Humana 2013 Annual Report Download - page 39

Download and view the complete annual report

Please find page 39 of the 2013 Humana annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 168

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168

Care Reform Law that allowed individuals to remain in plans that are not compliant with the Health Care Reform
Law may have an adverse effect on our pool of participants in the health insurance exchange. All of these factors
may have a material adverse effect on our results of operations, financial position, or cash flows if our premiums
are not adequate or do not appropriately reflect the acuity of these individuals. Any variation from our
expectations regarding acuity, enrollment levels, adverse selection, or other assumptions used in setting premium
rates could have a material adverse effect on our results of operations, financial position, and cash flows.
Our business activities are subject to substantial government regulation. New laws or regulations, or
changes in existing laws or regulations or their manner of application, including reductions in Medicare
Advantage payment rates, could increase our cost of doing business and may adversely affect our business,
profitability, financial condition, and cash flows.
In addition to the Health Care Reform Law, the health care industry in general and health insurance are
subject to substantial federal and state government regulation:
Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for
Economic and Clinical Health Act (HITECH Act)
The use of individually identifiable health data by our business is regulated at federal and state levels. These
laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address
the use and maintenance of individually identifiable health data. Most are derived from the privacy provisions in
the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, or HIPAA.
HIPAA includes administrative provisions directed at simplifying electronic data interchange through
standardizing transactions, establishing uniform health care provider, payer, and employer identifiers, and
seeking protections for confidentiality and security of patient data. The rules do not provide for complete federal
preemption of state laws, but rather preempt all inconsistent state laws unless the state law is more stringent.
These regulations set standards for the security of electronic health information. Violations of these rules
could subject us to significant criminal and civil penalties, including significant monetary penalties. Compliance
with HIPAA regulations requires significant systems enhancements, training and administrative effort. HIPAA
can also expose us to additional liability for violations by our business associates (e.g., entities that provide
services to health plans and providers).
The HITECH Act, one part of the American Recovery and Reinvestment Act of 2009, significantly
broadened the scope of the privacy and security regulations of HIPAA. On January 17, 2013, HHS issued the
omnibus final rule on HIPAA privacy, security, breach notification requirements and enforcement requirements
under the HITECH Act, and a final regulation for required changes to the HIPAA Privacy Rule for the Genetic
Information Nondiscrimination Act, or GINA. The omnibus final rule became effective on March 26, 2013, with
a compliance date of September 23, 2013. Among other requirements, the HITECH Act and Omnibus final rule
mandates individual notification in the event of a breach of unsecured, individually identifiable health
information, provides enhanced penalties for HIPAA violations, requires business associates to comply with
certain provisions of the HIPAA privacy and security rule, and grants enforcement authority to states’ Attorney
Generals in addition to the HHS Office of Civil Rights.
In addition, there are numerous federal and state laws and regulations addressing patient and consumer
privacy concerns, including unauthorized access or theft of personal information. State statutes and regulations
vary from state to state and could impose additional penalties. Violations of HIPAA or applicable federal or state
laws or regulations could subject us to significant criminal or civil penalties, including significant monetary
penalties. Compliance with HIPAA and other privacy regulations requires significant systems enhancements,
training and administrative effort.
29