Aetna has settled a $17 million class-action suit brought against it after the insurance giant accidentally revealing the HIV status of more than 12,000 customers.
In July 2017, Aetna members were sent information about a change in pharmacy benefits, but text visible through the window on the envelopes listed the patients’ names and indicated how they would now fill prescriptions for HIV medications or PrEP.
HIV status of thousands revealed on envelopes mailed by insurer.
— joe rojas-burke (@rojasburke) August 24, 2017
“People have been devastated,” Sally Friedman, legal director at Legal Action Center (LAC) told STAT News in August. “We’ve had a number of people tell us they had chosen not to disclose their HIV status to family members, but this is how their family members found out.”
The settlement include a base payment of $500 to everyone whose privacy was breached by the envelopes, with another 1,600 customers receiving $75 for the disclosure of their private information to Aetna’s legal counsel and mail vendor.
Customers can also request compensation up to $20,000 for out-of-pocket expenses or “emotional distress damages.”
As part of the settlement, Aetna has agreed to create a best practices document, “with the goal of preventing this type of event from ever occurring again,” said Rhonda Goldfein, executive director of the AIDS Law Project of Pennsylvania, which helped represent the patients. “This is, as far as we can tell, the largest data breach involving HIV-related privacy.”
Aetna says it’s working hard to prevent another similar breach in the future.
“Through our outreach efforts, immediate relief program and this settlement we have worked to address the potential impact to members following this unfortunate incident. In addition, we are implementing measures designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information.”
The settlement is still subject to approval by federal courts.