Louisville, Ky.-based Humana recently began notifying about 65,000 health plan members that their personal information may have been exposed in a medical records breach involving one of the insurer's subcontractors, according to a March 5 WTXL report.
Humana uses the medical records request company Cotiviti, which is partnered with a subcontractor that reviews collected medical records for reporting to CMS. An employee of the subcontractor company, who was authorized to access and use patient data for Humana, inappropriately disclosed data to unapproved individuals for unauthorized training purposes between Oct. 12, 2020, and Dec. 16, 2020.
Patient information exposed included names, dates of birth, Social Security numbers, addresses, phone numbers, medical record numbers and treatment details.
Humana was notified of the breach Dec. 22, and the subcontractor disabled the records access of the now-former employee, according to the report. Cotiviti and its subcontractor implemented a new strategy to prevent unauthorized medical records access, and Humana also worked with Cotiviti to increase security protections.
As a result of the incident, Humana is offering two years of free credit monitoring and identity protection services to individuals affected by the breach.