Health Net 2011 Annual Report Download - page 22

Download and view the complete annual report

Please find page 22 of the 2011 Health Net annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 307

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307

Privacy Regulations. The use, disclosure and maintenance of individually identifiable health information
and other data by our businesses is regulated by various laws at the federal, state and local level. These laws and
regulations are changed frequently by legislation or administrative interpretation. Most of those laws are derived
from Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the privacy provisions in the
federal Gramm-Leach-Bliley Financial Modernization Act of 1999 (the “Gramm-Leach-Bliley Act”), although
there are an increasing number of state laws that require notification to individuals and regulatory authorities in
the event of a security breach and that specifically regulate the use and disclosure of social security numbers.
HIPAA and the implementing regulations that have been adopted in connection therewith impose
obligations for group health plans and issuers of health insurance coverage (such as health insurers and health
maintenance organizations) relating to the privacy and security of protected health information including
electronically transmitted protected health information (collectively, “PHI”). The regulations, which relate to the
privacy and security of PHI, require health plans, health care clearinghouses and providers to:
comply with various requirements and restrictions related to the use, storage and disclosure of PHI,
adopt rigorous internal procedures to protect PHI,
create policies related to the privacy of PHI,
enter into specific written agreements with business associates to whom PHI is disclosed, and
notify individuals and regulatory authorities if PHI is compromised.
The regulations also establish significant criminal penalties and civil sanctions for non-compliance. Recent
developments in this area include the Health Information Technology for Economic and Clinical Health
(“HITECH”) Act, which became fully effective in February 2010. The HITECH Act expands the HIPAA rules
for security and privacy safeguards, including improved enforcement, additional limitations on use and
disclosure of PHI and additional potential penalties for non-compliance. See “Item 1A. Risk Factors—If we fail
to comply with requirements relating to patient privacy and information security, including taking steps to ensure
that our business associates who obtain access to sensitive patient information maintain the privacy and security
of such information, our reputation and business operations could be materially adversely affectedfor
additional information about the risks related to privacy and security breaches.
The Gramm-Leach-Bliley Act generally requires insurers to provide customers with notice regarding how
their personal health and financial information is used and, in certain circumstances, the opportunity to “opt out”
of certain disclosures before the insurer shares non-public personal information with a non-affiliated third party.
Like HIPAA, this law sets a “floor” standard, allowing states to adopt more stringent requirements governing
privacy protection.
ERISA. Most employee benefit plans are regulated by the federal government under the Employee
Retirement Income Security Act of 1974, as amended (“ERISA”). Employment-based health coverage is such an
employee benefit plan. ERISA is administered, in large part, by the U.S. Department of Labor. ERISA contains
disclosure requirements for documents that define the benefits and coverage. It also contains a provision that
causes federal law to preempt state law in the regulation and governance of certain benefit plans and employer
groups, including the availability of legal remedies under state law.
Other Federal Regulations. We must comply with, and are affected by, laws and regulations relating to the
award, administration and performance of U.S. Government contracts. Government contract laws and regulations
affect how we do business with our customers and, in some instances, impose added costs on our business. In
addition, because of our activities to support the MFLC contract and certain outsourcing arrangements we have
with third party vendors, we are also subject to the U.S. Foreign Corrupt Practices Act (“FCPA”) and similar
worldwide anti-corruption laws, including the U.K. Bribery Act of 2010, which generally prohibit companies and
their intermediaries from making improper payments to non-U.S. officials for the purpose of obtaining or
20