Aetna has agreed to pay out over $7 million to settle a class action lawsuit after it accidentally outed HIV/AIDS patients, as well as individuals taking medications to prevent contracting the illness.
The insurer sent out letters this past summer to some 13,487 individuals that constituted a privacy breach by giving its law firm and a mail vendor their names and confidential health information.
Almost 12,000 people were sent letters with windows that were too large, showing not only their names and address, but also revealing the text of the note, showing they were prescribed HIV medications. They are each entitled to $500 from the settlement.
Another 1,600 individuals did not have their HIV status revealed through the mailing. The suit alleged that they too were victims of a breach of privacy, however, because Aetna shared their private health information. Those individuals are each entitled to $75.
Some plaintiffs reported being kicked out of their homes over the mailing, or that their interpersonal relationships, with friends, family, and neighbors, were damaged as a result. It alleged that Aetna violated the federal patient privacy law, the Health Insurance Portability and Accountability Act (HIPAA), and several state laws.
Aetna agreed to pay out a total of $17,161,200 on January 16.
Sally Friedman, an attorney at the Legal Action Center told BuzzFeed News that the settlement “sends a really strong message to people living with or at risk of HIV that their privacy is valued and those who violate privacy laws will pay a steep price.”
“HIV still has a negative stigma associated with it, and I am pleased that this encouraging agreement with Aetna shows that HIV-related information warrants special care,” the lead plaintiff, who was prescribed PrEP said in a statement.
“Through our outreach efforts, immediate relief program, and this settlement we have worked to address the potential impact to members following this unfortunate incident,” said a spokesperson for Aetna in a press release.
“In addition, we are implementing measures designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information.”