This excerpt taken from the UNH 10-K filed Feb 11, 2009.
Our businesses providing PBM services are subject to federal and state regulations associated with the PBM industry and if we fail to comply with these regulations, our business, financial condition and results of operations could be materially adversely affected.
We provide PBM services through our Prescription Solutions and UnitedHealthcare businesses. Each business is subject to federal and state anti-kickback and other laws that govern their relationships with pharmaceutical manufacturers, customers and consumers. In addition, federal and state legislatures regularly consider new regulations for the industry that could adversely affect current industry practices, including the receipt or required disclosure of rebates from pharmaceutical companies. See Item 1, Business Government Regulation for a discussion of various federal and state laws and regulations governing our PBM businesses.
In the event a court were to determine that one of our PBM businesses acts as a fiduciary under ERISA, we could be subject to claims for alleged breaches of fiduciary obligations in implementation of formularies, preferred drug listings and drug management programs, contracting network practices, specialty drug distribution and other transactions. Our PBM businesses also conduct business as mail order pharmacies, which subjects them to extensive federal, state and local laws and regulations. The failure to adhere to these laws and regulations could expose our PBM subsidiaries to civil and criminal penalties.
In addition, we would be adversely affected by an inability to contract on favorable terms with pharmaceutical manufacturers and could face potential claims in connection with purported errors by our mail order pharmacies, including in connection with the risks inherent in the packaging and distribution of pharmaceuticals and other health care products. Further, our PBM businesses are subject to the Payment Card Industry Data Security Standards, which is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to protect customer account data as mandated by the credit card brands. The failure to adhere to such standards could expose our PBM subsidiaries to liability or impact their ability to process credit card transactions.