Class Action Lawsuit by Victims of Aetna HIV Violation Settled

Health insurer Aetna has agreed to a settlement in a class action lawsuit taken by victims of a mailing mistaken that lead to the details of HIV medications prescribed to individuals being seen through the clear plastic windows of the envelopes they were sent in.

The health insurer was not directly to blame for the mailing, instead a mistake error was committed by an external vendor.

For a number of the patients involved, the correspondence had slipped inside the envelope showing that the patient had been prescribed HIV medication. In many instances, those envelopes were seen by room mates, family members, neighbors, friends, and other people, thus making them aware of each patient’s HIV details. It is still not known how many patients had their HIV information disclosed, although the mailing was issued to 13,487 patients. Some of the patients in question were being prescribed medications to treat HIV, others were being administered the medication as Pre-exposure Prophylaxis (PrEP) to stop them from contracting the disease.

Many of the patients who were exposed due to the HIPAA violation breach have faced considerable hardship and discrimination. Many patients have had to seek different accommodation after being asked to leave their homes by flat mates and members of their family.

A lawsuit was filed in August 2017 by The Legal Action Center, AIDS Law Project of Pennsylvania and Berger & Montague, P.C., claiming damages for those affected by the violation. A settlement in the legal action has been settled for $17,161,200 by Aetna, pending Court approval, with no acceptance of liability. Aetna are also obligated to refresh its policies and processes to ensure similar privacy breaches are avoided going forward.

In total , there were two alleged HIPAA breaches. There was an improper disclosure of PHI to Aetna’s legal counsel in July, in addition to the broadcasting of the Benefit Notices that showed patients were taking HIV treatments. Those privacy breaches breached the Health Insurance Portability and Accountability Act (HIPAA) and several state laws according to the legal action filed.

Patients who had their PHI mistakenly disclosed will be given a base payment of $75, while class subscribers who were issued the envelopes with the clear plastic windows will be awarded a base payment of $500. There are approximately almost 1,600 patients who will be given the $75 payment and almost 12,000 who will receive an award of $500.

A fund has also been established for individuals who have experienced more harm or losses due to the disclosure. Those people can apply for additional funds by filling out a claim form listing the financial and non-financial harm they have experienced arising from the privacy breach.