The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Humana & Cotiviti Settle Class Action Data Breach Lawsuit

Posted By on Aug 25, 2022

Humana & Cotiviti have agreed to settle a class action lawsuit to resolve claims from individuals affected by a 2020 data breach that exposed the PHI of 64,654 individuals.

Humana had contracted with Cotiviti to assist with medical record requests to verify the data it reports to the HHS’ Centers for Medicare and Medicaid Services. In order to provide those services, Cotiviti was provided with the protected health information of certain plan members. Cotiviti used a subcontractor, Visionary, to review the medical records that were collected.

Between October 12, 2020, and December 16, 2020, a former employee of Visionary accessed its systems and obtained plan members’ data, which was provided to others in connection with a personal coding business. The data disclosed included plan members’ names, partial or full social security numbers, dates of birth, addresses, phone numbers, email addresses, member identification numbers, subscriber information numbers, dates of service, dates of death, provider names, medical record numbers, treatment information, and medical images.

A lawsuit was filed in response to the data breach – Steven K. Farmer v. Humana Inc. and Cotiviti – that alleged the defendants failed to properly protect plan members’ data and that the data breach has placed the plaintiffs at risk of identity theft and fraud. The decision was taken to settle the lawsuit to avoid further legal costs and the uncertainty of trial. Humana and Cotiviti have not admitted any wrongdoing.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Under the terms of the settlement, class members will be entitled to submit claims for out-of-pocket losses incurred in response to the data breach, up to a maximum of $5,250. Up to $250 can be claimed for ordinary losses, including up to 3 hours at a rate of $20 per hour. Claims may be submitted for up to $5,000 for extraordinary losses, such as losses due to the misuse of their data. Class members will also be entitled to a two-year membership to a credit monitoring and identity theft protection service. Humana & Cotiviti have also agreed to implement additional security measures to better protect customer information.

Class members have until November 15, 2022, to object to the settlement or exclude themselves. The final approval hearing is scheduled for February 8, 2023.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist