In a major development for mismatched records and automated data pipelines, the U.S. Court of Appeals for the Ninth Circuit has issued a high-stakes ruling in Healy v. Milliman, Inc. The unanimous decision completely reverses a lower court’s dismissal, resurrecting a massive consumer class action that threatens the risk-management and data brokerage industries with hundreds of millions of dollars in potential Fair Credit Reporting Act (FCRA) liability.

The Data Inaccuracy Battle

The lawsuit centers on Milliman’s IntelliScript business, a specialty consumer reporting agency (CRA) that compiles medical and prescription histories to provide underwriting risk flags (red, yellow, and green) to life insurance companies.

The named plaintiff, James Healy, filed the class action after applying for life insurance and being denied outright. Milliman had supplied his prospective insurer with a "red flag" report containing serious medical conditions he never had—including liver disease, diabetes, and sleep apnea. The error occurred because Milliman's automated matching logic pulled the medical records and Social Security number (SSN) of an entirely different individual with a similar name.

Healy alleged a systemic failure by Milliman to maintain reasonable procedures ensuring "maximum possible accuracy" under 15 U.S.C. §1681e(b)

Tracking the Headcount: From 311,226 to 1 and Back

To understand the massive operational impact of the Ninth Circuit's order, look directly at the headcount metrics that have defined this case's lifecycle:

    • The Starting Number (311,226): When the district court initially certified the "inaccuracy class," the plaintiff’s data expert identified 311,226 total consumer reports generated by Milliman that fit the criteria. The baseline required sweeping in every file sent to insurers where there was a literal conflict between the applicant's SSN and the SSN on the medical data source, combined with an adverse health indicator flag.

    • The District Court Drop (Down to 1): Milliman pushed back at the summary judgment stage, invoking the strict Supreme Court precedent from TransUnion LLC v. Ramirez. Milliman argued that an SSN mismatch is often just a technical formatting error and does not automatically mean the health data itself belongs to someone else. Because identifying actual "mixed files" would require a manual, file-by-file review, the district court judge ruled that Healy failed to present direct evidence of concrete injury on a class-wide basis. The judge wiped out the unnamed class entirely, reducing the plaintiff headcount from 311,226 down to exactly 1—James Healy alone.

    • The Ninth Circuit Reversal (311,226 Back on the Table): The Ninth Circuit panel completely turned the tables. The appellate court clarified that while absent class members must demonstrate standing to survive summary judgment, they do not need conclusive, direct proof of a mixed file at this stage.
    • Circumstantial evidence—the combination of a scrambled SSN and a disseminated high-risk flag—is legally sufficient to create a genuine dispute of material fact. The ruling fully revived the certified pool, putting all 311,226 potential class members back on the table as the case heads back to the district court.

The Negative News for Screeners: A Double-Edged Sword

For background screeners and data furnishers, the ruling reinforces the strict TransUnion standard by confirming that every unnamed class member in an inaccuracy class must ultimately possess direct evidence of a concrete injury to recover individual damages at trial.

On one hand, this rule shields companies from massive, automatic multi-million dollar post-trial payouts to consumers who can be proven to have suffered no real-world impact. On the other hand, the operational reality is brutal: automated mixed files and SSN mismatches are officially open season for high-stakes federal class-action litigation.

The Ultimate Impact

The reversal is an absolute win for the filers of the lawsuit and a severe operational blow to Milliman. Under the FCRA, willful violations trigger statutory damages of $100$ to $1,000$ per violation.

Milliman can no longer rely on a swift, aggregate legal argument to dismiss the action. Their next defense battlefield requires an incredibly expensive, granular, file-by-file audit to prove that specific individuals within the 311,226-person pool actually had accurate health histories reported despite their mismatched identifiers.

The Industry Takeaway: This ruling sends a chill through the background screening and data brokerage markets.

It signals to the plaintiff's bar that if they can uncover a systemic algorithmic mismatch in an automated data pipeline, they can maintain a massive class action without needing thousands of individual plaintiffs to step forward before a trial.