Dive Brief:
- Aetna is facing a class-action lawsuit after the payer sent letters to patients last month that inadvertently made it easy to see the phrase "filling prescriptions for HIV" through the envelope address window, according to a report from Stat.
- The lawsuit filed Monday in a Pennsylvania federal court claims up to 12,000 people from more than 20 states were affected.
- The lead plaintiff (who filed under a pseudonym) is not HIV-positive, but was taking the prophylactic medication Truvada to prevent the disease. Other HIV-negative patients received the letter as well, even if they were no longer taking the medicine, according to the lawsuit.
Dive Insight:
While health systems are devoting more resources to protecting patient data with cybersecurity methods, breaches of confidential information can also happen from employee mistakes or a third-party vendor. Employee error or negligence and the presence of subcontractors or third parties are a frequent factor in healthcare data breaches.
The letters are just the latest complaint from patients taking HIV medication who say Aetna was violating their privacy by requiring them to receive their medicine through the mail. Aetna settled previous lawsuits in 2014 and 2015 related to the matter, rescinding the mail requirement and paying $24,000 to plaintiffs.
Aetna has not publicly commented on the latest court filing. After the breach, the payer apologized and said it would review processes “to ensure something like this never happens again.”
In a letter to Aetna last week, the Legal Action Center and AIDS Law Project of Pennsylvania said the “privacy violations have caused incalculable harm to Aetna beneficiaries," adding that “a number of the individuals who contacted the above-referenced organizations reported that family members and neighbors learned their confidential information regarding their use of HIV medication as a result of Aetna’s breach.”