Aetna agreed to pay $17 million to settle a class action lawsuit involving a privacy breach of thousands of its customers with HIV.
In July 2017, Aetna improperly disclosed the Protected Health Information and Confidential HIV-related information of approximately 12,000 customers. The insurance company required its customers to receive their HIV medications through mail. It did not allow them to personally pick-up their medications at the pharmacy.
Aetna provided their contact information to a third party mailing vendor, which sent instructions about how customers taking HIV medications could fill prescriptions. The third party mailing vendor mailed the instructions using an envelope with a large transparent address window. Because of that, the insurance company and its third party mailing vendor inappropriately revealed customers’ HIV status.
HIV is associated with a negative stigma
Andrew Beckett, an Aetna customer from Pennsylvania, is among those impacted by the HIV privacy breach. He is the lead plaintiff in the class action lawsuit against the insurance company.
According to Beckett, he is satisfied with the settlement. He said, “HIV still has a negative stigma associated with it, and I am pleased that this encouraging agreement with Aetna shows that HIV-related information warrants special care.”
As part of the settlement, Aetna also agreed to implement new measures to avoid repeating the privacy breach.
In a statement, Aetna said, “Through our outreach efforts, immediate relief program and this settlement, we have worked to address the potential impact to members following this unfortunate incident.” It is “implementing measures to ensure something like this does not happen again.”
In addition, Aetna said it is committed to implementing best practices to protect sensitive health information.
The plaintiffs in the class action lawsuit are represented by Berger & Montague, P.C. and the AIDS Law Project of Pennsylvania.
Aetna reaches another settlement with New York AG
Separately, Aetna rached a settlement agreement with the New York Attorney General’s Office regarding the same issue.
The insurance company agreed to pay $1.15 million to settle the investigation into the privacy breach of 2,460 New Yorkers’ HIV status.
Additionally, Aetna agreed to develop and maintain improved operating procedures to protect customers’ personal health information and personally identifiable information in mailings.
Furthermore, the insurance company agreed to hire an independent consultant to monitor and report on the settlement’s injunctive provisions.
AG Eric Schneiderman said, “Through its own carelessness, Aetna blatantly violated its promise to safeguard members’ private health information. Health insurance companies…have a fundamental responsibility to be vigilant in protecting their members. We won’t hesitate to act to ensure that insurance companies live up to their responsibilities…”