[BreachExchange] Aetna mailings may have exposed members' HIV status

[Audrey McNeil]

http://www.fiercehealthcare.com/payer/aetna-mailings-may-
have-exposed-some-members-hiv-status


Aetna is facing backlash after mailing letters that may have revealed some
of its members’ HIV status through the envelope.

The letters, sent July 28, contained instructions for filling prescriptions
for HIV medication which in some cases might have been visible without
having to open the envelope. Approximately 12,000 members received the
letters, according to an Aetna spokesman.

Individuals who contacted attorneys from the Legal Action Center and AIDS
Law Project of Pennsylvania about the letters reported that they were seen
by family members, roommates and neighbors, according to a statement from
the two organizations.

“Aetna’s privacy violation devastated people whose neighbors and family
learned their intimate health information,” said Sally Friedman, legal
director of the Legal Action Center.

Ronda B. Goldfein, executive director of the AIDS Law Project of
Pennsylvania, added that disclosing a person’s HIV status risks exposing
them to “violence, discrimination and other trauma,” as a stigma still
surrounds the condition.

Aetna sent a letter to affected members last week informing them of the
breach and their rights—including filing a complaint with the Department of
Health and Human Services’ Office of Civil Rights. The letter says the
company learned of the issue on July 31 and subsequently determined that
the incident may have a caused a breach of some members’ protected health
information.

“We sincerely apologize to those affected by a mailing issue that
inadvertently exposed the personal health information of some Aetna
members,” the Aetna spokesman said in a statement. “This type of mistake is
unacceptable, and we are undertaking a full review of our processes to
ensure something like this never happens again.”

The Legal Action Center and AIDS Law Project of Pennsylvania say they sent
their own letter to Aetna demanding that it stop sending the letters in
their current form and develop a plan to correct its practices and
procedures going forward. They did so on behalf of Aetna customers in
Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio,
Pennsylvania and the District of Columbia.

The groups added that they are considering additional legal action.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170824/11ee1000/attachment.html>