Aetna last month breached the privacy of some of its customers who are living with HIV when the Connecticut health-insurance company, which has major operations in the Philadelphia region, sent a letter with instructions on how to fill prescriptions for HIV medications.

The envelope had a plastic window that in some cases showed not just the customer's name and address, but also the names of medications, exposing some recipients' HIV status.

A redacted copy of Aetna’s envelope that was sent to a customer in Brooklyn.
AIDS Law Project of Pennsylvania
A redacted copy of Aetna’s envelope that was sent to a customer in Brooklyn.

The casual disclosure of a person's HIV status or use of HIV medication by Aetna is far more than a technical violation of the law, said Ronda B. Goldfein, executive director of the AIDS Law Project of Pennsylvania, in Philadelphia. "It creates a tangible risk of violence, discrimination and other trauma," she said.

The breach occurred on July 28, in a mailing to about 12,000 customers. Aetna first found out about the problem on July 31, the company told customers in a letter disclosing the breach.

"We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members. This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again," a company spokesman said in an email Thursday.