Last month, a great number of people with HIV received letters from Aetna that may have disclosed their HIV status on the envelope. A small window on the envelope showed the patient’s name and recommended a change in the prescription for the virus’ treatment. Approximately 12,000 letters were sent with the purpose of relaying a change in pharmacy benefits, states Aetna.
Sally Friedman, who is a Legal Director at Legal Action Center, said that people were devastated after receiving this letter, since most of them chosen not to disclose their HIV status to friends and family members and this is how their close ones found out. Aetna is pushed to correct this mistake which highlighted the violation. Friedman also added that whether people are treated for cancer or a behavioral condition, it is difficult to imagine facing this kind of situation from the family members and patient’s point of view.
Aetna is now in the process of letting both the state and federal authorities know about this misconduct, the mailing being sent on July 28. The company apologized for the people affected by this mailing issue that exposed the personal health information as well as stating that this kind of mistake is unacceptable and that they are taking a full review of their processes in order to ensure that it will never happen again.
Some people who were affected by this action already filed complaints with the Health and Human Services Office for Civil Rights or other authorities of the state. One the other hand, Aetna defends their action by implying that the personal information was only visible just in some cases and that the letter could have moved within its envelope in a way that showed personal health information through the envelope’s window. Friedman responded by saying that in every letter the private information was seen and that it was very much visible.
A law created back in 2009 requires all companies that are covered by federal health privacy laws to report data breaches that affect around 500 people. That kind of database showed approximately 30 cases of data breach just in July.