California Attorney General Xavier Becerra on Wednesday announced a $935,000 settlement with Aetna Incorporated which resolves allegations that the company violated California health privacy laws. Aetna is a health insurance company based in Connecticut. In 2017 a mailing error by a vendor for Aetna resulted letters which revealed through an oversized clear window on mailed envelopes that the recipient was taking HIV-related medication being sent to 1,991 Californians.
"A person's HIV status is incredibly sensitive information and protecting that information must be a top priority for the entire healthcare industry," said Becerra. "Aetna violated the public's trust by revealing patients' private and personal medical information. We will continue to hold these companies accountable to prevent such a gross privacy violation from reoccurring."
Aetna reportedly mailed letters to approximately 12,000 people nationwide, including the nearly 2,000 letters sent people in California.
The terms of settlement require Aetna to implement and maintain specific mailing procedures that preserve patient confidentiality. That includes taking steps to ensure that medical information is not visible through the window of envelopes. Additionally, Aetna must designate an employee to oversee Aetna’s revised mailing program, compliance with state and federal privacy laws, and management of external vendors who handle medical information. Aetna is also required to complete an annual privacy risk assessment evaluating compliance with the terms of the settlement for three years.
According the California Department of Justice, the settlement announced on Wednesday is subject to court approval.
The victims have additionally received over $17 million in compensation through a private class action settlement.