Quest Diagnostics 2005 Annual Report Download - page 45

Download and view the complete annual report

Please find page 45 of the 2005 Quest Diagnostics annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 118

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118

laboratory. As a result of this affiliation between hospitals and community physicians, we compete against
hospital-affiliated laboratories primarily based on quality of service. Our failure to provide service superior to
hospital-affiliated laboratories and other laboratories could have a material adverse effect on our net revenues
and profitability.
Regulations requiring the use of “standard transactions’’ for healthcare services issued under the Health
Insurance Portability and Accountability Act of 1996, or HIPAA, may negatively impact our profitability
and cash flows.
Pursuant to the Health Insurance Portability and Accountability Act of 1996, or HIPAA, the Secretary of
the Department of Health and Human Services, or HHS, has issued final regulations designed to improve the
efficiency and effectiveness of the healthcare system by facilitating the electronic exchange of information in
certain financial and administrative transactions while protecting the privacy and security of the information
exchanged. Three principal regulations have been issued in final form: standards for electronic transactions,
security regulations and privacy regulations.
The HIPAA transaction standards are complex, and subject to differences in interpretation by payers. For
instance, some payers may interpret the standards to require us to provide certain types of information,
including demographic information not usually provided to us by physicians. While most of our transactions are
submitted and/or received in ANSI standard format, inconsistent application of transaction standards by some
remaining payers or our inability to obtain certain billing information not usually provided to us by physicians
could increase our costs and the complexity of billing. In addition, new requirements for additional standard
transactions, such as claims attachments, could prove technically difficult, time-consuming or expensive to
implement. We are working closely with our payers to establish acceptable protocols for claims submissions and
with our industry trade association and an industry coalition to present issues and problems as they arise to the
appropriate regulators and standards setting organizations.
Compliance with the HIPAA security regulations and privacy regulations may increase our costs.
The HIPAA privacy and security regulations, which became fully effective in April 2003 and April 2005,
respectively, establish comprehensive federal standards with respect to the uses and disclosures of protected
health information by health plans, healthcare providers and healthcare clearinghouses, in addition to setting
standards to protect the confidentiality, integrity and availability of protected health information. The regulations
establish a complex regulatory framework on a variety of subjects, including:
the circumstances under which uses and disclosures of protected health information are permitted or
required without a specific authorization by the patient, including but not limited to treatment purposes,
activities to obtain payments for our services, and our healthcare operations activities;
a patient’s rights to access, amend and receive an accounting of certain disclosures of protected health
information;
the content of notices of privacy practices for protected health information; and
administrative, technical and physical safeguards required of entities that use or receive protected health
information.
We have implemented practices to meet the requirements of the HIPAA privacy and security regulations, as
required by law. The privacy regulations establish a “floor’’ and do not supersede state laws that are more
stringent. Therefore, we are required to comply with both federal privacy regulations and varying state privacy
laws. In addition, for healthcare data transfers from other countries relating to citizens of those countries, we
must comply with the laws of those other countries. The federal privacy regulations restrict our ability to use or
disclose patient-identifiable laboratory data, without patient authorization, for purposes other than payment,
treatment or healthcare operations (as defined by HIPAA), except for disclosures for various public policy
purposes and other permitted purposes outlined in the privacy regulations. The privacy and security regulations
provide for significant fines and other penalties for wrongful use or disclosure of protected health information,
including potential civil and criminal fines and penalties. Although the HIPAA statute and regulations do not
expressly provide for a private right of damages, we also could incur damages under state laws to private
parties for the wrongful use or disclosure of confidential health information or other private personal
information.
28