Aetna to Pay California $935K for HIV Envelope Privacy Fiasco

Case: The price tag for the privacy snafu that occurred in July 2017 when Aetna mailed12,000 beneficiaries sensitive information about their HIV medication in envelopes with a transparent window keeps going up. In January 2018, the insurance giant settled a class action lawsuit for $17.2 million. (For the details of the case, see Lab Compliance Advisor, March 12, 2018). Now, Aetna is settling with the states of the beneficiaries. After agreeing to pay $365.2K to New Jersey, $175K to Washington, D.C. and $100K to Connecticut, Aetna has concluded its most expensive state settlement to date: $935K to California. Significance: You don’t need to be reminded of the seriousness of HIPAA breaches. The real takeaway for lab managers: The measures the settlements require Aetna to take to ensure the privacy of patient mailings containing PHI, including: Using envelopes that obscure the contents; Ensuring that the return address contains no identifying information other than a P.O. box, city, state and ZIP code; and Putting a statement on the envelope front stating: “Confidential Legal Information—To Be Opened Only By the Addressee.”