LabCorp 2015 Annual Report Download - page 28

Download and view the complete annual report

Please find page 28 of the 2015 LabCorp annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 151

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151

Index
with its payers to establish acceptable protocols for claim submission and with its trade association and an industry coalition to present issues and problems
as they arise to the appropriate regulators and standards setting organizations.


The Company receives certain personal and financial information about its customers. In addition, the Company depends upon the secure transmission of
confidential information over public networks, including information permitting cashless payments. A compromise in the Companys security systems that
results in customer personal information being obtained by unauthorized persons or the Companys failure to comply with security requirements for financial
transactions could adversely affect the Companys reputation with its customers and others, as well as the Company’s results of operations, financial
condition and liquidity. It could also result in litigation against the Company and the imposition of fines and penalties.
                    

The Company believes that it is in compliance in all material respects with the current Transactions and Code Sets Rule. The Company implemented
Version 5010 of the HIPAA Transaction Standards and believes it has fully adopted the ICD-10-CM Code Set. Clinical laboratories are typically required to
submit healthcare claims with diagnosis codes to third party payers. The diagnosis codes must be obtained from the ordering physician. The failure of the
Company, third party payers or physicians to apply the new code set could have an adverse impact on reimbursement, days sales outstanding and cash
collections.
                     

The HIPAA privacy and security regulations, including the expanded requirements under HITECH, establish comprehensive standards with respect to the
use and disclosure of PHI by covered entities, in addition to setting standards to protect the confidentiality, integrity and security of PHI. The regulations
establish a complex regulatory framework on a variety of subjects, including:
the circumstances under which the use and disclosure of PHI are permitted or required without a specific authorization by the patient, including but
not limited to treatment purposes, activities to obtain payments for the Companys services, and its healthcare operations activities;
a patients rights to access, amend and receive an accounting of certain disclosures of PHI;
the content of notices of privacy practices for PHI;
administrative, technical and physical safeguards required of entities that use or receive PHI; and
the protection of computing systems maintaining electronic PHI.
The Company has implemented policies and procedures designed to comply with the HIPAA privacy and security requirements as applicable. The
privacy and security regulations establish a “floorand do not supersede state laws that are more stringent. Therefore, the Company is required to comply
with both additional federal privacy and security regulations and varying state privacy and security laws. In addition, for data transfers from and operations in
other countries, the Company may also be required to comply with the data privacy and security laws of those other countries. HIPAA restricts the Company’s
ability to use or disclose patient identifiable laboratory data, without patient authorization, for purposes other than payment, treatment or healthcare
operations (as defined by HIPAA), except for disclosures for various public policy purposes and other permitted purposes outlined in the privacy regulations.
HIPAA, as amended by HITECH, provides for significant fines and other penalties for wrongful use or disclosure of PHI in violation of the privacy and
security regulations, including potential civil and criminal fines and penalties.
If the Company does not comply with existing or new laws and regulations related to protecting the privacy and security of personal or health
information it could be subject to monetary fines, civil penalties or criminal sanctions. In addition, foreign, federal and state laws that protect the privacy and
security of patient information may be subject to enforcement and interpretations by various governmental authorities and courts resulting in complex
compliance issues. For example, the Company could incur damages under state laws pursuant to an action brought by a private party for the wrongful use or
disclosure of health information or other personal information and in Europe both criminal and administrative sanctions are possible for violation of national
implementations of the general data protection Directive 95/46/EC. In December 2015, the EU enacted a General Data Protection Regulation to replace
Directive 95/46/EC, which is expected to take effect at some point in 2018, and which has enhanced penalties for noncompliance. The Company is
evaluating its ability and the cost to comply with the new EU regulations, and as a result of that evaluation expects to make change to its business practices
and incur additional costs.
28