Express Scripts 2011 Annual Report Download - page 20

Download and view the complete annual report

Please find page 20 of the 2011 Express Scripts annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 108

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108

Express Scripts 2011 Annual Report
18
13
Other statutes and regulations affect our home delivery operations, including the federal and state anti-kickback
laws and the federal civil monetary penalty law described above. Federal and state statutes and regulations govern the
labeling, packaging, advertising and adulteration of prescription drugs and the dispensing of controlled substances. The
Federal Trade Commission requires mail order sellers of goods generally to engage in truthful advertising, to stock a
reasonable supply of the product to be sold, to fill mail orders within thirty days, and to provide clients with refunds when
appropriate. The United States Postal Service has statutory authority to restrict the delivery of drugs and medicines through
the mail to a degree that could have an adverse effect on our home delivery operations.
Other Licensure Laws. Many states have licensure or registration laws governing certain types of managed care
organizations, including preferred provider organizations, third party administrators, and companies that provide utilization
review services. The scope of these laws differs from state to state, and the application of such laws to the activities of
PBMs often is unclear. We have registered under such laws in those states in which we have concluded that such
registration is required. Because of increased regulatory requirements on some of our managed care clients affecting prior
authorization of drugs before coverage is approved, we have obtained utilization review licenses in selected states through
our subsidiary, ESI Utilization Management Company. Moreover, we have received full accreditation for URAC Pharmacy
Benefit Management version 2.0 Standards, which includes quality standards for drug utilization management. In addition,
accreditation agencies’ requirements for managed care organizations such as the National Committee on Quality Assurance,
and Medicare Part D regulations for PDP and MA-PDPs may affect the services we provide to such organizations.
Legislation regulating PBM activities in a comprehensive manner has been and continues to be considered in a
number of states. In the past, certain organizations, such as the National Association of Insurance Commissioners
(―NAIC‖), an organization of state insurance regulators, have considered proposals to regulate PBMs and/or certain PBM
activities, such as formulary development and utilization management. While the actions of the NAIC would not have the
force of law, they may influence states to adopt model legislation that such organizations promulgate. Certain states have
adopted PBM registration and/or disclosure laws and we have registered under such laws and are complying with
applicable disclosure requirements. In addition to registration laws, some states have adopted legislation mandating
disclosure of various aspects of our financial practices, including those concerning pharmaceutical company revenue, as
well as prescribing processes for prescription switching programs, and client and provider audit terms. Other states are
considering similar legislation, and as more states consider these bills it will be difficult to manage the distinct requirements
of each.
HIPAA and Other Privacy Legislation. Most of our activities involve the receipt or use of confidential medical
information concerning individuals. In addition, we use aggregated and anonymized data for research and analysis purposes
and in some cases provide access to such data to pharmaceutical manufacturers and third party data aggregators. Various
federal and state laws, including the Health Insurance Portability and Accountability Act of 1996 (―HIPAA‖), regulate and
restrict the use, disclosure and security of confidential medical information and new legislation is proposed from time to
time in various states.
The HHS privacy and security regulations included as part of HIPAA impose restrictions on the use and disclosure
of individually identifiable health information by certain entities. The security regulations relate to the security of protected
health information when it is maintained or transmitted electronically. Other HIPAA requirements relate to electronic
transaction standards and code sets for processing of pharmacy claims. We are required to comply with certain aspects of
the privacy, security and transaction standard regulations under HIPAA. As part of the American Recovery and
Reinvestment Act signed into law on February 17, 2009, Congress adopted the Health Information Technology for
Economic and Clinical Health Act (―HITECH‖). HITECH significantly broadens many of the existing federal and security
requirements under HIPAA, and introduces more vigorous enforcement provisions and penalties for HIPAA violations.
Like many other companies subject to HIPAA, the HITECH standards may have significant operational and legal
consequences for our business.
We believe that we are in compliance in all material respects with HIPAA and other state privacy laws, to the
extent they apply to us. To date, no patient privacy laws have been adopted that materially impact our ability to provide
services, but there can be no assurance that federal or state governments will not enact legislation, impose restrictions or
adopt interpretations of existing laws that could have a material adverse effect on our business and financial results.
In October of 2008, we received a letter from an unknown person or persons trying to extort money from the
company by threatening to expose millions of member records allegedly stolen from our system. The letter included
personal information of 75 members, including, in some instances, protected health information. Thereafter we became
aware of a small number of our clients who also received threatening letters which included personal information allegedly
stolen from our system. In late August of 2009, the perpetrator communicated with a law firm about the stolen records. In
this communication, the perpetrator provided personal data for approximately 800,000 members. We believe they were