Our delegated services and offerings with health plans could subject us to audits by health plans and governmental payors and increase our exposure to liabilities under federal and state health care fraud and abuse laws, including claims under the False Claims Act. Our contracts with health plans or qualified health plan (QHP) partners for delegated services obligate us and any contractors or agents we use for such delegated services to comply with additional regulatory and contractual requirements and standards as a delegated entity, [including 45 CFR Parts 155 and 156,] which increase our exposure to additional liabilities under health care fraud and abuse laws, require us to maintain a more robust healthcare compliance program, as well as obtain and comply with applicable licensing and credentialing requirements. We are subject to stringent regulatory and contractual oversight, including audits by our health plan partners, CMS, and other regulatory authorities. Negative results of any such audit could have a material adverse effect on our business, financial condition, results of operations or prospects and could damage our reputation. Changes in regulations, standards, and contractual obligations can increase our compliance costs, expose us to greater liability, or materially impact our profitability. In particular, entities that perform prior authorization and utilization management functions as a delegated entity are subject to additional federal and state requirements, including, but not limited to, credentialing, accreditation or licensing requirements and standards (such as requirements of the National Committee for Quality Assurance), state prior authorization laws, Medicare and Medicaid regulations, manuals and policies, and other federal and state laws and standards related to delegation, prior authorization, and utilization management. Health plans and other healthcare organizations that contract with delegated entities flow down extensive federal and state requirements to delegated entities, which can increase the cost of operations and exposure to potential liabilities for such delegated entities. Delegated entities are also subject to audits and oversight by healthcare plans as well as federal and state regulatory authorities. To the extent federal and state government programs or regulatory authorities change current laws, regulations or policies, or the prior authorization process and related requirements, such changes could impact our business operations. Complying with new regulatory requirements or changes to current regulations could be time-intensive and expensive, resulting in a material adverse effect on our business. If we or any third parties we may engage are slow or unable to adapt to changes in existing requirements or the adoption of new requirements or policies, or if we or such third parties are not able to maintain regulatory compliance, we may lose regulatory licensure or authorization for our products and services, be exposed to contractual liabilities, and we may not achieve or sustain profitability. Efforts to ensure compliance with applicable healthcare laws and regulations can involve substantial costs. Violations of healthcare laws can result in significant penalties, including the imposition of significant civil, criminal and administrative penalties, damages, monetary fines, disgorgement, individual imprisonment, possible exclusion from participation in Medicare, Medicaid and other U.S. healthcare programs, integrity oversight and reporting obligations, contractual damages, reputational harm, diminished profits and future earnings, and curtailment or restructuring of operations. If we fail to comply with applicable health information privacy and security laws and other state and federal privacy and security laws, we may be subject to significant liabilities, reputational harm and other negative consequences, including decreasing the willingness of current and potential customers to work with us. We are subject to data privacy and security regulation by both the federal government and the states in which we conduct our business. HIPAA established uniform federal standards for certain “covered entities,” which include certain healthcare providers, healthcare clearinghouses, and health plans, governing the conduct of specified electronic healthcare transactions and protecting the security and privacy of protected health information ("PHI"). The Health Information Technology for Economic and Clinical Health Act, "HITECH Act") which became effective on February 17, 2010, makes HIPAA’s security standards directly applicable to “business associates,” which are independent contractors or agents of covered entities that create, receive, maintain, or transmit PHI in connection with providing a service for or on behalf of a covered entity. The HITECH Act also increased the civil and criminal penalties that may be imposed against covered entities, business associates and certain other persons, and gave state attorneys general new authority to file civil actions for damages or injunctions in federal courts to enforce HIPAA’s requirements and seek attorney’s fees and costs associated with pursuing federal civil actions. - 55 -
RkJQdWJsaXNoZXIy NTIzOTM0