LabCorp 2014 Annual Report Download - page 28

Download and view the complete annual report

Please find page 28 of the 2014 LabCorp annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 128

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128

26
On February 6, 2014, CMS published final regulations that amend the HIPAA Privacy Rule to provide individuals (or their
personal representatives) with the right to receive copies of their test reports from laboratories subject to HIPAA, or to request
that copies of their test reports be transmitted to designated third parties with a compliance date of October 4, 2014. Previously
laboratories that were CLIA-certified or CLIA-exempt were not subject to the provision in the Privacy Rule that provides individuals
with the right of access to PHI. The HIPAA Privacy Rule amendment resulted in the preemption of a number of state laws that
prohibit a laboratory from releasing a test report directly to the individual. The Company revised its policies and procedures to
comply with these new access requirements and has updated its privacy notice to reflect individuals’ new access rights under this
final rule.
The total cost associated with the requirements of HIPAA and HITECH is not expected to be material to the Company’s
operations or cash flows. However, future regulations and interpretations of HIPAA and HITECH could impose significant costs
on the Company.
In addition to the federal HIPAA regulations described above, there are a number of state laws regarding the confidentiality
of medical information, some of which apply to clinical laboratories. These laws vary widely but they most commonly restrict the
use and disclosure of medical and financial information. In some cases, state laws are more restrictive and, therefore, are not
preempted by HIPAA. Penalties for violation of these laws may include sanctions against a laboratory's licensure, as well as civil
and/or criminal penalties. Violations of the HIPAA provisions could result in civil and/or criminal penalties, including significant
fines and up to 10 years in prison. HITECH also significantly strengthened HIPAA enforcement by increasing the civil penalty
amounts that may be imposed, requiring HHS to conduct periodic audits to confirm compliance and authorizing state attorneys
general to bring civil actions seeking either injunctions or damages in response to violations of the HIPAA privacy and security
regulations that affect the privacy of state residents. Additionally, numerous other countries have or are developing similar laws
governing the collection, use, disclosure and transmission of personal or patient information.
The administrative simplification provisions of HIPAA mandate the adoption of standard unique identifiers for health care
providers. The intent of these provisions is to improve the efficiency and effectiveness of the electronic transmission of health
information. The National Provider Identification rule requires that all HIPAA-covered health care providers, whether they are
individuals or organizations, must obtain a National Provider Identifier (“NPI”) to identify themselves in standard HIPAA
transactions. NPI replaces the unique provider identification number - as well as other provider numbers previously assigned by
payers and other entities - for the purpose of identifying providers in standard electronic transactions. The Company believes that
it is in compliance with the HIPAA National Provider Identification Rule in all material respects.
The standard unique employer identifier regulations require that employers have standard national numbers that identify them
on standard transactions. The Employer Identification Number (also known as a Federal Tax Identification Number) issued by the
Internal Revenue Service was selected as the identifier for employers and was adopted effective July 30, 2002. The Company
believes it is in compliance with these requirements.
The Company believes that it is in compliance in all material respects with the current Transactions and Code Sets Rule. The
Company implemented Version 5010 of the HIPAA Transaction Standards and is within the testing and implementation phase of
the rule to adopt the ICD-10-CM code set. The compliance date for ICD-10-CM is October 1, 2015. The costs associated with
ICD-10-CM Code Set were substantial, and failure of the Company, third party payers or physicians to transition within the required
timeframe could have an adverse impact on reimbursement, days sales outstanding and cash collections. As a result of inconsistent
application of transaction standards by payers or the Company’s inability to obtain certain billing information not usually provided
to the Company by physicians, the Company could face increased costs and complexity, a temporary disruption in receipts and
ongoing reductions in reimbursements and net revenues.
The Company believes it is in compliance in all material respects with the Operating Rules for electronic funds transfers and
remittance advice transactions, for which the compliance date was January 1, 2014.
Fraud and Abuse Laws and Regulations
Existing federal laws governing federal health care programs, including Medicare and Medicaid, as well as similar state laws,
impose a variety of broadly described fraud and abuse prohibitions on health care providers, including clinical laboratories. These
laws are interpreted liberally and enforced aggressively by multiple government agencies, including the U.S. Department of Justice,
HHS’ Office of Inspector General ("OIG"), and various state agencies. Historically, the clinical laboratory industry has been the
focus of major governmental enforcement initiatives. The federal government's enforcement efforts have been increasing over the
past decade, in part as a result of the enactment of HIPAA, which included several provisions related to fraud and abuse enforcement,
including the establishment of a program to coordinate and fund federal, state and local law enforcement efforts. The Deficit