United Healthcare 2014 Annual Report Download - page 15

Download and view the complete annual report

Please find page 15 of the 2014 United Healthcare annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 120

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120

HIPAA contain minimum standards for electronic transactions and code sets, and for the privacy and security of
protected health information. ICD-9, the current system of assigning codes to diagnoses and procedures
associated with hospital utilization in the United States is anticipated to be replaced by ICD-10 code sets on
October 1, 2015, and health plans and providers will be required to use ICD-10 codes for such diagnoses and
procedures for dates of services on or after such date.
The Health Information Technology for Economic and Clinical Health Act (HITECH) significantly expanded the
privacy and security provisions of HIPAA. HITECH imposes additional requirements on uses and disclosures of
health information; includes new contracting requirements for HIPAA business associate agreements; extends
parts of HIPAA privacy and security provisions to business associates; adds new federal data breach notification
requirements for covered entities and business associates and new reporting requirements to the U.S. Department
of Health and Human Services (HHS) and the Federal Trade Commission and, in some cases, to the local media;
strengthens enforcement and imposes higher financial penalties for HIPAA violations and, in certain cases,
imposes criminal penalties for individuals, including employees. In the conduct of our business, depending on the
circumstances, we may act as either a covered entity or a business associate. Federal consumer protection laws
may also apply in some instances to privacy and security practices related to personally identifiable information.
The use and disclosure of individually identifiable health data by our businesses is also regulated in some
instances by other federal laws, including the Gramm-Leach-Bliley Act (GLBA) or state statutes implementing
GLBA. These federal laws and state statutes generally require insurers to provide customers with notice
regarding how their non-public personal health and financial information is used and the opportunity to “opt out”
of certain disclosures before the insurer shares such information with a third-party, and generally require
safeguards for the protection of personal information. Neither the GLBA nor HIPAA privacy regulations preempt
more stringent state laws and regulations that may apply to us, as discussed below.
ERISA. The Employee Retirement Income Security Act of 1974, as amended (ERISA), regulates how our
services are provided to or through certain types of employer-sponsored health benefit plans. ERISA is a set of
laws and regulations that is subject to periodic interpretation by the U.S. Department of Labor (DOL) as well as
the federal courts. ERISA sets forth standards on how our business units may do business with employers who
sponsor employee benefit health plans, particularly those that maintain self-funded plans. Regulations established
by the DOL subject us to additional requirements for claims payment and member appeals under health care
plans governed by ERISA.
State Laws and Regulation
Health Care Regulation. Our insurance and HMO subsidiaries must be licensed by the jurisdictions in which
they conduct business. All of the states in which our subsidiaries offer insurance and HMO products regulate
those products and operations. The states require periodic financial reports and establish minimum capital or
restricted cash reserve requirements. The National Association of Insurance Commissioners (NAIC) has adopted
model regulations that, where implemented by states, require expanded governance practices and risk and
solvency assessment reporting. Most states have adopted these or similar measures to expand the scope of
regulations relating to corporate governance and internal control activities of HMOs and insurance companies. In
2014, the NAIC adopted the Risk Management and Own Risk and Solvency Assessment Model Act that requires
us to maintain a risk management framework and file a self-assessment report with state insurance regulators.
The first report will be filed with Connecticut, our lead regulator, in 2015, and annually thereafter. Certain states
have also adopted their own regulations for minimum MLRs with which health plans must comply. In addition, a
number of state legislatures have enacted or are contemplating significant reforms of their health insurance
markets, either independent of or to comply with or be eligible for grants or other incentives in connection with
Health Reform Legislation, which may affect our operations and our financial results.
Health plans and insurance companies are regulated under state insurance holding company regulations. Such
regulations generally require registration with applicable state departments of insurance and the filing of reports
13