LOUISVILLE, Ky. (WATE) — Humana is notifying approximately 65,000 health plan members, including approximately 5,800 in Tennessee, that personal information may have been exposed when a subcontractor’s employee inappropriately disclosed medical records to unauthorized individuals.
Humana said they were informed on Dec. 22, and that the subcontractor immediately disabled the access of the now-former employee.
Information including name, date of birth, Social Security Number (full or partial), address, phone number, email address, insurance identification numbers, provider name, date of service, medical record number, treatment information and imagery (x-ray, photographs, etc.) may have been part of the medical records involved, Humana said in a press release.
Cotiviti is a company that helps Humana request medical records needed to verify data reported to the Centers for Medicare and Medicaid Services. Cotiviti in turn uses a subcontractor to review the collected medical records.
“An employee of that subcontractor, who was authorized to access and use the data for Humana purposes, inappropriately disclosed information to unapproved individuals for unauthorized training purposes between Oct. 12, 2020 and Dec. 16, 2020,” the company said in a press release.
Humana is offering monitoring for identity theft protection, through Equifax, for two years to affected Humana members at no cost, and is advising members to remain vigilant by reviewing documents for suspicious activity, including Explanation of Benefit (EOB) letters, SmartSummary statements, medical records, account statements and credit reports.
Unfamiliar activity on statements from Humana should be reported to Humana immediately. Suspicious activity on a credit report should be reported to police as possible identity theft.
Members with questions may contact Humana at 1-800-457-4708 or TTY, 1‐800‐833‐3301.