Aetna 2015 Annual Report Download - page 66

Download and view the complete annual report

Please find page 66 of the 2015 Aetna annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 168

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168

Annual Report- Page 60
Our use and disclosure of members’, customers’ and other constituents’ sensitive information is subject to
complex regulations at multiple levels. We would be adversely affected if we or our business associates or other
vendors fail to adequately protect members’, customers’ or other constituents’ sensitive information.
Our information systems are critical to the operation of our business. We collect, process, maintain, retain, evaluate,
utilize and distribute large amounts of personal health and financial information and other confidential and sensitive
data about our members, customers and other constituents in the ordinary course of our business. Some of our
information systems rely upon third party systems to accomplish these tasks. The use and disclosure of such
information is regulated at the federal, state and international levels, and these laws, rules and regulations are
subject to change and increased enforcement activity, such as the audit program implemented by HHS under
HIPAA. In some cases, such laws, rules and regulations also apply to our vendors and/or may hold us liable for any
violations by our vendors. International laws, rules and regulations governing the use and disclosure of such
information are generally more stringent than in the United States, and they vary from jurisdiction to jurisdiction.
Noncompliance with any privacy or security laws or regulations, or any security breach, cyber-attack or
cybersecurity breach, and any incident involving the theft, misappropriation, loss or other unauthorized disclosure
of, or access to, sensitive or confidential member information, whether by us, by one of our vendors or by another
third party, could require us to expend significant resources to remediate any damage, interrupt our operations and
damage our reputation, and could also result in investigations, regulatory enforcement actions, material fines and
penalties, loss of customers, litigation or other actions which could have a material adverse effect on our business,
brand, reputation, cash flows and operating results.
Our business depends on our members’ and customers’ willingness to entrust us with their health related and other
sensitive personal information. Events that negatively affect that trust, including failing to keep our information
technology systems and our members’ and customers’ sensitive information secure from significant attack, theft,
damage, loss or unauthorized disclosure or access, whether as a result of our action or inaction or that of our
business associates, vendors or other third parties, including our PBM services suppliers, could adversely affect our
reputation, membership and revenues and also expose us to mandatory disclosure to the media, litigation (including
class action litigation) and other enforcement proceedings, material fines, penalties and/or remediation costs, and
compensatory, special, punitive and statutory damages, consent orders, adverse actions against our licenses to do
business and/or injunctive relief, any of which could adversely affect our business, cash flows, operating results or
financial position. There can be no assurance that any such failure will not occur, or if any does occur, that we will
detect it or that it can be sufficiently remediated.
We are subject to retroactive adjustments to and/or withholding of certain premiums and fees, including as a
result of CMS RADV audits. We generally rely on health care providers to appropriately code claim submissions
and document their medical records. If these records do not appropriately support our risk adjusted premiums,
we may be required to refund premium payments to CMS.
Premiums and/or fees for Medicare members, certain federal government employee groups and Medicaid
beneficiaries are subject to retroactive adjustments and/or withholding by the federal and applicable state
governments. Our Public Exchange business, including amounts payable to us or payable by us under the Health
Care Reform premium stabilization programs and our risk adjustment and reinsurance data, also is subject to audit
by governmental authorities. CMS regularly audits our performance to determine our compliance with CMS’s
regulations and our contracts with CMS and to assess the quality of the services we provide to our Medicare
members.
CMS uses various payment mechanisms to allocate and adjust premium payments to our and other companies’
Medicare plans by considering the applicable health status of Medicare members as supported by information
prepared, maintained and provided by health care providers. We collect claim and encounter data from providers
and generally rely on providers to appropriately code their submissions to us and document their medical records,
including the diagnosis data submitted to us with claims. CMS pays increased premiums to Medicare Advantage
plans and PDPs for members who have certain medical conditions identified with specific diagnosis codes. Federal
regulators review and audit the providers’ medical records to determine whether those records support the related
diagnosis codes that determine the members’ health status and the resulting risk-adjusted premium payments to us.