Health Net 2013 Annual Report Download - page 21

Download and view the complete annual report

Please find page 21 of the 2013 Health Net annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 178

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178

19
remains critical to the viability of these programs. Federal law permits the federal government to oversee and, in some
cases, to enact, regulations and other requirements that must be followed by states with respect to these programs.
Medicaid is administered at the federal level by CMS.In October 2011, CMS approved certain elements of California's
2011–2012 budget proposals to reduce Medi-Cal provider reimbursement rates as authorized by California Assembly
Bill 97 (AB 97). The elements approved by CMS included a 10 percent reduction in reimbursement rates for a number
of providers. DHCS had preliminarily indicated that the Medi-Cal managed care rate reductions could be effective
retroactive to July 1, 2011. However, according to the 2014 Medi-Cal estimates made public on January 10, 2014, the
AB 97 cuts applicable to Medi-Cal managed care plans became effective on October 1, 2013 and were not applied
retroactively. The AB 97 cuts are being applied to Medi-Cal managed care plans only on a prospective basis, beginning
October 1, 2013. The provisions of AB 97 did not have a material impact to our Health plan services premium revenue
for the year ended December 31, 2013.
See “Item 1A. Risk Factors—A significant reduction in revenues from the government programs in which we
participate or other changes to these programs could have a material adverse effect on our business, financial
condition or results of operations.
Privacy Regulations. The use, disclosure and maintenance of individually identifiable health information and
other data by our businesses is regulated by various laws at the federal, state and local level. These laws and regulations
are changed frequently by legislation or administrative interpretation. Most of those laws are derived from Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the privacy provisions in the federal Gramm-
Leach-Bliley Financial Modernization Act of 1999 (the “Gramm-Leach-Bliley Act”), although there are an increasing
number of state laws that require notification to individuals and regulatory authorities in the event of a security breach
and that specifically regulate the use and disclosure of social security numbers.
HIPAA and the implementing regulations that have been adopted in connection with it impose obligations for
group health plans and issuers of health insurance coverage (such as health insurers and health maintenance
organizations) relating to the privacy and security of protected health information including electronically transmitted
protected health information (collectively, “PHI”). These regulations, which relate to the privacy and security of PHI,
require Covered Entities, which are defined as health plans, health care clearinghouses and providers to:
comply with various requirements and restrictions related to the use, storage and disclosure of PHI,
adopt rigorous internal procedures to protect PHI,
create policies related to the privacy of PHI,
enter into specific written agreements with those entities that provide services to or on behalf of a Covered
Entity and use, disclose or maintain PHI in connection with these services (these entities are known as
“Business Associates”), and
notify individuals and regulatory authorities if PHI is compromised.
These regulations also establish significant criminal penalties and civil sanctions for non-compliance. Recent
developments in this area include the Health Information Technology for Economic and Clinical Health (“HITECH”)
Act, which was initially passed in 2009 and implemented on a rolling basis through subsequent rulemaking. The
HITECH Act expands the HIPAA rules for security and privacy safeguards, including enhanced enforcement, additional
limitations on use and disclosure of PHI and additional potential penalties for non-compliance. In addition, on January
17, 2013, the HHS issued a final rule (“Omnibus rule”) designed to strengthen the privacy and security protections for
health information established under HIPAA. The Omnibus rule modifies the HIPAA Privacy, Security and
Enforcement Rules and implements statutory amendments under the HITECH Act. The Omnibus rule enhances an
individual’s privacy protections, provides individuals new rights with respect to their health information, strengthens
the government’s ability to enforce the law, sets limits on how information is used and disclosed for marketing and
fundraising purposes and prohibits the sale of an individuals’ health information without their permission. The Omnibus
rule expanded the definition of which entities must be classified as a Business Associate and imposed on Business
Associates the same privacy and security standards for protecting PHI as imposed on Covered Entities. The Omnibus
rule is based on statutory changes under the HITECH Act, enacted as part of the American Recovery and Reinvestment
Act of 2009, and the Genetic Information Nondiscrimination Act of 2008 which clarifies that genetic information is
protected under the HIPAA Privacy Rule and prohibits most health plans from using or disclosing genetic information
for underwriting purposes. The final Omnibus Rule was effective on March 26, 2013. See “Item 1A. Risk Factors—If
we fail to comply with requirements relating to patient privacy and information security, including taking steps to
ensure that our business associates who obtain access to sensitive patient information maintain the privacy and security