A Cautionary Tale: Aetna Mailer Breaches Patient HIV Status

Health insurance provider Aetna is under fire for the accidental exposure of their clients’ HIV status.

Not all HIPAA violations come in the form of improperly disposed files. A recent mailer sent out by insurance giant Aetna revealed the HIV status of approximately 12,000 customers, all because of an ill-fitting mailer envelope.

According to news sources, Aetna is under fire for sending out a mailer detailing information on about prescription orders, specifically for HIV drugs, to several thousand of its customers. Instead of just revealing an addressee, the envelope window made partly visible information about filling HIV prescription medication, although it is unclear how many of the letters were affected, mainly because it depends on how each letter was positioned in the envelope.

“We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members,” Aetna said in a statement about the incident. “This type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again.”

Aetna was served a cease-and-desist letter from The Legal Action Center in New York City and the AIDS Law Project of Pennsylvania, the agencies citing that the incident caused “incalculable harm to Aetna beneficiaries.”

Aetna confirmed that the vendor handling the mailing used a window envelope, of which many letters had “shifted,” thus causing the information to be revealed.

While further legal action is being considered, no other updates on the incident remain.

Despite our technology-centered society, mail is still relevant because mail is tangible. When it comes to privacy matters and HIPAA compliance, mail is often safest because of the federal protections on the USPS. Mail is delivered directly to customers’ hands, and statistics show that they are more likely to not only receive, but read the information. Unfortunately, when it comes to sensitive information, facilities need to employ the use of the right-fitting envelope, lest they risk information exposure, just as Aetna has done to its customers.

This is a cautionary tale to companies who send out mailers that would otherwise contain sensitive information; know who is handling your mail services, approve any and all elements, such as envelopes, and ensure the only visible information is the addressee as not to compromise your customers’ privacy.

When notification letters are sent by post, providers should pay close attention to other elements the envelopes may contain. A patient or customer may not want the mail carrier, spouse, or children, to see an envelope printed with the name of a clinic or insurance agent on the front. More than that, any exposure of sensitive information can easily be a violation of HIPAA, which will not only result in hefty fines, but legal action as well.

You Might Also Like:


Service Areas: Florida Shredding; Orlando Shredding; Tampa Shredding; Naples Shredding; New York Shredding; Westchester Shredding; Long Island Shredding and more!