Insurer Breaches Client Privacy via Clear Envelope


The insurance company Aetna mailed around 12,000 letters which inadvertently revealed the beneficiaries HIV status due to type of envelope used.

A cease and desist letter was jointly sent by the Legal Action Center and the AIDS Law Project of Pennsylvania to Aetna, demanding they take corrective measures to, “ensure that this gross breach of privacy and confidentiality never reoccurs.”

The issue was caused by the size of the plastic address window on the envelopes, as well as the recipient's name and address part of the first three lines of text were also readable. The letters contained instructions for filling HIV drug prescriptions.

According to a statement from the Legal Action Center the letter was sent to individuals in Arizona, California, Georgia, Illinois, New Jersey, New York, Ohio, Pennsylvania, and Washington, D.C. 

Related Articles

“Aetna's privacy violation devastated people whose neighbors and family learned their intimate health information,” said Sally Friedman, Director of the Legal Action Center. “They also were shocked that their health insurer would utterly disregard their privacy rights.”

According to a letter sent to affected recipients, the aforementioned letters were sent on July 28 and Aetna were made aware of the error on July 31. The insurer wrote, “We then confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted within the envelope in a way that allowed personal health information to be viewable.” The company did not identify the vendor.

Attorney's from both the Legal Action Center and the AIDS Law Project of Pennsylvania said that further legal action is under consideration.

For more information visit LAC.org.