Aetna has settled another lawsuit alleging members’ privacy right have been violated after revealing the HIV status of many individuals it insures.
California’s Attorney General, Xavier Becerra, has settled a privacy lawsuit against healthcare provider, Aetna, which sent out letters to nearly 2,000 Californians visibly revealing their HIV status through a see-through window on the envelope. A $935,000 settlement was awarded.
Aetna previously settled a lawsuit for $17 million in 2018 over the data breach that happened in the summer of 2017. A fund was also set up for those who “experienced additional financial or emotional distress.” Each individual claimant can claim up to $20,000. The rest of the funds were set aside for legal fees and costs. In total, nearly 12,000 individuals nationwide who are insured by the provider had their personal information compromised.
Aetna “carelessly, recklessly, negligently, and impermissibly revealed HIV-related information of their current and former insureds to their family, friends, roommates, landlords, neighbors, mail carriers and complete strangers,” the original lawsuit stated. “In the course of sending out the agreed notices, however, Aetna again failed to recognize the dangers associated with sending information about HIV medications through the mail.”
“Through our outreach efforts, immediate relief program and this settlement we have worked to address the potential impact to members following this unfortunate incident,” Aetna wrote in a statement following the initial settlement. “In addition, we are implementing measures designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information.”
The envelopes specifically revealed that the addressee was taking HIV medication, according to Becerra’s lawsuit filed in San Bernardino Superior Court. The filing alleges the “mailing error violated several state laws, including the Confidentiality of Medical Information Act, the Unfair Competition Law, the state Constitution and health and safety codes.”
Ironically, these letters were actually sent in response to a settlement over previous privacy violation concerns. At one point, Aetna had required members to obtain HIV medications via mail order. Lawsuits filed in 2014 and 2015 alleged that policy was “discriminatory, that it prevented patients taking HIV medicine from receiving in-person counseling from a pharmacist and that it jeopardized members’ privacy.”
The second mailings only made matter worse. Patients were shocked that the privacy violations only continued.
“I was shocked,” said Sam, a recipient of the notice. His last name has been withheld. He added, “I haven’t disclosed my HIV status to my parents. Let’s say that letter had gotten forwarded to their house and someone happened to open the mail. Those were the types of things going through my mind.”
“A person’s HIV status is incredibly sensitive information and protecting that information must be a top priority for the entire healthcare industry,” Becerra said. “Aetna violated the public’s trust by revealing patients’ private and personal medical information. We will continue to hold these companies accountable to prevent such a gross privacy violation from reoccurring.”
The final judgment in the California settlement also requires Aetna to undergo new training strategies to prevent any further breaches of patient confidentiality, according court documents. It also requires annual compliance reviews to ensure the provider is following state and federal privacy guidelines.