Posted By HIPAA Journal on Feb 1, 2019

Share this newsletter on:

Hartford, CT-based well being insurer Aetna has agreed to pay the California Attorney General $935,000 to unravel alleged violations of state regulations associated with a 2017 privateness violation that revealed state citizens’ HIV standing.

On July 28, 2017, Aetna’s mailing seller despatched letters to plot contributors who had been receiving HIV medicines or pre-exposure prophylaxis to forestall them from contracting HIV. The letters contained directions for their HIV medicines; then again, details about the HIV medicines used to be obviously visual during the window of the envelopes, ensuing within the impermissible disclosure of extremely delicate knowledge to postal staff, buddies, members of the family, and roommates.  Approximately 12,000 folks had been despatched letter, 1,991 of whom lived in California.

The privateness breach used to be a contravention of HIPAA Rules, and consistent with California Attorney General Xavier Becerra, additionally a contravention of a number of California regulations together with the Unfair Competition Law, the Confidentiality of Medical Information Act, the Health and Safety Code (phase 120980), and the State Constitution.

In addition to the monetary penalty, the agreement settlement calls for Aetna to designate an worker to enforce and handle its mailing program, oversee compliance with state and federal regulations, and the control of exterior distributors to verify they care for clinical information in compliance with state and federal regulations and Aetna’s insurance policies and procedures. Aetna could also be required to finish an annual privateness possibility overview to guage compliance with the phrases of the agreement for the following 3 years.

“A person’s HIV status is incredibly sensitive information and protecting that information must be a top priority for the entire healthcare industry,” stated Attorney General Bercerra. “Aetna violated the public’s trust by revealing patients’ private and personal medical information.”

The privateness violation has confirmed dear for Aetna. In January 2018, Aetna settled a category motion lawsuit filed on behalf of sufferers of the breach for $17,161,200. Also in January, Aetna agreed to pay the New York Attorney General $1,150,000 to settle its case and unravel alleged HIPAA violations and breaches of state legislation.

An additional $640,170.59 used to be paid to settle a multi-state motion by means of Attorneys General in New Jersey, Connecticut, Washington, and the District of Columbia. The newest agreement brings the overall monetary consequences issued up to now with regards to the breach to $2,725,170.59.