UnitedHealth Group (UNH)

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are subject to change by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data to the extent they are more restrictive than those contained in the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with any privacy proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

Market risk represents the risk of changes in the fair value of a financial instrument caused by changes in interest rates or equity prices. The Company’s primary market risk is exposure to changes in interest rates that could impact the fair value of our investments and long-term debt.

Approximately $11.3 billion of our investments at September 30, 2007 were debt securities. Assuming a hypothetical and immediate 1% increase or decrease in interest rates applicable to our fixed-income investment portfolio at September 30, 2007, the fair value of our fixed-income investments would decrease or increase by approximately $387 million. We manage our investment portfolio to limit our exposure to any one issuer or industry and largely limit our investments to U.S. Government and Agency securities, state and municipal securities, and corporate debt obligations that are investment grade.

To mitigate the financial impact of changes in interest rates, we have entered into interest rate swap agreements to more closely match the interest rates of our long-term debt with those of our cash equivalents and short-term investments. Including the impact of our interest rate swap agreements, approximately $6.4 billion of our commercial paper and debt had variable rates of interest and $1.7 billion had fixed rates as of September 30, 2007. A hypothetical 1% increase or decrease in interest rates would change the fair value of our debt by approximately $180 million.

At September 30, 2007, we had $382 million of equity investments, a portion of which were held in various public and non-public companies concentrated in the areas of health care delivery and related information technologies. Market conditions that affect the value of health care or technology stocks will likewise impact the value of our equity portfolio.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are subject to change by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data to the extent they are more restrictive than those contained in the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with any privacy proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

47

Table of Contents

Market risk represents the risk of changes in the fair value of a financial instrument caused by changes in interest rates or equity prices. The Company’s primary market risk is exposure to changes in interest rates that could impact the fair value of our investments and long-term debt.

Approximately $11.1 billion of our investments at June 30, 2007 were debt securities. Assuming a hypothetical and immediate 1% increase or decrease in interest rates applicable to our fixed-income investment portfolio at June 30, 2007, the fair value of our fixed-income investments would decrease or increase by approximately $398 million. We manage our investment portfolio to limit our exposure to any one issuer or industry and largely limit our investments to U.S. Government and Agency securities, state and municipal securities, and corporate debt obligations that are investment grade.

To mitigate the financial impact of changes in interest rates, we have entered into interest rate swap agreements to more closely match the interest rates of our long-term debt with those of our cash equivalents and short-term investments. Including the impact of our interest rate swap agreements, approximately $6.7 billion of our commercial paper and debt had variable rates of interest and $1.7 billion had fixed rates as of June 30, 2007. A hypothetical 1% increase or decrease in interest rates would not be material to the fair value of our commercial paper and debt.

At June 30, 2007, we had $368 million of equity investments, a portion of which were held by our UnitedHealth Capital business in various public and non-public companies concentrated in the areas of health care delivery and related information technologies. Market conditions that affect the value of health care or technology stocks will likewise impact the value of our equity portfolio.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

45

Table of Contents

Market risk represents the risk of changes in the fair value of a financial instrument caused by changes in interest rates or equity prices. The Company’s primary market risk is exposure to changes in interest rates that could impact the fair value of our investments and long-term debt.

Approximately $10.5 billion of our investments at March 31, 2007 were debt securities. Assuming a hypothetical and immediate 1% increase or decrease in interest rates applicable to our fixed-income investment portfolio at March 31, 2007, the fair value of our fixed-income investments would decrease or increase by approximately $360 million. We manage our investment portfolio to limit our exposure to any one issuer or industry and largely limit our investments to U.S. Government and Agency securities, state and municipal securities, and corporate debt obligations that are investment grade.

To mitigate the financial impact of changes in interest rates, we have entered into interest rate swap agreements to more closely match the interest rates of our long-term debt with those of our cash equivalents and short-term investments. Including the impact of our interest rate swap agreements, approximately $6.2 billion of our commercial paper and debt had variable rates of interest and $1.3 billion had fixed rates as of March 31, 2007. A hypothetical 1% increase or decrease in interest rates would not be material to the fair value of our commercial paper and debt.

At March 31, 2007, we had $363 million of equity investments, a portion of which were held by our UnitedHealth Capital business in various public and non-public companies concentrated in the areas of health care delivery and related information technologies. Market conditions that affect the value of health care or technology stocks will likewise impact the value of our equity portfolio.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

62

Table of Contents

The information called for by this Item is incorporated herein by reference to Item 7 of this report under the heading “Quantitative and Qualitative Disclosures about Market Risk.”

63

Table of Contents

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

Market risk represents the risk of changes in the fair value of a financial instrument caused by changes in interest rates or equity prices. The Company’s primary market risk is exposure to changes in interest rates that could impact the fair value of our investments and long-term debt.

Approximately $18.8 billion of our cash equivalents and investments at September 30, 2006 were debt securities. Assuming a hypothetical and immediate 1% increase or decrease in interest rates applicable to our fixed-income investment portfolio at September 30, 2006, the fair value of our fixed-income investments would decrease or increase by approximately $330 million. We manage our investment portfolio to limit our exposure to any one issuer or industry and largely limit our investments to U.S. Government and Agency securities, state and municipal securities, and corporate debt obligations that are investment grade.

To mitigate the financial impact of changes in interest rates, we have entered into interest rate swap agreements to more closely match the interest rates of our long-term debt with those of our cash equivalents and short-term investments. Including the impact of our interest rate swap agreements, approximately $4.9 billion of our commercial paper and debt had variable rates of interest and $2.4 billion had fixed rates as of September 30, 2006. A hypothetical 1% increase or decrease in interest rates would not be material to the fair value of our commercial paper and debt.

69

Table of Contents

At September 30, 2006, we had $297 million of equity investments, a portion of which were held by our UnitedHealth Capital business in various public and non-public companies concentrated in the areas of health care delivery and related information technologies. Market conditions that affect the value of health care or technology stocks will likewise impact the value of our equity portfolio.

As discussed in the Explanatory Note preceding Part I, in light of the findings of the WilmerHale Report and the restatement of the Company’s financial statements, management re-evaluated the assessment presented in Management’s Report on Internal Control Over Financial Reporting in the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2005. As reported in a Current Report on Form 8-K filed with the SEC on November 8, 2006, management concluded that the Company had a material weakness in internal control over financial reporting solely relating to stock option plan administration and accounting for and disclosure of stock option grants as of December 31, 2005 and that, solely for this reason, its internal control over financial reporting and its disclosure controls and procedures were not effective as of that date.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on

68

Table of Contents

our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

Market risk represents the risk of changes in the fair value of a financial instrument caused by changes in interest rates or equity prices. The Company’s primary market risk is exposure to changes in interest rates that could impact the fair value of our investments and long-term debt.

Approximately $17.3 billion of our cash equivalents and investments at March 31, 2006 were debt securities. Assuming a hypothetical and immediate 1% increase or decrease in interest rates applicable to our fixed-income investment portfolio at March 31, 2006, the fair value of our fixed-income investments would decrease or increase by approximately $350 million. We manage our investment portfolio to limit our exposure to any one issuer or industry and largely limit our investments to U.S. Government and Agency securities, state and municipal securities, and corporate debt obligations that are investment grade.

To mitigate the financial impact of changes in interest rates, we have entered into interest rate swap agreements to more closely match the interest rates of our long-term debt with those of our cash equivalents and short-term investments. Including the impact of our interest rate swap agreements, approximately $6.2 billion of our commercial paper and debt had variable rates of interest and $1.3 billion had fixed rates as of March 31, 2006. A hypothetical 1% increase or decrease in interest rates would not be material to the fair value of our commercial paper and debt.

At March 31, 2006, we had $241 million of equity investments, a portion of which were held by our UnitedHealth Capital business in various public and non-public companies concentrated in the areas of health care delivery and related information technologies. Market conditions that affect the value of health care or technology stocks will likewise impact the value of our equity portfolio.

As discussed in the Explanatory Note preceding Part I, in light of the findings of the WilmerHale Report and the restatement of the Company’s financial statements, management re-evaluated the assessment presented in Management’s Report on Internal Control Over Financial Reporting in the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2005. As reported in a Current Report on Form 8-K filed with the SEC on November 8, 2006, management concluded that the Company had a material weakness in internal control over financial reporting solely relating to stock option plan administration and accounting for and disclosure of stock option grants as of December 31, 2005 and that, solely for this reason, its internal control over financial reporting and its disclosure controls and procedures were not effective as of that date.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA also requires that we impose privacy and security requirements on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

Market risk represents the risk of changes in the fair value of a financial instrument caused by changes in interest rates or equity prices. The Company’s primary market risk is exposure to changes in interest rates that could impact the fair value of our investments and long-term debt.

Approximately $18.7 billion of our cash equivalents and investments at June 30, 2006 were debt securities. Assuming a hypothetical and immediate 1% increase or decrease in interest rates applicable to our fixed-income investment portfolio at June 30, 2006, the fair value of our fixed-income investments would decrease or increase by approximately $330 million. We manage our investment portfolio to limit our exposure to any one issuer or industry and largely limit our investments to U.S. Government and Agency securities, state and municipal securities, and corporate debt obligations that are investment grade.

To mitigate the financial impact of changes in interest rates, we have entered into interest rate swap agreements to more closely match the interest rates of our long-term debt with those of our cash equivalents and short-term

69

Table of Contents

investments. Including the impact of our interest rate swap agreements, approximately $4.9 billion of our commercial paper and debt had variable rates of interest and $2.5 billion had fixed rates as of June 30, 2006. A hypothetical 1% increase or decrease in interest rates would not be material to the fair value of our commercial paper and debt.

At June 30, 2006, we had $244 million of equity investments, a portion of which were held by our UnitedHealth Capital business in various public and non-public companies concentrated in the areas of health care delivery and related information technologies. Market conditions that affect the value of health care or technology stocks will likewise impact the value of our equity portfolio.

As discussed in the Explanatory Note preceding Part I, in light of the findings of the WilmerHale Report and the restatement of the Company’s financial statements, management re-evaluated the assessment presented in Management’s Report on Internal Control Over Financial Reporting in the Company’s 2006 Form 10-K. As reported in a Current Report on Form 8-K filed with the SEC on November 8, 2006, management concluded that the Company had a material weakness in internal control over financial reporting solely relating to stock option plan administration and accounting for and disclosure of stock option grants as of December 31, 2005 and that, solely for this reason, its internal control over financial reporting and its disclosure controls and procedures were not effective as of that date.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, (HIPAA). HIPAA also imposes guidelines on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals,

requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, (HIPAA). HIPAA also imposes guidelines on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, (HIPAA). HIPAA also imposes guidelines on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.

We must comply with restrictions on patient privacy and information security, including taking steps to ensure that our business associates who obtain access to sensitive patient information maintain its confidentiality.

The use of individually identifiable data by our businesses is regulated at the international, federal and state levels. These laws and rules are changed frequently by legislation or administrative interpretation. Various state laws address the use and disclosure of individually identifiable health data. Most are derived from the privacy and security provisions in the federal Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, (HIPAA). HIPAA also imposes guidelines on our business associates (as this term is defined in the HIPAA regulations). Even though we provide for appropriate protections through our contracts with our business associates, we still have limited control over their actions and practices. Compliance with these proposals, requirements, and new regulations may result in cost increases due to necessary systems changes, the development of new administrative processes, and the effects of potential noncompliance by our business associates. They also may impose further restrictions on our use of patient identifiable data that is housed in one or more of our administrative databases.