Humana 2015 Annual Report Download - page 37
Download and view the complete annual report
Please find page 37 of the 2015 Humana annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27 -
28 -
29 -
30 -
31 -
32 -
33 -
34 -
35 -
36 -
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46 -
47 -
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
 |
 |
29
administrative provisions directed at simplifying electronic data interchange through standardizing transactions,
establishing uniform health care provider, payer, and employer identifiers, and seeking protections for confidentiality
and security of patient data. The rules do not provide for complete federal preemption of state laws, but rather preempt
all inconsistent state laws unless the state law is more stringent.
These regulations set standards for the security of electronic health information. Violations of these rules could
subject us to significant criminal and civil penalties, including significant monetary penalties. Compliance with HIPAA
regulations requires significant systems enhancements, training and administrative effort. HIPAA can also expose us
to additional liability for violations by our business associates (e.g., entities that provide services to health plans and
providers).
The HITECH Act, one part of the American Recovery and Reinvestment Act of 2009, significantly broadened the
scope of the privacy and security regulations of HIPAA. Among other requirements, the HITECH Act and HIPAA
mandate individual notification in the event of a breach of unsecured, individually identifiable health information,
provides enhanced penalties for HIPAA violations, requires business associates to comply with certain provisions of
the HIPAA privacy and security rule, and grants enforcement authority to state attorneys general in addition to the HHS
Office of Civil Rights.
In addition, there are numerous federal and state laws and regulations addressing patient and consumer privacy
concerns, including unauthorized access or theft of personal information. State statutes and regulations vary from state
to state and could impose additional penalties. Violations of HIPAA or applicable federal or state laws or regulations
could subject us to significant criminal or civil penalties, including significant monetary penalties. Compliance with
HIPAA and other privacy regulations requires significant systems enhancements, training and administrative effort.
American Recovery and Reinvestment Act of 2009 (ARRA)
On February 17, 2009, the American Recovery and Reinvestment Act of 2009, or ARRA, was enacted into law.
In addition to including a temporary subsidy for health care continuation coverage issued pursuant to the Consolidated
Omnibus Budget Reconciliation Act, or COBRA, ARRA also expands and strengthens the privacy and security
provisions of HIPAA and imposes additional limits on the use and disclosure of protected health information, or
PHI. Among other things, ARRA requires us and other covered entities to report any unauthorized release or use of or
access to PHI to any impacted individuals and to the U.S. Department of Health and Human Services in those instances
where the unauthorized activity poses a significant risk of financial, reputational or other harm to the individuals, and
to notify the media in any states where 500 or more people are impacted by any unauthorized release or use of or access
to PHI. ARRA also requires business associates to comply with certain HIPAA provisions. ARRA also establishes
higher civil and criminal penalties for covered entities and business associates who fail to comply with HIPAA’s
provisions and requires the U.S. Department of Health and Human Services to issue regulations implementing its
privacy and security enhancements.
Corporate Practice of Medicine and Other Laws
As a corporate entity, Humana Inc. is not licensed to practice medicine. Many states in which we operate through
our subsidiaries limit the practice of medicine to licensed individuals or professional organizations comprised of licensed
individuals, and business corporations generally may not exercise control over the medical decisions of physicians.
Statutes and regulations relating to the practice of medicine, fee-splitting between physicians and referral sources, and
similar issues vary widely from state to state. Under management agreements between certain of our subsidiaries and
affiliated physician-owned professional groups, these groups retain sole responsibility for all medical decisions, as well
as for hiring and managing physicians and other licensed healthcare providers, developing operating policies and
procedures, implementing professional standards and controls, and maintaining malpractice insurance. We believe that
our health services operations comply with applicable state statutes regarding corporate practice of medicine, fee-
splitting, and similar issues. However, any enforcement actions by governmental officials alleging non-compliance
with these statutes, which could subject us to penalties or restructuring or reorganization of our business, may result
in a material adverse effect on our results of operations, financial position, or cash flows.