Health insurer, Aetna Inc, is being sued for a serious oversight that reportedly revealed the HIV status of around 12,000 patients when a letter was sent out to customers with large clear windows that referenced HIV medication.
It’s a monumental blunder that’s similar to the London sexual health clinic, 56 Dean Street breach, where an email was sent to over 700 patients with names and email addresses for recipients visible. We act for a large proportion of the people claiming in that action.
The clear window is of course intended to be clear, so the address is shown for posting, but this doesn’t change the fact that the letter clearly hadn’t been properly planned out given that private medical information was visible too.
A photograph of an unopened letter reportedly shows Aetna’s logo, the patient’s name and address, and the following text:
The purpose of this letter is to advise you of the options…
Aetna health plan when filling prescriptions for HIV Medic…
Members can use a retail pharmacy or a mail order pharm…
This is a serious breach of sensitive medical information.
Number of patients affected uncertain
Aetna themselves appear unsure as to how many people are affected as it can depend on how the letter was folded and positioned in the envelope. The insurer has said that it used a third party firm to carry out mailing tasks, but did not identify who this was.
While the third party vendor may have been the ones to physically send out the information, Aetna has a responsibility to give clear instructions to anyone they provide access of sensitive information to look after it and ensure data protection rules are upheld.
Apology from Aetna
A company statement said:
“We sincerely apologise to those affected by a mailing issue that inadvertently expose the personal health information of some Aetna members. This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again.”
The disturbing oversight may result in serious harm to the victims involved. The duty of care organisations owe when working with sensitive information like this is huge.
Claims for compensation
One victim is reportedly bringing an action after his sister found out he was taking HIV medication allegedly because of the breach. It could be easy for anyone picking up the mail to see enough content to realise that the recipient has HIV, which is a major breach of medical confidentiality.
Two organisations – Legal Action Centre (LAC) in New York, and AIDS Law Project – reportedly sent “cease-and-desist” letters to Aetna condemning the health insurer for the serious data breach. It’s believed there will be thousands seeking legal help to bring claims against Aetna.
Rhonda Goldfein, executive director of the Pennsylvania AIS group, criticised Aetna’s actions that led to the privacy violation in that, not only can this breach cause embarrassment, but also “a tangible risk of violence, discrimination and other trauma” that comes with the stigma of having the disease.
Like the 56 Dean Street Clinic action we’re involved in, this is an extremely serious data breach that has potentially caused a lot of distress and harm to the recipients. Many of the affected recipients in the Dean Street incident have instructed our firm, and we continue to work with the solicitors acting for the clinic in reaching settlements for the victims involved.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.