Health Net 2014 Annual Report Download - page 50

Download and view the complete annual report

Please find page 50 of the 2014 Health Net annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 187

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187

48
effectively administer these programs, if we do not effectively adapt to changes to these programs, or if we experience a
significant reduction in revenues from these government programs, it could have a material adverse effect on our
business, financial condition or results of operations.” In addition, continued state and federal budgetary pressures
could cause new or higher levels of assessments or taxes for our commercial programs, such as surcharges on select fee-
for-service and capitated medical claims or premium taxes on insurance companies and HMOs, and could adversely
affect our results of operations. Moreover, any enrollment freeze or significant delay in reimbursement payment from
government programs in which we participate could adversely affect our business, financial condition, cash flows and
results of operations. For example, in the past, budget issues have led the State of California to delay certain of its
monthly Medicaid payments to us. Any such irregularity in the timing of these payments in future periods may
adversely impact our operating cash flow from quarter to quarter depending on the timing of such payments.
We must comply with requirements relating to patient privacy and information security, including requiring through
contract that business associates that handle certain information on our behalf comply with relevant privacy and
security requirements, including, but not limited to HIPAA.
We are subject to compliance obligations arising from laws and regulations governing certain Protected Health
Information (“PHI”) and Personal Information (“PI”) including but not limited to: the Health Insurance Portability and
Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009
(“HITECH Act”) and their respective implementing regulations; the Federal Trade Commission Act; federal regulations
governing substance abuse records; state privacy and security laws such as the California Confidentiality of Medical
Information Act (“CMIA”) and the California Online Privacy Protection Act (“CalOPPA”); and state breach notification
laws that require providing notification in the event of a breach of PI (such as Cal. Code § 1798.82). A variety of state
and federal regulators enforce these laws, including, but not limited to HHS, the Federal Trade Commission (“FTC”),
state attorneys general, and other state regulators. In addition, as our individual exchange business grows, we are
increasingly impacted by requirements under the Payment Card Industry (“PCI”) Data Security Standard, which is a
multifaceted security standard that is designed to protect credit card account data as mandated by payment card industry
entities.
HIPAA regulations, as amended, require health plans, clearinghouses and providers to, among other obligations:
comply with various requirements and restrictions related to the use, disclosure, storage, and transmission of PHI; adopt
rigorous internal policies and procedures to safeguard PHI; and enter into specific written agreements with business
associates that receive, transmit, use and/or create PHI on our behalf. HIPAA also established significant civil and
criminal sanctions for violations. These regulations expose us to liability for, among other things, violations of the
regulations by our business associates, including the third party vendors involved in our outsourcing projects. Other
state and federal laws and regulations, including some of the laws noted above, impose similar privacy and security
requirements.
The HITECH Act expanded HIPAA's requirements for security and privacy safeguards, including improved
enforcement, additional limitations on use and disclosure of PHI and additional potential penalties for violations, and
imposed notice obligations in the event of a breach of unsecured PHI.
The HITECH Act has been implemented on a rolling basis through subsequent rulemaking. On January 17, 2013,
the Office of Civil Rights (“OCR”) of HHS issued the omnibus final rule on HIPAA privacy, security, breach
notification and enforcement requirements under the HITECH Act, and a final regulation for required changes to the
HIPAA Privacy Rule for the Genetic Information Nondiscrimination Act. The omnibus final rule became effective on
March 26, 2013, with an applicable compliance date of September 23, 2013. Although our contracts with our business
associates require business associates to maintain the privacy and security of PHI and PI that we disclose to them, we
may have limited control over the actions and practices of our business associates. This risk increases as we contract
with third parties for the performance of additional services on our behalf. Compliance with HIPAA and state and
federal privacy and security laws and regulations has resulted in and may in the future result in significant costs to us
due to necessary systems changes, the development of new administrative processes and the effects of potential
noncompliance by us or our business associates. If we or our business associates fail to comply with requirements
relating to patient privacy and information security, such as applicable contractual requirements or the requirements
imposed through the laws and regulations referenced above, our reputation and business operations could be materially
adversely affected and our results of operation and financial condition could be adversely impacted.