Legal groups on Monday filed a class-action lawsuit against the health insurer Aetna, alleging the company violated the privacy of its customers by sending many of them letters through which the phrase “filling prescriptions for HIV” was visible through envelope windows.
The federal suit alleges the breach affected as many as 12,000 Aetna customers living in 23 states.
“For 40 years, HIV-related public health messages have been geared toward assuring people that it’s safe to come forward to get confidential HIV treatment, and now our clients come forward for HIV-related healthcare and Aetna fails to provide confidentiality,” said Ronda B. Goldfein, executive director of the AIDS Law Project of Pennsylvania, which filed the suit with the Legal Action Center and Berger & Montague P.C., in a written statement.
The lead plaintiff is listed by the pseudonym Andrew Beckett — a nod to the main character in the 1993 film “Philadelphia,” based in part on the story of an attorney who filed one of the first wrongful termination lawsuits at the height of the HIV/AIDS crisis in the 1980s.
The plaintiff in the Aetna case was described as a “52-year-old Bucks County [Pa.] man, whose sister learned from an unopened large-window envelope that arrived in their mail that he was taking HIV medications.”
He was, in fact, HIV-negative but on a regimen of prophylactic medication meant to guard against getting HIV.
Individuals who are taking the prophylactic HIV medication Truvada were among the approximately 12,000 people who received the mailings, meant to alert them to a change in pharmacy benefits.
Multiple recipients of the letters told STAT that they were no longer taking Truvada at the time they received the letter but had used it previously.
An Aetna spokesperson did not comment on whether the company was aware of HIV-negative individuals who are not currently taking medication and who received the letters. On Monday, the company also declined to comment on the class-action lawsuit.
Leaders of the AIDS Law Project of Pennsylvania and the Legal Action Center sent a cease-and-desist letter to Aetna on Thursday, urging the health insurer to take action to suspend any such mailings.
The mailings that led to the privacy breach were, ironically, prompted by two lawsuits meant to address privacy concerns. In 2014 and 2015, plaintiffs who had been prescribed HIV medications claimed their privacy rights were being violated by a proposed Aetna requirement that they receive the medications via mail and not in person at pharmacies.
Settlements in those lawsuits required Aetna to pay $24,000 to plaintiffs and to send via mail a notice that “informing them that they were no longer required to order their medications through the mail.”
The insurer then provided a third-party vendor with 12,000 mailing addresses, and the mailings were then sent out using envelopes with large, transparent windows.
In a statement on Thursday, the company apologized for the breach and said it was “undertaking a full review of our processes to ensure something like this never happens again.”
So Aetna has recourse to sue their mailing vendor who performed the actual HIPAA breach. Who is the mailing vendor?
Comments are closed.