Aetna settles with California in HIV-related privacy breach
SACRAMENTO, Calif. — Aetna will pay $935,000 after one of its vendors sent letters to California patients that revealed via a window on the envelopes that the recipients were taking HIV-related medications, officials said Wednesday.
The settlement resolves allegations that Aetna violated state health privacy laws, California Attorney General Xavier Becerra said.
Nearly 2,000 Californians — and 12,000 people nationwide — received the revealing letters in 2017.
“A person’s HIV status is incredibly sensitive information and protecting that information must be a top priority for the entire healthcare industry,” Becerra said.
Aetna has since implemented measures “designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information.to help ensure such a breach never happens again,” the Connecticut-based insurance giant said in a statement.
Under the settlement, Aetna must complete an annual privacy risk assessment for three years.
The victims have received over $17 million in compensation through a private class action settlement, according to a statement from Becerra’s office.