United Healthcare 2012 Annual Report Download - page 29

Download and view the complete annual report

Please find page 29 of the 2012 United Healthcare annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 128

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128

Our facilities and systems and those of our third-party service providers may be vulnerable to privacy and
security incidents; security attacks and breaches; acts of vandalism or theft; computer viruses; coordinated
attacks by activist entities; emerging cybersecurity risks; misplaced or lost data; programming and/or human
errors; or other similar events. Emerging and advanced security threats, including coordinated attacks, require
additional layers of security which may disrupt or impact efficiency of operations.
Compliance with new privacy and security laws, regulations and requirements may result in increased operating
costs, and may constrain our ability to manage our business model. For example, final HHS regulations released
in January 2013 implementing the ARRA amendments to HIPAA may further restrict our ability to collect,
disclose and use sensitive personal information and may impose additional compliance requirements on our
business. In addition, HHS has announced that it will continue its audit program to assess HIPAA compliance
efforts by covered entities. Although we are not aware of HHS plans to audit any of our covered entities, an audit
resulting in findings or allegations of noncompliance could have a material adverse effect on our results of
operations, financial position and cash flows.
Noncompliance or findings of noncompliance with applicable laws, regulations or requirements, or the
occurrence of any privacy or security breach involving the misappropriation, loss or other unauthorized
disclosure of sensitive personal information, whether by us or by one of our third-party service providers, could
have a material adverse effect on our reputation and business, including mandatory disclosure to the media,
significant increases in the cost of managing and remediating privacy or security incidents and material fines,
penalties and litigation awards, among other consequences, any of which could have a material and adverse
effect on our results of operations, financial position and cash flows.
Our businesses providing PBM services face regulatory and other risks and uncertainties associated with
the PBM industry that may differ from the risks of our business of providing managed care and health
insurance products.
We provide PBM services through our OptumRx and UnitedHealthcare businesses. Each business is subject to
federal and state anti-kickback and other laws that govern their relationships with pharmaceutical manufacturers,
physicians, pharmacies, customers and consumers. OptumRx also conducts business as a mail order pharmacy
and specialty pharmacy, which subjects it to extensive federal, state and local laws and regulations. In addition,
federal and state legislatures regularly consider new regulations for the industry that could materially and
adversely affect current industry practices, including the receipt or disclosure of rebates from pharmaceutical
companies, the development and use of formularies, and the use of average wholesale prices. See Item 1,
“Business — Government Regulation” for a discussion of various federal and state laws and regulations
governing our PBM businesses.
Our PBM businesses would also be materially and adversely affected by an inability to contract on favorable
terms with pharmaceutical manufacturers and other suppliers, and could face potential claims in connection with
purported errors by our mail order or specialty pharmacies, including in connection with the risks inherent in the
packaging and distribution of pharmaceuticals and other health care products. Disruptions at any of our mail
order or specialty pharmacies due to an accident or an event that is beyond our control could affect our ability to
timely process and dispense prescriptions and could materially and adversely affect our results of operations,
financial position and cash flows.
In addition, our PBM businesses provide services to sponsors of health benefit plans that are subject to ERISA.
The DOL, which is the agency that enforces ERISA, could assert that the fiduciary obligations imposed by the
statute apply to some or all of the services provided by our PBM businesses even where our PBM businesses are
not contractually obligated to assume fiduciary obligations. In the event a court were to determine that fiduciary
obligations apply to our PBM businesses in connection with services for which our PBM businesses are not
contractually obligated to assume fiduciary obligations, we could be subject to claims for breaches of fiduciary
obligations or entering into certain prohibited transactions.
27