Health Net 2010 Annual Report Download - page 43

Download and view the complete annual report

Please find page 43 of the 2010 Health Net annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 197

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197

Our implementation of the requirements of the ACA could require the expenditure of significant resources.
Furthermore, CMS has adopted a new coding set for diagnoses, commonly referred to as ICD-10, which
significantly expands the number of codes utilized. The new ICD-10 coding set is currently required to be
implemented by October, 2013. In addition, HHS has mandated new standards in the electronic transmission of
healthcare transactions, including claims, remittance, eligibility, claims status requests and related responses, and
privacy and security standards, known as HIPAA 5010. Compliance with the new HIPAA 5010 electronic data
transaction standards is required by 2012. In 2010, we began implementing these requirements, and we may be
required to incur significant additional expenses in the future in order to implement the new coding set,
transaction standards and ACA requirements. Furthermore, if we do not adequately implement ICD-10, HIPAA
5010, and the ACA, our results of operations, financial condition and cash flows could be materially adversely
affected.
We are working towards becoming a premier e-business organization by enhancing and modernizing
interactions with customers, brokers, agents, providers, employees and other stakeholders through web-enabled
technology, among other things. Our failure to maintain successful e-business capabilities could result in
competitive and cost disadvantages for us as compared to our competitors.
We must comply with requirements relating to patient privacy and information security, including taking
steps to ensure compliance by our business associates with HIPAA.
In December 2000, the Department of Health and Human Services issued final regulations to implement the
provisions of HIPAA related to the privacy of protected health information (“PHI”). The Department of Health
and Human Services issued final regulations under HIPAA relating to the security of electronic PHI in February,
2003. These regulations, as amended, require health plans, clearinghouses and providers to, among other
obligations: comply with various requirements and restrictions related to the use, disclosure, storage, and
transmission of PHI; adopt rigorous internal policies and procedures to safeguard PHI; and enter into specific
written agreements with business associates that receive, use and/or create PHI on our behalf. HIPAA also
established significant civil and criminal sanctions for violations. These regulations could expose us to liability
for, among other things, violations of the regulations by our business associates, including the third party vendors
involved in our outsourcing projects. The Health Information Technology for Economic and Clinical Health Act
(the “HITECH Act”), which became fully effective in February 2010, expanded HIPAA’s requirements for
security and privacy safeguards, including improved enforcement, additional limitations on use and disclosure of
PHI and additional potential penalties for violations, and imposed notice obligations in the event of a breach of
unsecured PHI. Although our contracts with our business associates provide for protections of PHI by our
business associates, we may have limited control over the actions and practices of our business associates.
Compliance with HIPAA and other state and federal privacy and security laws and regulations may result in cost
increases due to necessary systems changes, the development of new administrative processes and the effects of
potential noncompliance by us or our business associates. See also “—If we fail to comply with requirements
relating to patient privacy and information security, including taking steps to ensure that our business associates
who obtain access to sensitive patient information maintain the privacy and security of such information, our
reputation and business operations could be materially adversely affected.
If we fail to comply with requirements relating to patient privacy and information security, including taking
steps to ensure that our business associates who obtain access to sensitive patient information maintain the
privacy and security of such information, our reputation and business operations could be materially
adversely affected.
The collection, maintenance, use, disclosure and disposal of individually identifiable data by our businesses are
regulated at the federal and state levels. See “Item 1. Business—Government Regulation” for additional information
on the federal and state laws and regulations that govern how we conduct our business.Despite the security
measures we have in place to ensure compliance with applicable laws and regulations, our facilities and systems,
and those of our third party vendors and service providers, are vulnerable to security breaches, acts of vandalism or
41