Staff Writer Jax Gay
An insurer has paid a settlement of more than $17 million after it accidentally outed people with HIV.
Aetna, a US-based health care insurance company, had faced legal action over letters sent in large transparent envelopes to around 12,000 customers living with HIV last year.
The letters, which contained new instructions for filling prescriptions, were sent to all customers taking medication for HIV treatment, as well as those taking HIV-preventing pre-exposure prophylaxis (PrEP) drugs.
In a shocking lapse, information about the HIV status of the patients was printed to be clearly visible through the plastic window of the envelopes, below the address.
HIV campaigners say the lapse has left many people “devastated” as their HIV status was unlawfully disclosed to anyone who happened to see the envelope.
The case was settled this week – with the insurer making a massive payout to victims.
Under the terms of the proposed settlement, which is now subject to the Court’s approval, Aetna has agreed to pay $17,161,200 to resolve the claims.
Under the settlement, 11,875 people who had their HIV status shared are entitled to receive at least $500 each.
An additional 1,600 patients are entitled to $75 as their names and other information was disclosed.
In a release Ronda B. Goldfein, executive director of the Philadelphia-based AIDS Law Project of Pennsylvania, said that because stigma associated with HIV is still pervasive, some people who received the mailing were forced from their homes or suffered irreparable damages to relationships with friends, relatives, and neighbors.
He said: “The fear of losing control of HIV-related information and the resulting risk of discrimination are barriers to health care.
“This settlement reinforces the importance of keeping such information private, and we hope it reassures people living with HIV, or those on PrEP, that they do not have to choose between privacy and health care.”
Among those sent the mailing was ‘Andrew Beckett’, a Pennsylvania resident who became the lead plaintiff in the nationwide class action lawsuit.
Beckett is not HIV-positive but takes PrEP, a pre-exposure prophylactic that prevents HIV.
He said: “HIV still has a negative stigma associated with it, and I am pleased that this encouraging agreement with Aetna shows that HIV-related information warrants special care.”
Sally Friedman, legal director of the New York City-based Legal Action Center, said: “The settlement provides a fair and just way to compensate class members for their harm while also requiring practice changes to prevent future breaches.
“The settlement’s magnitude will help restore the dignity and voice of those affected.”
Shanon J. Carson, a managing shareholder of Berger & Montague, P.C., added: “Not a day has gone by that I and my colleagues have not paused to think about the individuals and their families who have been affected by this breach, and we are glad that this settlement will bring closure and a remedy to this situation.”
Torin A. Dorros, managing attorney of Dorros Law, which filed a subsequent lawsuit in California over the issue, called the outcome “a very significant resolution for all those affected and a landmark settlement in the area of protecting consumers’ health information and privacy.”
Patients in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania, and Washington, D.C were impacted.
In the UK, a sexual health clinic was hit with a massive fine in 2016 after accidentally leaking a list of HIV-positive patients on an email chain.
56 Dean Street made the slip when it sent an email newsletter to patients at its HIV clinic – but failed to prevent recipients from seeing eachothers’ details – revealing the names and email addresses of 780 people.
Health Secretary Jeremy Hunt slammed the breach as “completely unacceptable”, and Chelsea and Westminster Hospital NHS Foundation Trust, which runs the clinic, was fined £180,000 over the data breach.
Information Commissioner Christopher Graham said: “People’s use of a specialist service at a sexual health clinic is clearly sensitive personal data. The law demands this type of information is handled with particular care following clear rules, and put simply, this did not happen.
“It is clear that this breach caused a great deal of upset to the people affected.
“The clinic served a small area of London, and we know that people recognised other names on the list, and feared their own name would be recognised too.
“That our investigation found this wasn’t the first mistake of this type by the Trust only adds to what was a serious breach of the law.”