Erin Smith Aebel Discusses BA and Subcontractor Compliance with Health Care Compliance Association
Report on Patient Privacy 21, no. 3 (March 2021)
Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he was training to be medical coders, part of his attempt to run a “personal coding business endeavor.”
Early last month, Humana had to notify 65,000 individuals, multiple state officials, the press and the HHS Office for Civil Rights (OCR) of the worker’s data breach. In its notification, Humana said unauthorized access continued from October to December before it was discovered by the now-former worker’s employer, which Humana said is named Visionary. Technically, Visionary is (or was—current status isn’t clear) a subcontractor for a company called Cotiviti, which Humana uses to develop risk adjustment scores needed for payment of certain members. Cotiviti is a business associate (BA) of Humana, the covered entity (CE).
For the full article, please click here.