Aetna settles the HIV disclosure survey for nearly $ 650,000

Diving Brief:

• Aetna has agreed to pay nearly $ 650,000 to three states and to the District of Columbia to settle charges that it has compromised the personal information of thousands of members of the regime in two breaches.
• The settlement is the result of a multi-state survey including New Jersey, Washington, Connecticut and DC Aetna, which was settled with New Jersey, Connecticut and DC for $ 365,000, $ 100,000 and $ 175,000, respectively . Washington State still determines the amount of its settlement.
• As part of the regulations, Aetna must update its privacy policy, its protocols and the training of its employees regarding personal health information. The company has also agreed to engage an external consultant to review and report on its efforts and to monitor compliance with the agreement.

Insight on diving:

The regulations stem from two shipments the company sent to policyholders in 2017, highlighting the dangers not only of cybercriminals, but also employee errors and negligence in the patient's privacy.

In July of the same year, Aetna revealed the HIV / AIDS status of 12,000 patients because the oversized transparent address window of the envelope allowed the words "HIV drugs" to be read. Then, in September, a letter to 1,600 registrants revealed that they had a heart problem by including the name and journal of an atrial fibrillation study on the envelope.

States and D.C. stated that Aetna had breached both the HIPAA requirements and national laws protecting personal health and privacy information for people living with HIV / AIDS.

"Companies in charge of protecting people's health information must avoid abusive disclosures," said New Jersey Attorney General Gurbir Grewal. "Aetna has failed here, potentially subjecting thousands of people to the stigma and discrimination that, unfortunately, can still accompany disclosure of their HIV / AIDS status."

A class action suit on behalf of those whose HIV / AIDS status had been disclosed had already been settled for $ 17 million earlier this year. The principal plaintiff in this case was not HIV positive, but took Truvada to prevent the disease. Other HIV-negative patients also received the letter even though they had stopped taking the medication.

An Aetna spokesman said the company "is working to address the potential consequences for members of this unfortunate incident, and we are putting in place measures designed to prevent this from happening again in our commitment to adopt the best practices of protection of sensitive health information. "