It was announced on November 19, 2012 that Coventry Health Care, Inc. (Coventry) has agreed to pay a $3,000,000 fine to the U.S. Government to avoid any prosecution of crimes arising from unauthorized access to a Medicare database.
Coventry entered the Medicare Set-Aside industry in 2005 when it acquired First Health Group Corp. for $1.7 million. Although this was a large acquisition for Coventry that more than doubled its assets and employees, the Medicare Set-Aside division accounted for less than .25% of Coventry’s consolidated revenue, or about $1.7 million in annual revenue. Coventry no longer sells Medicare Set-Asides.
In January 2007, the Centers for Medicare and Medicaid Services (CMS) notified Coventry regarding unauthorized access of CMS’ database. In 2008, the U.S. Attorney’s Office for the District of Maryland began an investigation into practices at Coventry.
As part of Coventry’s normal course of business, certain employees had authorized access to Medicare’s Common Working File database. However, a few employees accessed CMS’ Common Working File for the purposes of preparing Medicare Set-Aside reports. This access was not authorized by CMS and was, according to the government, “intended in part to give Coventry an unfair advantage over its competitors”.
On November 19, 2012, it was announced by both Coventry and by the U.S. Department of Justice (DOJ) that an agreement had been reached whereby Coventry would pay a $3,000,000 fine in return for the government not filing criminal charges. In addition, Coventry agreed to maintain employee training and testing programs regarding privacy and security of government databases.