McKesson 2013 Annual Report Download - page 20

Download and view the complete annual report

Please find page 20 of the 2013 McKesson annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 128

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128

14
McKESSON CORPORATION
Privacy: State, federal and foreign laws regulate the confidentiality of sensitive personal information, how that
information may be used, and the circumstances under which such information may be released. These regulations govern the
disclosure and use of confidential personal and patient medical record information and require the users of such information
to implement specified privacy and security measures. Regulations currently in place, including regulations governing
electronic health data transmissions, continue to evolve and are often unclear and difficult to apply. Although we modified
our policies, procedures and systems to comply with the current requirements of applicable state, federal and foreign laws,
including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information
Technology for Economic and Clinical Health (“HITECH”) Act portion of the American Recovery and Reinvestment Act of
2009, new laws and regulations in this area could restrict the ability of our customers to obtain, use or disseminate personal or
patient information, or it could require us to incur significant additional costs to re-design our products in a timely manner,
either of which could have a material adverse impact on our results of operations. In addition, the HITECH Act expanded
HIPAA privacy and security requirements and increased financial penalties for violations. It also extended certain provisions
of the federal privacy and security standards to us in our capacity as a business associate of our payer and provider customers.
These standards may be interpreted by a regulatory authority in a manner that could require us to make a material change to
our operations. Furthermore, our failure to maintain confidentiality of sensitive personal information in accordance with
applicable regulatory requirements could expose us to breach of contract claims, fines and penalties, costs for remediation and
harm to our reputation.
Health Care Reform: The Affordable Care Act significantly expanded health insurance coverage to uninsured
Americans and changed the way health care is financed by both governmental and private payers. While certain provisions of
the Affordable Care Act took effect immediately, others have delayed effective dates. We do not currently anticipate that the
Affordable Care Act or any resulting federal and state healthcare reforms will have a material impact on our business,
financial condition and results of operations. However, given the scope of the changes made and under consideration, as well
as the uncertainties associated with implementation of healthcare reforms, we cannot predict their full effect on the Company
at this time.
Interoperability Standards: There is increasing demand among customers, industry groups and government authorities
that healthcare software and systems provided by various vendors be compatible with each other. This need for
interoperability is leading to the development of standards by various groups, and certain federal and state agencies are also
developing standards that could become mandatory for systems purchased by these agencies. For example, the HITECH Act
requires meaningful use of “certified” healthcare information technology products by healthcare providers in order to receive
stimulus funds from the federal government, and CMS has issued rules defining meaningful use criteria. These rules are
subject to interpretation by the entities designed to certify such technology and also may be changed or supplemented by the
federal government in the future. A combination of our solutions has been certified as meeting the initial meaningful use
criteria, and we plan to seek certification for meeting additional meaningful use criteria. However, we may incur increased
development costs and delays in upgrading our customer software and systems to be in compliance with these varying and
evolving rules. In addition, these new rules may lengthen our sales and implementation cycle and we may incur costs in
periods prior to the corresponding recognition of revenue. To the extent these rules are narrowly construed, subsequently
changed or supplemented, or that we are delayed in achieving certification under these evolving rules for applicable products,
our customers may postpone or cancel their decisions to purchase or implement our software and systems.
FDA Regulation of Medical Software: The FDA has increasingly focused on the regulation of medical software,
computer products and computer-assisted products as medical devices under the federal Food, Drug and Cosmetic Act. For
example, effective April 18, 2011, the FDA issued a new rule regulating certain computer data systems as medical devices. If
the FDA chooses to regulate any of our products as medical devices, it can impose extensive requirements upon us. If we fail
to comply with the applicable requirements, the FDA could respond by imposing fines, injunctions or civil penalties,
requiring recalls or product corrections, suspending production, refusing to grant pre-market clearance of products,
withdrawing clearances and initiating criminal prosecution. Any additional FDA regulations governing computer products,
once issued, may increase the cost and time to market new or existing products or may prevent us from marketing our
products.