This excerpt taken from the UNH 10-K filed Feb 11, 2009.
State Laws and Regulation
Health Care Regulation. Our insurance and HMO subsidiaries must be licensed by the jurisdictions in which they conduct business. All of the states in which our subsidiaries offer insurance and HMO products regulate those products and operations. These states require periodic financial reports and establish minimum capital or restricted cash reserve requirements. With the amendment of the Annual Financial Reporting Model Regulation by the National Association of Insurance Commissioners to incorporate elements of the Sarbanes-Oxley Act of 2002, we expect that these states will continue to expand the regulations of corporate governance and internal control activities of HMOs and insurance companies.
Health plans and insurance companies are also regulated under state insurance holding company regulations. Such regulations generally require registration with applicable state departments of insurance and the filing of reports that describe capital structure, ownership, financial condition, certain intercompany transactions and general business operations. Some state insurance holding company laws and regulations require prior regulatory approval of acquisitions and material intercompany transfers of assets, as well as transactions between the regulated companies and their parent holding companies or affiliates. These laws may restrict the ability of our regulated subsidiaries to pay dividends.
In addition, some of our business and related activities may be subject to other health care-related regulations and requirements, including PPO, managed care organization (MCO), utilization review (UR) or third-party administrator-related regulations and licensure requirements. These regulations differ from state to state, but may contain network, contracting, product and rate, and financial and reporting requirements. There are laws and regulations that set specific standards for delivery of services, payment of claims, adequacy of health care professional networks, fraud prevention, protection of consumer health information, pricing and underwriting practices, and covered benefits and services. State health care anti-fraud and abuse prohibitions encompass a wide range of activities, including kickbacks for referral of members, billing unnecessary medical services, and improper marketing. Our AmeriChoice and Ovations Medicaid businesses are subject to regulation by state Medicaid agencies that oversee the provision of benefits by AmeriChoice to its Medicaid and SCHIP beneficiaries and by Ovations to its Medicaid beneficiaries. We also contract with state governmental entities and are subject to state laws and regulations relating to the award, administration and performance of state government contracts.
Pharmacy Regulation. Prescription Solutions mail order pharmacies must be licensed to do business as a pharmacy in the state in which they are located. Our mail order pharmacies must also register with the U.S. Drug Enforcement Administration and individual state controlled substance authorities in order to dispense controlled substances. Many of the states where our mail order pharmacies deliver pharmaceuticals have laws and regulations that require out-of-state mail order pharmacies to register with that states board of pharmacy or similar regulatory body. These states generally permit the pharmacy to follow the laws of the state in which the mail order pharmacy is located, although some states require that we also comply with certain laws in that state. Our mail order pharmacies maintain certain Medicare and state Medicaid provider numbers as pharmacies providing services under these programs. Participation in these programs require the pharmacies to comply with the applicable Medicare and Medicaid provider rules and regulations. Other laws and regulations affecting our mail order pharmacies include federal and state statutes and regulations govern the labeling, packaging, advertising and adulteration of prescription drugs and dispensing of controlled substances. See Item 1A, Risk Factors for a discussion of the risks related to our PBM businesses.
Privacy and Security Laws. States have adopted regulations to implement provisions of the GLBA. Like HIPAA, GLBA allows states to adopt more stringent requirements governing privacy protection. A number of states have also adopted other laws and regulations that may affect our privacy and security practices, for example, state laws that govern the use, disclosure, and protection of social security numbers. State and local authorities are increasingly focused on the importance of protecting individuals from identity theft, with a significant number of states enacting laws requiring businesses to notify individuals of security breaches involving personal information. State consumer protection laws may also apply to privacy and security practices related to personal identifiable information. Additionally, different approaches to state privacy and insurance regulation and varying enforcement philosophies in the different states may adversely affect our ability to standardize our products and services across state lines. See Item 1A, Risk Factors for a discussion of the risks related to compliance with state privacy-related regulations.
UDFI. In addition, the Utah State Department of Financial Institutions (UDFI) has state regulatory and supervisory authority over OptumHealth Bank and in conjunction with federal regulators performs annual examinations to ensure that the bank is operating in accordance with state safety and soundness requirements. In addition to such annual examinations, the UDFI in conjunction with federal regulators performs periodic examinations of the banks compliance with applicable state banking statutes, regulations and agency guidelines. In the event of unfavorable examination results, the bank could be subjected to increased operational expenses, governmental oversight and monetary penalties.
Commitments. In connection with the PacifiCare Health Systems, Inc. (PacifiCare) and Sierra Health Services, Inc. (Sierra) acquisitions, which closed in December 2005 and February 2008, respectively, as typically occurs in connection with comparable sized transactions, certain of our subsidiaries entered into various commitments with state regulatory departments, principally in California and Nevada. We believe that none of these commitments will materially affect our operations.