Aetna Resolves HIPAA Violation Case with State AGs

October 17, 2018


In 2017, mistakes occurred with two Aetna mailings that led to the impermissible revelation of the protected health information of plan members, including HIV conditions and AFib analyses.

A class action court case was filed on behalf of the sufferers of the HIV status breach which was resolved for $17 million in January. Now Aetna has reached resolutions with the attorneys general for New Jersey, Connecticut, and the District of Columbia to settle the supposed HIPAA violations exposed during an inquiry into the secrecy breaches.

The first mailing was transmitted on July 28, 2017 by an Aetna business associate. Over-sized windowed covers were used for the posting, through which it was probable to see the names and addresses of plan members together with the words “HIV Medications.” Roughly 12,000 people received the mailing.

In September, a second mailing was dispatched for Aetna to 1,600 people. This similarly led to an impermissible revelation of PHI. In addition to names and addresses, the emblem of an IMPACT AFib study was evident, which indicated the person had been diagnosed with atrial fibrillation.

A multi-state inquiry was launched to probe possible violations of the Health Insurance Portability and Accountability Act (HIPAA) and state rules relating to the protected health information of state inhabitants, including the Consumer Protection Procedures Act in DC and the New Jersey AIDS Assistance Act.

The inquiry verified that in both instances there had been an impermissible revelation of protected health information, that Aetna failed to safeguard consumers’ secret health information, and that Aetna had cheated consumers concerning its capability to protect their health information.

Aetna has agreed to resolutions with the State of Connecticut ($99,959), the District of Columbia ($175,000) and a civil monetary fine of $365,211.59 will be paid to the State of New Jersey. Washington also took part in the inquiry but has yet to decide on a proper settlement sum.

“Businesses entrusted with persons’ protected health information have a responsibility to avoid incorrect revelations,” said New Jersey attorney general Gurbir Grewal. “Aetna fell short here, possibly subjecting thousands of people to the disgrace and discrimination that, unluckily, still might accompany revelation of their HIV/AIDS status. I am happy that our inquiry has led Aetna to adopt measures to avoid this from happening over again.”

“Every patient must feel assured that their insurance firm or health supplier will protect their secret medical information. Today’s action will avoid more disclosures and alerts other insurance businesses that they are accountable for safeguarding consumers’ confidential information,” said, District of Columbia attorney general Karl A. Racine.