LabCorp 2015 Annual Report Download - page 22

Download and view the complete annual report

Please find page 22 of the 2015 LabCorp annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 151

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151

Index
were promulgated. These regulations apply to health plans, healthcare providers that conduct standard transactions electronically and healthcare
clearinghouses (covered entities). Five such regulations have been finalized: (i) the Transactions and Code Sets Rule; (ii) the Privacy Rule; (iii) the Security
Rule; (iv) the Standard Unique Employer Identifier Rule, which requires the use of a unique employer identifier in connection with certain electronic
transactions; and (v) the National Provider Identifier Rule, which requires the use of a unique healthcare provider identifier in connection with certain
electronic transactions.
The Company believes that it is in compliance in all material respects with the current Transactions and Code Sets Rule. The Company implemented
Version 5010 of the HIPAA Transaction Standards and believes it has fully adopted the ICD-10-CM code set. The costs associated with ICD-10-CM Code Set
were substantial, and failure of the Company, third party payers or physicians to apply the new code set could have had an adverse impact on reimbursement,
days sales outstanding and cash collections in 2015 and forward. While to date the Company has not experienced any sustained disruption in receipts or
indications of substantive reductions to reimbursement and net revenues related to the implementation of the ICD-10-CM code set, future application of
restrictive clinical or payment policies could negatively impact the Company. The Company believes it is in compliance in all material respects with
applicable laws and regulations for electronic funds transfers and remittance advice transactions.
The Privacy Rule regulates the use and disclosure of protected health information (PHI) by covered entities. It also sets forth certain rights that an
individual has with respect to his or her PHI maintained by a covered entity, such as the right to access or amend certain records containing PHI or to request
restrictions on the use or disclosure of PHI. The Privacy Rule requires covered entities to contractually bind third parties, known as business associates, in the
event that they perform an activity or service for or on behalf of the covered entity that involves access to PHI. The Company believes that it is in compliance
in all material respects with the requirements of the HIPAA Privacy Rule.
The Security Rule establishes requirements for safeguarding patient information that is electronically transmitted or electronically stored. The Company
believes that it is in compliance in all material respects with the requirements of the HIPAA Security Rule.
The U.S. Health Information Technology for Economic and Clinical Health Act (HITECH), which was enacted in February 2009, strengthens and expands
the HIPAA Privacy and Security Rules and their restrictions on use and disclosure of PHI. HITECH includes, but is not limited to, prohibitions on exchanging
PHI for remuneration and additional restrictions on the use of PHI for marketing. HITECH also fundamentally changes a business associateā€™s obligations by
imposing a number of Privacy Rule requirements and a majority of Security Rule provisions directly on business associates that were previously only directly
applicable to covered entities. Moreover, HITECH requires covered entities to provide notice to individuals, HHS, and, as applicable, the media when
unsecured PHI is breached, as that term is defined by HITECH. Business associates are similarly required to notify covered entities of a breach. The omnibus
HIPAA regulation implementing most of the HITECH provisions was issued in January 2013 and made significant changes to the HIPAA Privacy, Security,
Enforcement, and Breach Notification Rules. Compliance with most of the changes became required on September 23, 2013. The Company believes its
policies and procedures are fully compliant with the HITECH requirements.
On February 6, 2014, CMS and HHS published final regulations that amended the HIPAA Privacy Rule to provide individuals (or their personal
representatives) with the right to receive copies of their test reports from laboratories subject to HIPAA, or to request that copies of their test reports be
transmitted to designated third parties. Previously laboratories that were CLIA-certified or CLIA-exempt were not subject to the provision in the Privacy
Rule that provides individuals with the right of access to PHI. The HIPAA Privacy Rule amendment resulted in the preemption of a number of state laws that
prohibit a laboratory from releasing a test report directly to the individual. The Company revised its policies and procedures to comply with these new access
requirements and has updated its privacy notice to reflect individualsā€™ new access rights under this final rule.
The Standard Unique Employer Identifier Rule requires that employers have standard national numbers that identify them on standard transactions. The
Employer Identification Number (also known as a Federal Tax Identification Number) issued by the Internal Revenue Service was selected as the identifier for
employers and was adopted effective July 30, 2002. The Company believes it is in compliance with these requirements.
The administrative simplification provisions of HIPAA mandate the adoption of standard unique identifiers for healthcare providers. The intent of these
provisions is to improve the efficiency and effectiveness of the electronic transmission of health information. The National Provider Identifier Rule requires
that all HIPAA-covered healthcare providers, whether they are individuals or organizations, must obtain a National Provider Identifier (NPI) to identify
themselves in standard HIPAA transactions. NPI replaces the unique provider identification number and other provider numbers previously assigned by
payers and other entities - for the purpose of identifying providers in standard electronic transactions. The Company believes that it is in compliance with the
HIPAA National Provider Identification Rule in all material respects.
22