Aetna is facing a class action lawsuit following a privacy breach that saw the HIV positive status of up to 12,000 individuals disclosed against the patients’ wishes. The individuals names and addresses were visible during a recent mail distribution when details of prescribed HIV medications were identifiable through the transparent windows of envelopes.
The correspondence was in relation to medical benefits and information on how HIV medications could be received. Due to the mistake, which has been attributed to letters becoming misplaced inside the envelopes during delivery, many people had had their HIV status revealed to those close to them. Breach notification letters have been distributed to the 12,000 individuals on the relevant mailing list. However it remains unclear exactly how many people had details disclosed.
In a recent release, Aetna stated that “this type of mistake is unacceptable,” and revealed that steps are being taken to ensure proper measures are put in place to prevent incidents like this from happening. However, for individuals affected by the incident, serious and irreparable harm has been done.
The Legal Action Center and AIDS Law Project of Pennsylvania contacted Aetna last week insisting the insurer stop sending mail that “illegally discloses” that the plan members are taking HIV medication.”
The class-action legal case has been filed in the U.S. District Court for the Eastern District of Pennsylvania by both organizations and their legal team from Berger & Montague, P.C. The suit insists that Aetna stop the practice of sending data relating to HIV medications via mail, changes standard operating procedures and pays compensation.
In a recent release to the media, the AIDS Law Project outlined that the data breach has caused trauma for some Aetna members whose HIV positive condition was disclosed. The press release referred to one example of a couple in Florida who had to move home due to the disclosure as a result of the fear and embarrassment that they felt
In another case, the sister of a 52-year old male from Pennsylvania discovered that he was taking HIV medication after due to the data disclosure. That man, the lead plaintiff in the class action lawsuit, does not have HIV but takes the medication as part of a regimen of pre-exposure prophylaxis – to prevent him from contracting the virus.
Aetna conducted the mailing to address alleged privacy violations highlighted in two lawsuits in 2014 and 2015, which were filed after the group required customers to receive their HIV medications in the mail. The named plaintiffs claimed these actions could lead to a breach in their privacy. The legal cases were settled, and the correspondence was sent on July 28, 2017.
By the time that the press release was issued, six AIDS service organizations across the U.S.A. had received “dozens” of official complaints from Aetna customers about the breach.
Sally Friedman, legal director of the Legal Action Center said, “Some have lost housing, and others have been shunned by loved ones because of the enormous stigma that HIV still carries. This case seeks justice for these individuals. Insurers like Aetna must be held accountable when they fail to vigorously protect people’s most private health information.”
