Health Net 2010 Annual Report Download - page 21

Download and view the complete annual report

Please find page 21 of the 2010 Health Net annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 197

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197

California Department of Health Care Services and Healthy Families is regulated by the Managed Risk Medical
Insurance Board. On May 1, 2010, our New Jersey Medicaid contract was transferred to an affiliate of United.
Prior to that transfer, our provision of administrative services to Health Net of New Jersey (one of the Acquired
Companies) pursuant to the United Administrative Services Agreements was subject to regulation by the New
Jersey Department of Human Services and Division of Medical Assistance and Health Services. Federal funding
remains critical to the viability of these programs, particularly in light of California’s state budget deficits.
Federal law permits the federal government to oversee and, in some cases, to enact, regulations and other
requirements that must be followed by California. Medicaid is administered at the federal level by CMS; CHIP is
administered by the Health Resources and Services Administration, another arm of the Department of Health and
Human Services.
Privacy Regulations. The use, disclosure and maintenance of individually identifiable health information
and other data by our businesses is regulated by various laws at the federal, state and local level. These laws and
regulations are changed frequently by legislation or administrative interpretation. Most of those laws are derived
from Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the privacy provisions in the
federal Gramm-Leach-Bliley Financial Modernization Act of 1999 (the “Gramm-Leach-Bliley Act”), although
there are an increasing number of state laws that require notification to individuals and regulatory authorities in
the event of a security breach and that specifically regulate the use and disclosure of social security numbers.
HIPAA and the implementing regulations that have been adopted in connection therewith impose
obligations for group health plans and issuers of health insurance coverage (such as health insurers and health
maintenance organizations) relating to the privacy and security of protected health information including
electronically transmitted protected health information (collectively, “PHI”). The regulations, which relate to the
privacy and security of PHI, require health plans, health care clearinghouses and providers to:
comply with various requirements and restrictions related to the use, storage and disclosure of PHI,
adopt rigorous internal procedures to protect PHI,
create policies related to the privacy of PHI,
enter into specific written agreements with business associates to whom PHI is disclosed, and
notify individuals and regulatory authorities if PHI is compromised.
The regulations also establish significant criminal penalties and civil sanctions for non-compliance. Recent
developments in this area include the Health Information Technology for Economic and Clinical Health
(“HITECH”) Act, which became fully effective in February, 2010. The HITECH Act expands the HIPAA rules
for security and privacy safeguards, including improved enforcement, additional limitations on use and
disclosure of PHI and additional potential penalties for non-compliance. See “Item 1A. Risk Factors—If we fail
to comply with requirements relating to patient privacy and information security, including taking steps to ensure
that our business associates who obtain access to sensitive patient information maintain its confidentiality, our
reputation and business operations could be materially adversely affected” for additional information about the
risks related to privacy and security breaches.
The Gramm-Leach-Bliley Act generally requires insurers to provide customers with notice regarding how
their personal health and financial information is used and the opportunity to “opt out” of certain disclosures
before the insurer shares non-public personal information with a non-affiliated third party. Like HIPAA, this law
sets a “floor” standard, allowing states to adopt more stringent requirements governing privacy protection.
ERISA. Most employee benefit plans are regulated by the federal government under the Employee
Retirement Income Security Act of 1974, as amended (“ERISA”). Employment-based health coverage is such an
employee benefit plan. ERISA is administered, in large part, by the U.S. Department of Labor (“DOL”). ERISA
contains disclosure requirements for documents that define the benefits and coverage. It also contains a provision
19