The health insurer Aetna is facing criticism for revealing the HIV status of potentially thousands of customers after it sent out a mailer in which information about ordering prescription HIV drugs was clearly visible through the envelope’s clear window.
For example, in a letter sent to a customer in Brooklyn, N.Y., the window revealed considerably more than the address. It also showed the beginning of a letter advising the customer about options “when filling prescriptions for HIV Medic … ”
Aetna says approximately 12,000 customers were sent the mailer on July 28 that potentially revealed private medical information, though the company says it isn’t clear exactly how many were affected, because it depends on how the letter was positioned in the envelope.
“We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members,” the company said in a statement. “This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again.”
The Legal Action Center in New York City and the AIDS Law Project of Pennsylvania sent a cease-and-desist letter to Aetna, stating that the privacy breach caused “incalculable harm to Aetna beneficiaries.” The groups say they received complaints from individuals in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania and Washington, D.C.
“Aetna’s privacy violation devastated people whose neighbors and family learned their intimate health information,” Sally Friedman, legal director of the Legal Action Center, said in a statement. “They also were shocked that their health insurer would utterly disregard their privacy rights.”
The groups also called for “corrective measures to ensure that this gross breach of privacy and confidentiality never reoccurs.”
They say the people who received the letters “are currently taking medications for HIV treatment as well as for Pre-exposure Phophylaxis (PrEP), a regimen that helps prevent a person from acquiring HIV.”
In a letter notifying customers of the privacy breach, a copy of which was obtained by NPR, Aetna says it learned on July 31 that personal information may have been exposed through the envelope window.
The letter states that upon investigating, Aetna “confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window.”
It adds: “Regardless of how this error occurred, it affects our members and it is our responsibility to do out best to make things right.”
The Legal Action Center and the AIDS Law Project of Pennsylvania say they are considering further legal action.