“Huffington Post: Aetna May Have Exposed the HIV Status of Thousands of Clients”
August 28, 2017
As published by The Huffington Post, on August 25, 2017.
Insurance company Aetna Inc. inadvertently revealed the HIV status of potentially thousands of its customers when it sent information about HIV medication using an envelope with a mailing window large enough to read the letter’s contents, according to reports. Aetna sent the letter to about 12,000 people, Time reported.
In addition to breaking privacy laws that give people the right to have their medical information protected, the breach also put people’s safety at risk, as HIV stigma is still strong in the U.S.
Ronda B. Goldfein of the AIDS Law Project of Pennsylvania said in a statement that exposure “creates a tangible risk of violence, discrimination and other trauma” for people living with HIV.
The medical privacy breach was made public by Legal Action Center, a nonprofit organization that helps people fight HIV discrimination, and the AIDS Law Project of Pennsylvania, a nonprofit law firm, in a letter Thursday.
Writing on behalf of people in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania and Washington, D.C., it demanded that Aetna immediately stop sending mail that can reveal a person is taking HIV medications, or medications to prevent HIV, and to take steps to make sure it never happens again.
Aetna responded to the breach in a statement, calling the mistake unacceptable. It also said it was conducting a full review of its mailing process to make sure this doesn’t happen again.
A second letter was sent to affected clients this week outlining the timeline of the privacy violation and letting them know of their right to file a complaint with the Department of Health and Human Services’ Office of Civil Rights.
The second letter, obtained by HuffPost, said the offending mailer was sent July 28. The company first learned of the privacy violations on July 31, and on Aug. 2 it determined that the vendor who mailed the letters had used a window envelope that could have exposed personal information, the second letter said.
Attorneys at the Legal Action Center and the AIDS Law Project of Pennsylvania said that legal action is being considered. New York Attorney General Eric Schneiderman also announced he would look into Aetna’s privacy breach.
People have been denied medical and dental care on the basis of their HIV status. People have been fired or had job offers rescinded on the basis of their HIV status. Indeed, shame and fear about the infection prevents many from getting tested in the first place. The U.S. Centers for Disease Control and Prevention estimates that 15 percent of Americans with HIV don’t know that they have it.
While federal law protects people against being fired for their HIV or AIDS status, it only applies to companies with more than 14 workers, according to the American Civil Liberties Union. Depending on where you live, smaller companies may or may not be bound by the same anti-discrimination laws.