United Healthcare 2014 Annual Report Download - page 25

Download and view the complete annual report

Please find page 25 of the 2014 United Healthcare annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 120

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120

HIPAA imposed further restrictions on our ability to collect, disclose and use sensitive personal information and
imposed additional compliance requirements on our business. While we have prepared for the transition to ICD-
10 as a HIPAA-regulated entity, if unforeseen circumstances arise, it is possible that we could be exposed to
investigations and allegations of noncompliance, which could have a material adverse effect on our results of
operations, financial position and cash flows. In addition, if some providers continue to use ICD-9 codes on
claims after October 1, 2015, we will have to reject such claims, which may lead to claim resubmissions,
increased call volume and provider and customer dissatisfaction. Further, providers may use ICD-10 codes
differently than they used ICD-9 codes in the past, which could result in lost revenues under risk adjustment.
During the transition to ICD-10, certain claims processing and payment information we have historically used to
establish our reserves may not be reliable or available in a timely manner.
Many of our businesses are also subject to the Payment Card Industry Data Security Standard, which is a
multifaceted security standard that is designed to protect credit card account data as mandated by payment card
industry entities.
HIPAA requires business associates as well as covered entities to comply with certain privacy and security
requirements. While we provide for appropriate protections through our contracts with our third-party service
providers and in certain cases assess their security controls, we have limited oversight or control over their
actions and practices. Several of our businesses act as business associates to their covered entity customers and,
as a result, collect, use, disclose and maintain sensitive personal information in order to provide services to these
customers. HHS has announced that it will continue its audit program to assess HIPAA compliance efforts by
covered entities and expand it to include business associates. An audit resulting in findings or allegations of
noncompliance could have a material adverse effect on our results of operations, financial position and cash
flows.
Through our Optum businesses, including our Optum Labs business, we maintain a database of administrative
and clinical data that is statistically de-identified in accordance with HIPAA standards. Noncompliance or
findings of noncompliance with applicable laws, regulations or requirements, or the occurrence of any privacy or
security breach involving the misappropriation, loss or other unauthorized disclosure of sensitive personal
information, whether by us or by one of our third-party service providers, could have a material adverse effect on
our reputation and business, including mandatory disclosure to the media, loss of existing or new customers,
significant increases in the cost of managing and remediating privacy or security incidents, and material fines,
penalties and litigation awards, among other consequences, any of which could have a material and adverse
effect on our results of operations, financial position and cash flows.
Our businesses providing PBM services face regulatory and other risks and uncertainties associated with
the PBM industry that may differ from the risks of our business of providing managed care and health
insurance products.
We provide PBM services through our OptumRx and UnitedHealthcare businesses. Each business is subject to
federal and state anti-kickback and other laws that govern the relationships of the business with pharmaceutical
manufacturers, physicians, pharmacies, customers and consumers. OptumRx also conducts business as a home
delivery pharmacy and specialty pharmacy, which subjects it to extensive federal, state and local laws and
regulations. In addition, federal and state legislatures regularly consider new regulations for the industry that
could materially and adversely affect current industry practices, including the receipt or disclosure of rebates
from pharmaceutical companies, the development and use of formularies, and the use of average wholesale
prices.
Our PBM businesses would be materially and adversely affected by our inability to contract on favorable terms
with pharmaceutical manufacturers and other suppliers, and could face potential claims in connection with
purported errors by our home delivery or specialty pharmacies, including in connection with the risks inherent in
the packaging and distribution of pharmaceuticals and other health care products. Disruptions at any of our home
23