Aetna mailing breached HIV privacy of members

Earns Aetna
A sign on the campus of the Aetna headquarters, in Hartford, Conn

Aetna last month breached the privacy of some of its customers who are living with HIV when the Connecticut health-insurance company, which has major operations in the Philadelphia region, sent a letter with instructions on how to fill prescriptions for HIV medications.

The envelope had a plastic window that in some cases showed not just the customer’s name and address, but also the names of medications, exposing some recipients’ HIV status.

Camera icon AIDS Law Project of Pennsylvania
A redacted copy of Aetna’s envelope that was sent to a customer in Brooklyn.

The casual disclosure of a person’s HIV status or use of HIV medication by Aetna is far more than a technical violation of the law, said Ronda B. Goldfein, executive director of the AIDS Law Project of Pennsylvania, in Philadelphia. “It creates a tangible risk of violence, discrimination and other trauma,” she said.

The breach occurred on July 28, in a mailing to about 12,000 customers. Aetna first found out about the problem on July 31, the company told customers in a letter disclosing the breach.

“We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members. This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again,” a company spokesman said in an email Thursday.