The American health insurance company Aetna has landed in hot water after it revealed the HIV status of roughly 12,000 of its customers when sensitive information was mailed out in an incorrect envelope.
The letters, stamped July 28, were sent out to inform clients of a change in pharmacy benefits; however, the HIPPA-guarded information was visible to anyone — a roommate, family member, neighbor, even a postal worker — through a not-so-small plastic window on the front of the envelope.
Sally Friedman, the director of the Legal Action Center in New York City, and Ronda B. Goldfein, executive director of the AIDS Law Project of Pennsylvania, along with six other organizations, sent Aetna a demand letter Thursday to get the company to cease sending out the letters and right its wrongs.
Sent on behalf of patients in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania and the Washington, DC, area, Friedman indicated they’d received 23 complaints prior to their Thursday demand letter.
“Aetna’s privacy violation devastated people whose neighbors and family learned their intimate health information,” Friedman said in a statement. “[Clients] also were shocked that their health insurer would utterly disregard their privacy rights.”
According to the demand letter, Aetna’s mishap also included instructions to customers who were taking Pre-exposure Prophylaxis (PrEP), a medication preventing a person from acquiring HIV.
Despite calling the incident “unacceptable” and saying they were “ensuring something like this never happens again,” the Connecticut company insinuated in a letter it sent to to affected customers on August 2 that the blame should fall on a vendor that chose the incorrect envelope.
Upon their July 31 investigation, Aetna “confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window.”
However, speaking to Stat News, Friedman indicated that in every letter they’d seen, the information was clearly visible — not just some.
Aetna’s notification letter went on to emphasize the “the viewable information did not include the name of any particular medication or any statement that have been diagnosed with specific condition.”
Regardless of whether specific medication or the client’s condition was identified, “it creates a tangible risk of violence, discrimination and other trauma,” Goldfein said in a statement.
With the Legal Action Center and the AIDS Law Project considering further legal action, Aetna announced it’s been in touch with the mailing vendor.
“Regardless of how this error occurred, it affects our members and it is our responsibility to do our best to make things right.”
The best way to protect one’s privacy is to have your own healthcare system.