Aetna Settles with States of Victims of HIV Meds Envelope Privacy Snafu

Case: Aetna is still paying for a disastrous miscalculation that may have revealed the HIV status of 12,000 beneficiaries that occurred in July 2017 when it mailed them information about their HIV medications in envelopes with a transparent window. Last January, the insurance giant settled a class action lawsuit for a staggering $17.2 million. (For the details of the case, see GCA, March 12, 2018). And now Aetna has agreed to shell out an additional $640K to settle three more claims brought by state attorneys general on behalf of the residents whose PHI may have been revealed as a result of the breach, including New Jersey ($365.2K), Connecticut ($100K) in Connecticut and Washington, DC ($175K). Significance: You don’t need to be reminded of the seriousness of HIPAA breaches. The real takeaway for lab managers: The measures the settlements require Aetna to take to ensure the privacy of patient mailings containing PHI, including: Using envelopes that obscure the contents; Ensuring that the return address contains no identifying information other than a P.O. box, city, state and ZIP code; and Putting a statement on the envelope front stating: “Confidential Legal Information—To Be Opened Only By the Addressee.”