Health Net 2014 Annual Report Download - page 51

Download and view the complete annual report

Please find page 51 of the 2014 Health Net annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 187

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187

49
If we or our business associates that handle certain information on our behalf fail to comply with requirements
relating to patient privacy and information security, among other things, our reputation and business operations
could be materially adversely affected.
The collection, maintenance, use, disclosure and disposal of individually identifiable information or data,
including PHI and cardholder data, by our businesses are regulated at the federal and state levels, and in some cases are
subject to contractual requirements. Despite the privacy and security measures we have in place to ensure compliance
with applicable laws, regulations and contractual requirements, our facilities and systems, and those of our third party
vendors and service providers, are vulnerable to privacy and security incidents including, but not limited to, computer
hacking, breaches, acts of vandalism or theft, computer viruses or other forms of cyber-attack, misplaced or lost data,
programming and/or human errors or other similar events. For additional details on the types of information we process
and store, and the applicable laws, rules and regulations see the risk factor under the heading “—We must comply with
requirements relating to patient privacy and information security, including requiring through contract that business
associates that handle certain information on our behalf comply with relevant privacy and security requirements,
including, but not limited to HIPAA.”
A party, whether internal or external, that is able to circumvent our security systems could, among other things,
misappropriate or misuse sensitive or confidential information (including but not limited to PHI, cardholder data and
other member information), user information or other proprietary information, cause significant interruptions in our
operations and cause all or portions of our website to be unavailable. Internal or external parties may attempt to
circumvent our security systems, and we have in the past, and expect that we will in the future, experience external
attacks on our network, such as, for example, reconnaissance probes, denial of service attempts, malicious software
attacks and phishing attacks. We have expended significant resources to protect against such attacks, detect if and when
attacks occur, respond to these attempted attacks and recover the enterprise to regular operations, and we expect to
continue to do so in the future. Any reductions in the availability of our website could impair our ability to conduct our
business and adversely impact our members during the occurrence of any such incident.
Because the techniques used to circumvent security systems can be highly sophisticated and change frequently,
often are not recognized until launched against a target and may originate from less regulated and remote areas around
the world, we may be unable to proactively address all possible techniques or implement adequate preventive measures
for all situations. Recent, well-publicized attacks on prominent companies, including in our industry, have resulted in
the theft of significant amounts of sensitive and personal information and demonstrate the sophistication of the
perpetrators and magnitude of the threat posed to companies across the nation, including the health care industry. In
addition, in November 2014 we announced that we entered into a master services agreement with Cognizant for the
performance of a significant portion of our business process and information technology activities, subject to regulatory
approval of the transaction. The Cognizant transaction will require us to devote significant resources to transition from
our existing systems infrastructure and relocate to a new data center, and if we are unable to successfully execute and
manage this transition, the movement of data during the transition may enhance the information management and data
security risks we currently face. For additional details on the Cognizant transaction and associated risks, see the risk
factor under the heading “—We are subject to a number of risks in connection with our decision to enter into a master
services agreement with Cognizant for the performance of a significant portion of our business process and information
technology activities.”
Noncompliance with any privacy laws or data security laws or any security incident or breach involving the
misappropriation, loss or other unauthorized use or disclosure of sensitive or confidential member information, whether
by us, one of our business associates or another third party, could have a material adverse effect on our business,
reputation, financial condition and results of operations, including but not limited to: material fines and penalties;
compensatory, special, punitive, and statutory damages; litigation; consent orders regarding our privacy and security
practices; requirements that we provide notices, credit monitoring services and/or credit restoration services or other
relevant services to impacted individuals; adverse actions against our licenses to do business; and injunctive relief.
Additionally, the costs incurred to remediate any data security or privacy incident could be substantial.
If we fail to effectively maintain our information management systems, it could adversely affect our business.
Our business depends significantly on effective and efficient information systems. The information gathered and
processed by our information management systems assists us in, among other things, pricing our services, monitoring
utilization and other cost factors, processing provider claims, billing our customers on a timely basis and identifying
accounts for collection. Our customers and providers also depend upon our information systems for membership
verification, claims status and other information. We have different information systems for our various businesses and