans, providers
and other parties to enforce HIPAA compliance, including with respect to data security.
The HIPAA privacy regulations provide patients with rights to understand and control how their health information
is used. States also have adopted regulations to implement provisions of the Financial Modernization Act of 1999
(also known as Gramm-Leach-Bliley Act (“GLBA”)) which generally require insurers to provide customers with
notice regarding how their non-public personal health and financial information is used and the opportunity to “opt
out” of certain disclosures before the insurer shares such information with a non-affiliated third party. The GLBA
regulations apply to health, life and disability insurance. Like HIPAA, GLBA sets a “floor” standard, allowing
states to adopt more stringent requirements governing privacy protection.
In December 2015 the Cybersecurity Information Sharing Act of 2015 (“CISA”) was enacted. CISA encourages
organizations to share cyber threat indicators with the federal government and, among other things, directs HHS to
develop a set of voluntary cybersecurity best practices for organizations in the health care industry. In addition,
states have begun to enact more comprehensive privacy laws and regulations addressing consumer rights to data
protection or transparency. The widely-reported large scale U.S. commercial data breaches during 2014 and 2015
increase the likelihood that additional data security legislation will be considered in 2016. These legislative and
regulatory developments will impact the design and operation of our businesses, including the consumer business
we are creating, our privacy and security strategy and our web-based and mobile assets.
Other Legislative Initiatives and Regulatory Initiatives
In addition to the Health Care Reform, HIPAA and ARRA measures discussed above, the U.S. federal and state
governments, as well as governments in other countries where we do business, continue to enact and seriously
consider many other broad-based legislative and regulatory proposals that have had a material impact on or could
materially impact various aspects of the health care and related benefits system. For example:
Under the Budget Control Act of 2011 (the “BCA”) and the American Taxpayer Relief Act of 2012 (the
“ATRA”) automatic across-the-board budget cuts (also known as “sequestration”) began in March 2013,
including Medicare spending cuts of not more than 2% of total program costs per year through 2024. We
project that CMS’s Medicare Advantage benchmark payment rates for 2016 will increase funding for our
Medicare Advantage businesses by 1% in 2016 compared to 2015. This 2016 rate increase only partially
offsets the challenge we face from the impact of the increasing cost of medical care and the HIF. Significant
uncertainty remains as to whether and how the Congress will proceed with actions that create additional
federal revenue and/or with entitlement reform. We cannot predict future Medicare funding levels or the
impact that future federal budget actions or entitlement program reform, if it occurs, will have on our
business, operations or operating results, but the effects could be materially adverse, particularly on our
Medicare and/or Medicaid revenues, medical benefit ratios and operating results.
A number of states have enacted or introduced legislation or regulations requiring life insurers to take
additional steps to identify unreported deceased policyholders and make other changes to their claim
payment and related escheat practices. For additional information on these life insurance matters, refer to
“Life and Disability Insurance” beginning on page 40.
Other significant legislative and/or regulatory measures which are or recently have been under consideration
include the following:
Restricting our ability to limit providers’ participation in our networks and/or remove providers from our
networks by imposing network adequacy requirements or otherwise (including in our Medicare, Public
Exchange and other Commercial products).
Requiring standardized Public Exchange products.