Aetna violated HIPAA when envelope windows exposed HIV medication use, attorneys say
Envelope flaw allowed others to see patient information on options Aetna's health plan offers when filling prescriptions.
Aetna has violated HIPAA law by exposing through a transparent window of an envelope mailed to members, information on HIV medication, according to the Legal Action Center and the AIDS Law Project of Pennsylvania which sent a letter to Aetna on Thursday.
Attorneys for the two groups demand Aetna cease and desist from breaching privacy and said additional legal action is under consideration.
[Also: Report: Aetna in secret talks with Apple about giving members Apple Watches]
The envelope window contains the patient's name, address and the start of a letter that said its purpose is to advise the beneficiary of the options Aetna's health plan offers when filling prescriptions for HIV medicine.
The individuals receiving the letter said family members and neighbors learned their confidential information regarding their use of HIV medication.
The letters were sent to customers currently taking medications for HIV treatment as well as for Pre-exposure Prophylaxis (PrEP), a regimen that helps prevent a person from acquiring HIV, according to the Legal Action Center.
[Also: Aetna reports 52% surge in second quarter profit]
In a statement, Aetna said, "We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members. This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again."
The letter relating to a change in pharmacy benefits and access to medications was mailed to about 12,000 members on July 28.
Aetna learned of the issue on July 31 it told affected beneficiaries in a follow-up letter obtained by Healthcare Finance News.
[Also: Aetna reports 52% surge in second quarter profit]
"We then confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window," the Aetna letter stated. "On August 2, 2017, we determined this incident may have caused a breach of your protected health information."
Aetna informed members they had a right to file a complaint with the Office of Civil Rights and the Department of Health and Human Services.
Some have done that, according to the attorneys who said they were writing on behalf of individuals in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania and Washington, D.C.
The demand letter also calls on Aetna to develop a plan to correct its practices and procedures.
Twitter: @SusanJMorse
Email the writer: susan.morse@himssmedia.com