WASHINGTON — Thousands of people with HIV received mailed letters from Aetna last month that may have disclosed their HIV status on the envelope.
The letters, which Aetna said were sent to approximately 12,000 people, were meant to relay a change in pharmacy benefits. Text visible through a small window on the envelopes listed the patients’ names and suggested a change in how they would fill the prescription for their treatment for the virus.
“People have been devastated. We’ve had a number of people tell us they had chosen not to disclose their HIV status to family members — but this is how their family members found out,” said Sally Friedman, legal director at Legal Action Center, which is pushing Aetna to correct the mistake and which highlighted the violation Thursday.
“People with any private health conditions can just imagine, whether you’re being treated for cancer or a behavioral condition, just imagine having that flat out on the front of an envelope for anyone to see. It should be a grave concern to everyone,” she added.
Aetna is in the process of notifying both state and federal authorities about the breach, a company spokesman said. The mailing was sent July 28.
“We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members,” the spokesman said. “This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again.”
Legal Action Center, working with the AIDS Law Project of Pennsylvania, called on Aetna to cease and desist the mailings and to remedy the mistake. Those organizations and other privacy and AIDS advocacy groups had heard from individuals in eight states and the District of Columbia.
HIV status of thousands revealed on envelopes mailed by insurer.
(Below as an example from Legal Action Center)https://t.co/Z1Zkle47Rf pic.twitter.com/lT0Ev0z9SH
— joe rojas-burke (@rojasburke) August 24, 2017
In their letter, the groups said the breach caused “incalculable harm” and suggested several of the affected individuals had already filed complaints with the Health and Human Services Office for Civil Rights or other state authorities.
In a letter Aetna mailed to affected individuals, obtained by STAT, the company suggested the personal information was only visible “in some cases.”
“The letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window,” the Aetna notification letter reads. Aetna’s notification letter also emphasizes that “the viewable information did not include the name of any particular medication or any statement that you have been diagnosed with a specific condition.”
Friedman said in every letter the privacy advocates had seen, the information was very visible.
She added that while Legal Action Center has handled numerous cases of privacy violations from health care providers, she could not recall any case involving an insurer.
Plans across the country suffer privacy breaches, as do providers. A 2009 law requires companies that are covered by federal health privacy laws, like plans, providers, and their vendors, to report data breaches that affect more than 500 individuals. That database showed some 30 such breaches in July alone, though the tool does not detail the kind of information that was disclosed. Some breaches involve Social Security numbers or service codes, for example.
Health care companies often settle health privacy law violation cases with HHS and in some cases pay millions in fines. In May, for example, after an employee at St. Luke’s-Roosevelt Hospital Center Inc. inadvertently disclosed a patient’s HIV status and other medical information to his employer, the provider paid a $378,000 settlement.
An earlier version of this story said the HIV status of 12,000 people had been disclosed. Aetna said the mailings went to approximately 12,000 people but that it was unclear how many of the envelope windows would have shown personal health information.
About the Author Reprints
I’ve deduced that when someone uses the term “status” with regard to HIV they are implying a positive status. Otherwise, a negative status wouldn’t be controversial.
Thaddeus, perhaps you should try anger management therapy or some sort psych meds. You have some serious issues.
Aetna does not lack for stupidity. http://thehealthcareblog.com/blog/2015/12/16/genetic-testing-the-new-frontier-of-wellness-madness/
4. NO ONE has to disclose their status EVER.
That’s actually untrue. According to the CDC, 24 states have laws requiring an individual who knows they are HIV positive to notify their sexual partners and 14 states require disclosure to needle-sharing partners.
Source: https://www.cdc.gov/hiv/policies/law/states/exposure.html
OK, how are they gonna untell people?
That’s the thing…they can’t. This compromises potentially people’s housing, jobs, child custody…there is so much stigma about HIV because folks are so ignorant about it..from how folks may have gotten it, their financial status because it can be so expensive, and just so much unwarranted fear. It’s compromised people who are already dealing with a compromised immune system. And just by reading the comments you can see how stupid people are about it.
It is my opinion.: Aetna, liars, crooks and thieves.
I purchased a disability policy from my employer with Aetna. I became disabled because of a heart condition, verified by 3 doctors, state and other insurance companies. Aetna harassed my spouse and I, threatened me with being fired, discontinued my employer pay and benefits, conveniently lost documents my doctors and I sent to them several times, misquoted and distorted facts in medical documents I submitted, forced me to retire because of no pay or benefits, committed fraud, made numerous mistakes always in Aetna’s favor, told me verbal lies in phone conversations, made outrageous demands under the threat of being fired “if you don’t go to the doctor today and submit these forms you will be terminated from your job”, Etc. Aetna CEO Mark Bertolini’s compensation was valued at $17.3 million last year. He got it by screwing people like you and I. Don’t get Aetna insurance for any coverage of any kind. Often Aetna will not pay claims and will do anything dishonest to avoid paying. If you do have Aetna coverage, get rid of them ASAP. Aetna consistently acted in bad faith. If you do have problems with Aetna, keep a log, FAX or send all documents 3 times and file a complaints with your employer and department of insurance, etc. Anonymous Aetna victim, because of Aetna reprisals.
Some…no, A LOT, of you are missing the point. This is not a gay issue, an HIV issue, it isn’t about your narrow, obtuse and jaded perception of sexual deviance….it is about violating the Patient Privacy Act. Literally no one but you, your doctor and your doctors staff have a right to know your medical history – past, present or future. Stop using the forum to push your marginalized, out-dated and (thankfully) diminishing attitudes, ideas and perceptions.
I’m just curious to who authorized this letter, or should I say the envelope.
Dear Antifa Freedom:
That’s a pretty hostile reply. But here’s the problem: You folks are really good at breaking things, but it doesn’t seem like you’re too good at building, creating anything worthwhile. So once all the “old” things are gone, and you’ve got nothing to rally against, what are you going to do? Stand amidst the rubble and cheer that now you own it?
Facemasks, torches and clubs, slogans and shouts … those are pretty useless when you’re trying to get irrigation systems going or finding food to feed yourselves.
You can be as “together” as you want, but all that means is more mouths to feed and no idea how to get that done.
The one consolation I have as an “older” person is that, yes, you will have it all once I’m gone, but guess what? You won’t be far behind because you have no idea how to take care of yourselves. So, no worries, we built it all just for you to destroy, but I’ll save a seat for you in the afterworld because I’m cool like that.