LabCorp 2014 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2014 LabCorp annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 128

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128

31
The costs associated with ICD-10-CM Code Set were substantial, and failure of the Company, third party payers or physicians to
transition within the required timeframe could have an adverse impact on reimbursement, days sales outstanding and cash
collections. As a result of inconsistent application of other transaction standards by payers or the Company’s inability to obtain
certain billing information not usually provided to the Company by physicians, the Company could face increased costs and
complexity, a temporary disruption in receipts and ongoing reductions in reimbursements and net revenues. The Company is
working closely with its payers to establish acceptable protocols for claim submission and with its trade association and an industry
coalition to present issues and problems as they arise to the appropriate regulators and standards setting organizations.
Failure to maintain the security of customer-related information or compliance with security requirements could damage
the Company’s reputation with customers, cause it to incur substantial additional costs and to become subject to litigation.
The Company receives certain personal and financial information about its customers. In addition, the Company depends upon
the secure transmission of confidential information over public networks, including information permitting cashless payments. A
compromise in the Company’s security systems that results in customer personal information being obtained by unauthorized
persons or the Company’s failure to comply with security requirements for financial transactions could adversely affect the
Company’s reputation with its customers and others, as well as the Company’s results of operations, financial condition and
liquidity. It could also result in litigation against the Company or the imposition of penalties.
Failure of the Company, third party payers or physicians to comply with the ICD-10-CM Code Set by the compliance date
of October 1, 2015, could negatively impact the Company's reimbursement, profitability and cash flow.
The Company believes that it is in compliance in all material respects with the current Transactions and Code Sets Rule. The
Company implemented Version 5010 of the HIPAA Transaction Standards, and is within the testing and implementation phase of
the rule to adopt the ICD-10-CM Code Set. The compliance date for ICD-10-CM is October 1, 2015. Clinical laboratories are
typically required to submit health care claims with diagnosis codes to third party payers. The diagnosis codes must be obtained
from the ordering physician. The failure of the Company, third party payers or physicians to transition within the required timeframe
could have an adverse impact on reimbursement, days sales outstanding and cash collections.
Compliance with the HIPAA security regulations and privacy regulations may increase the Company’s costs.
The HIPAA privacy and security regulations, including the expanded requirements under HITECH, establish comprehensive
federal standards with respect to the use and disclosure of protected health information by health plans, health care providers and
health care clearinghouses, in addition to setting standards to protect the confidentiality, integrity and security of protected health
information. The regulations establish a complex regulatory framework on a variety of subjects, including:
the circumstances under which the use and disclosure of protected health information are permitted or required without
a specific authorization by the patient, including but not limited to treatment purposes, activities to obtain payments for
the Company’s services, and its health care operations activities;
a patient’s rights to access, amend and receive an accounting of certain disclosures of protected health information;
the content of notices of privacy practices for protected health information;
administrative, technical and physical safeguards required of entities that use or receive protected health information;
and
the protection of computing systems maintaining ePHI.
The Company has implemented policies and procedures related to compliance with the HIPAA privacy and security regulations,
as required by law. The privacy and security regulations establish a “floor” and do not supersede state laws that are more stringent.
Therefore, the Company is required to comply with both federal privacy and security regulations and varying state privacy and
security laws. In addition, for health care data transfers from other countries relating to citizens of those countries, the Company
must comply with the laws of those other countries. The federal privacy regulations restrict the Company’s ability to use or disclose
patient identifiable laboratory data, without patient authorization, for purposes other than payment, treatment or health care
operations (as defined by HIPAA), except for disclosures for various public policy purposes and other permitted purposes outlined
in the privacy regulations. HIPAA, as amended by HITECH, provides for significant fines and other penalties for wrongful use
or disclosure of protected health information in violation of the privacy and security regulations, including potential civil and
criminal fines and penalties. Due to the enactment of HITECH, it is not possible to predict what the extent of the impact on business
will be; however, if the Company does not comply with existing or new laws and regulations related to protecting the privacy and
security of health information it could be subject to monetary fines, civil penalties or criminal sanctions. In addition, other federal
and state laws that protect the privacy and security of patient information may be subject to enforcement and interpretations by
various governmental authorities and courts resulting in complex compliance issues. For example, the Company could incur