Aetna to Pay $17M in HIV Privacy Breach Lawsuit | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Aetna to Pay $17M in HIV Privacy Breach Lawsuit

January 18, 2018
by Rajiv Leventhal
| Reprints

Hartford-based Aetna is settling a lawsuit for $17 million over a privacy breach in which the insurer potentially revealed the HIV status of thousands of customers via letters that were mailed out.

As was reported in August by NPR and others, Aetna said that approximately 12,000 customers were sent a mailer last July that potentially revealed private medical information, though the company also said it wasn’t clear exactly how many were affected since depends on how the letter was positioned in the envelope. According to an NPR report at the time, one example of the mishap was a letter sent to a customer in Brooklyn, N.Y., in which the clear envelope window revealed considerably more than just the person’s address. It also showed the beginning of a letter advising the customer about options "when filling prescriptions for HIV Medic ..."

At the time, the New York City-based Legal Action Center, AIDS Law Project of Pennsylvania, and Philadelphia-headquartered Berger & Montague, P.C. filed a federal class action lawsuit against Aetna “for its repeated failure to respect the privacy rights of people taking HIV medication by mailing its customers Aetna envelopes where their HIV medication was visible through the large transparent window of the envelopes.” The lawsuit, filed in the U.S. District Court for the Eastern District of Pennsylvania, contended that the insurer’s mailing violated several laws by revealing highly confidential HIV information of approximately 12,000 customers in at least 23 states.

In an extraordinary twist, the Center noted that Aetna’s July mailing actually was an attempt to address privacy concerns raised in two lawsuits filed against the insurer in 2014 and 2015. Aetna had wanted customers to get their HIV medications exclusively from mail-order pharmacies rather than retail pharmacies. Customers objected at the time, saying that using the mail could breach their privacy.

As part of the settlement in those cases, Aetna sent the letter 12,000 customers who have taken HIV medications, explaining its revised HIV medication procedures.

In the complaint, the lead plaintiff’s sister learned that he was taking HIV medication from an unopened large-window of an Aetna envelope that revealed the highly confidential information. The plaintiff, identified by the pseudonym Andrew Beckett in the complaint, does not have HIV, the virus that causes AIDS, but takes PrEP as a preventative approach that lowers the risk of becoming infected with the virus.

According to a recent NPR report, “Aetna settled with the individual plaintiffs, changed its policy to allow members to fill HIV prescriptions in person at retail pharmacies, and, in turn, sent out notification letters to anyone who had filled prescriptions for HIV medications.”

Per the NPR report, as part of the payout, the law firms are setting aside at least $12 million for payments of at least $500 to the estimated 11,875 people who may have received a letter exposing that information, acknowledging that "the harm was in the status being disclosed," according to Ronda Goldfein, director of the AIDS Law Project of Pennsylvania.

Aetna wrote in a statement, “"Through our outreach efforts, immediate relief program and this settlement we have worked to address the potential impact to members following this unfortunate incident. In addition, we are implementing measures designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information."

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.