With everything going electronic recently, customers were surprised to receive a physical letter from Aetna, one of the biggest national health insurance companies in the U.S. They were more surprised to learn that their highly sensitive HIV status was easily revealed through the unopened envelope in which the letter arrived. Already there has been nearly 2 dozen complaints from customers who say the letter allowed family, friends, and even neighbors to know their HIV information without their consent.
In late July, Aetna reportedly mailed out around 12,000 letters to customers who were on prescription HIV medications. The letter included instruction for filling these prescription – sensitive information which were visible through a window on the envelope.
"Aetna's privacy violation devastated people whose neighbors and family learned their intimate health information," said Sally Friedman, legal director of the Legal Action Center in New York City said in a statement. "They also were shocked that their health insurer would utterly disregard their privacy rights."
"I know of someone who has been kicked out of his home because somebody who saw his envelope learned his HIV status,"Friedman added. Friedman is part of a group of attorneys who could end up representing the customers in a case against Aetna.
Along with Legal Action Center in New York City, the AIDS Law Project of Pennsylvania has sent a cease-and-desist letter to Aetna, in which the firms cited the privacy breach caused “incalculable harm to Aetna beneficiaries.” Complaints are coming from customers across the country (Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania and Washington, D.C..), likely with more on the way.
"People with HIV need to feel they can seek medical help without their private information being illegally shared with neighbors, family, etc," Friedman said. "So when an insurance company breaches confidentiality in this fashion, it can deter people from getting health care."
Aetna has since responded, blaming an external vendor for the handling of the letters and envelopes. In a letter notifying customers of the breach, Aetna "confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window."
"We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members. This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again," Aetna added.
Additional sources: CNN