Class Action Lawsuit by Victims of Aetna HIV Violation Settled

by | Jan 20, 2018

Health insurer Aetna has agreed to a settlement in a class action lawsuit taken by victims of a mailing mistaken that lead to the details of HIV medications prescribed to individuals being seen through the clear plastic windows of the envelopes they were sent in.

The health insurer was not directly to blame for the mailing, instead a mistake error was committed by an external vendor.

For a number of the patients involved, the correspondence had slipped inside the envelope showing that the patient had been prescribed HIV medication. In many instances, those envelopes were seen by room mates, family members, neighbors, friends, and other people, thus making them aware of each patient’s HIV details. It is still not known how many patients had their HIV information disclosed, although the mailing was issued to 13,487 patients. Some of the patients in question were being prescribed medications to treat HIV, others were being administered the medication as Pre-exposure Prophylaxis (PrEP) to stop them from contracting the disease.

Many of the patients who were exposed due to the HIPAA violation breach have faced considerable hardship and discrimination. Many patients have had to seek different accommodation after being asked to leave their homes by flat mates and members of their family.

A lawsuit was filed in August 2017 by The Legal Action Center, AIDS Law Project of Pennsylvania and Berger & Montague, P.C., claiming damages for those affected by the violation. A settlement in the legal action has been settled for $17,161,200 by Aetna, pending Court approval, with no acceptance of liability. Aetna are also obligated to refresh its policies and processes to ensure similar privacy breaches are avoided going forward.

In total , there were two alleged HIPAA breaches. There was an improper disclosure of PHI to Aetna’s legal counsel in July, in addition to the broadcasting of the Benefit Notices that showed patients were taking HIV treatments. Those privacy breaches breached the Health Insurance Portability and Accountability Act (HIPAA) and several state laws according to the legal action filed.

Patients who had their PHI mistakenly disclosed will be given a base payment of $75, while class subscribers who were issued the envelopes with the clear plastic windows will be awarded a base payment of $500. There are approximately almost 1,600 patients who will be given the $75 payment and almost 12,000 who will receive an award of $500.

A fund has also been established for individuals who have experienced more harm or losses due to the disclosure. Those people can apply for additional funds by filling out a claim form listing the financial and non-financial harm they have experienced arising from the privacy breach.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy