Cigna 2014 Annual Report Download - page 55

Download and view the complete annual report

Please find page 55 of the 2014 Cigna annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 182

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182

PART I
ITEM 1A. Risk Factors
services at a competitive cost. Further, because system development
If we fail to comply with applicable privacy, security,
projects are long-term in nature, they may be more costly than
and data laws, regulations and standards, our
expected to complete and may not deliver the expected benefits upon
business and reputation could be materially and
completion.
adversely affected.
In addition, our business is highly dependent upon our ability to The collection, maintenance, protection, use, transmission, disclosure
perform, in an efficient and uninterrupted fashion, necessary business and disposal of sensitive personal information are regulated at the
functions, such as claims processing and payment, internet support federal, state, international and industry levels and requirements are
and customer call centers, and processing new and renewal business. imposed on us by contracts with customers. In some cases, such laws,
Unavailability, cyber-attack or other failure of one or more of our rules and regulations also apply to our vendors and require us to
information technology or other systems could cause slower response obtain written assurances of their compliance with such requirements
times, resulting in claims not being processed as quickly as clients or or may hold us liable for any violations by our vendors. International
customers desire, decreased levels of client or customer service and laws, rules and regulations governing the use and disclosure of such
satisfaction, and harm to our reputation. Because our information information are generally more stringent than in the United States,
technology and other systems interface with and depend on third- and they vary from jurisdiction to jurisdiction.
party systems, we could experience service denials if demand for such
service exceeds capacity or a third-party system fails or experiences an These laws, rules and requirements are subject to change. Compliance
interruption. If sustained or repeated, such business interruptions, with new privacy and security laws, regulations and requirements may
systems failures or service denials could have material adverse effects result in increased operating costs, and may constrain or require us to
on our business, results of operations, financial condition and alter our business model or operations. For example, the HITECH
liquidity. amendments to HIPAA may further restrict our ability to collect,
disclose and use sensitive personal information and may impose
additional compliance requirements on our business. While we have
We may be subject to cyber-attacks. If we are unable
prepared for the transition to ICD-10, if unforeseen circumstances
to prevent or contain the effects of any such attacks,
arise, it is possible that we could be exposed to investigations and
we may suffer exposure to substantial liability,
allegations of noncompliance, which could have a material adverse
reputational harm, loss of revenue or other damages.
effect on our results of operations, financial position and cash flows.
Our business depends on our clients’ and customers’ willingness to In addition, if some providers continue to use ICD-9 codes on claims
entrust us with their health-related and other sensitive personal after the final implementation date, we will have to reject such claims,
information. Computer systems may be vulnerable to physical leading to claim resubmissions, increased call volume and provider
break-ins, computer viruses, programming errors, attacks by third and customer dissatisfaction. Further, providers may use ICD-10
parties or similar disruptive problems. As we increase the amount of codes differently than they used ICD-9 codes in the past, potentially
personal information that we store and share digitally, our exposure to resulting in lost revenues under risk adjustment. During the transition
these data security and related cybersecurity risks increases, including to ICD-10, certain claims processing and payment information we
the risk of undetected attacks, damage, loss or unauthorized disclosure have historically used to establish our reserves may not be reliable or
or access, and the cost of attempting to protect against these risks also available in a timely manner. If we do not adequately implement the
increases. We have implemented security technologies, processes and new ICD-10 coding set, or if providers in our network do not
procedures to protect consumer identity; however, there are no adequately transition to the new ICD-10 coding set, our results of
assurances that such measures will be effective against all types of operations, financial position and cash flows may be materially
breaches. adversely affected.
Events that negatively affect that trust, including failing to keep our
Effective prevention, detection and control systems
information technology systems and our clients’ and customers
are critical to maintain regulatory compliance and
sensitive information secure from attack, damage, loss or
prevent fraud and failure of these systems could
unauthorized disclosure or access, whether as a result of our action or
inaction or that of our business associates or vendors, could adversely
adversely affect us.
affect our reputation, membership and revenues and also expose us to Federal and state governments have made investigating and
mandatory disclosure to the media, litigation and other enforcement prosecuting health care and other insurance fraud and abuse a priority.
proceedings, material fines, penalties and/or remediation costs, and Fraud and abuse prohibitions encompass a wide range of activities,
compensatory, special, punitive and statutory damages, consent orders including kickbacks for referral of members, billing for unnecessary
and other adverse actions, any of which could adversely affect our medical services, improper marketing, and violations of patient
business, results of operations, financial condition or liquidity. privacy rights. The regulations and contractual requirements
applicable to us are complex and subject to change. In addition,
ongoing vigorous law enforcement, a highly technical regulatory
scheme and the Dodd-Frank Act legislation and related regulations
being adopted to enhance regulators’ enforcement powers and
whistleblower incentives and protections mean that our compliance
efforts in this area will continue to require significant resources.
CIGNA CORPORATION - 2014 Form 10-K 23