W

ASHINGTON — Thousands of people with HIV received mailed letters from Aetna last month that may have disclosed their HIV status on the envelope.

The letters, which Aetna said were sent to approximately 12,000 people, were meant to relay a change in pharmacy benefits. Text visible through a small window on the envelopes listed the patients’ names and suggested a change in how they would fill the prescription for their treatment for the virus.

“People have been devastated. We’ve had a number of people tell us they had chosen not to disclose their HIV status to family members — but this is how their family members found out,” said Sally Friedman, legal director at Legal Action Center, which is pushing Aetna to correct the mistake and which highlighted the violation Thursday.

advertisement

“People with any private health conditions can just imagine, whether you’re being treated for cancer or a behavioral condition, just imagine having that flat out on the front of an envelope for anyone to see. It should be a grave concern to everyone,” she added.

Newsletters

Sign up for our Morning Rounds newsletter

Please enter a valid email address.

Aetna is in the process of notifying both state and federal authorities about the breach, a company spokesman said. The mailing was sent July 28.

“We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members,” the spokesman said. “This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again.”

Legal Action Center, working with the AIDS Law Project of Pennsylvania, called on Aetna to cease and desist the mailings and to remedy the mistake. Those organizations and other privacy and AIDS advocacy groups had heard from individuals in eight states and the District of Columbia.

In their letter, the groups said the breach caused “incalculable harm” and suggested several of the affected individuals had already filed complaints with the Health and Human Services Office for Civil Rights or other state authorities.

In a letter Aetna mailed to affected individuals, obtained by STAT, the company suggested the personal information was only visible “in some cases.”

“The letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window,” the Aetna notification letter reads. Aetna’s notification letter also emphasizes that “the viewable information did not include the name of any particular medication or any statement that you have been diagnosed with a specific condition.”

Friedman said in every letter the privacy advocates had seen, the information was very visible.

She added that while Legal Action Center has handled numerous cases of privacy violations from health care providers, she could not recall any case involving an insurer.

Plans across the country suffer privacy breaches, as do providers. A 2009 law requires companies that are covered by federal health privacy laws, like plans, providers, and their vendors, to report data breaches that affect more than 500 individuals. That database showed some 30 such breaches in July alone, though the tool does not detail the kind of information that was disclosed. Some breaches involve Social Security numbers or service codes, for example.

Health care companies often settle health privacy law violation cases with HHS and in some cases pay millions in fines. In May, for example, after an employee at St. Luke’s-Roosevelt Hospital Center Inc. inadvertently disclosed a patient’s HIV status and other medical information to his employer, the provider paid a $378,000 settlement.

An earlier version of this story said the HIV status of 12,000 people had been disclosed. Aetna said the mailings went to approximately 12,000 people but that it was unclear how many of the envelope windows would have shown personal health information.

Leave a Comment

Please enter your name.
Please enter a comment.

    • That’s the thing…they can’t. This compromises potentially people’s housing, jobs, child custody…there is so much stigma about HIV because folks are so ignorant about it..from how folks may have gotten it, their financial status because it can be so expensive, and just so much unwarranted fear. It’s compromised people who are already dealing with a compromised immune system. And just by reading the comments you can see how stupid people are about it.

  • It is my opinion.: Aetna, liars, crooks and thieves.
    I purchased a disability policy from my employer with Aetna. I became disabled because of a heart condition, verified by 3 doctors, state and other insurance companies. Aetna harassed my spouse and I, threatened me with being fired, discontinued my employer pay and benefits, conveniently lost documents my doctors and I sent to them several times, misquoted and distorted facts in medical documents I submitted, forced me to retire because of no pay or benefits, committed fraud, made numerous mistakes always in Aetna’s favor, told me verbal lies in phone conversations, made outrageous demands under the threat of being fired “if you don’t go to the doctor today and submit these forms you will be terminated from your job”, Etc. Aetna CEO Mark Bertolini’s compensation was valued at $17.3 million last year. He got it by screwing people like you and I. Don’t get Aetna insurance for any coverage of any kind. Often Aetna will not pay claims and will do anything dishonest to avoid paying. If you do have Aetna coverage, get rid of them ASAP. Aetna consistently acted in bad faith. If you do have problems with Aetna, keep a log, FAX or send all documents 3 times and file a complaints with your employer and department of insurance, etc. Anonymous Aetna victim, because of Aetna reprisals.

  • Some…no, A LOT, of you are missing the point. This is not a gay issue, an HIV issue, it isn’t about your narrow, obtuse and jaded perception of sexual deviance….it is about violating the Patient Privacy Act. Literally no one but you, your doctor and your doctors staff have a right to know your medical history – past, present or future. Stop using the forum to push your marginalized, out-dated and (thankfully) diminishing attitudes, ideas and perceptions.

  • People should be legally REQUIRED to inform others of an HIV infection! To not do so is denying them the right to take steps to not be infected with it! People with infectious lung disease or infectious leprosy are not allowed to just walk around silently spreading it.

    • If you sleep with someone you are required to notify them …
      but anyone with any sense should assume their sex buddy could be positive with hiv, herpies, hep c, clamydia, Gono etc.. and take appropriate precautions.
      For someone to get an std one has to be a little bit stupid.. it means they were sloppy in taking precautions.
      Getting pregnant.. in today’s numerous ways to not be? You have to be stupid .. getting drunk and sloppy no excuse.

  • Are insurance providers subject to HIPPA laws? Would this be a violation if so? Should someone be contacting all recipients regarding this breach of their medical information? This could have been seen by their mail carrier. It’s obvious from the picture the information was visible from the outside of the envelope and every complaint was substantiated. This is a clear negligible violation in this mailing. It would have been a problem no matter what medical information it had been carrying to customers. I feel like every person who received this mailing was violated, should be notified and is entitled to some type damages. Your medical information is private. It is only for you to reveal and there are laws in place to protect that privacy. If someone violates that privacy you have to have some recourse for that whether it causes you an issue or not. They simply can’t do it. If no one holds people accountable when they do, these laws will start to be taken lightly and ignored and things like this situation will happen and eventually become the norm if people accept this company’s excuses and brushing off of this serious incident.

Sign up for our Morning Rounds newsletter

Your daily dose of news in health and medicine.

X