Insurer Aetna Inc. agreed to pay a $1.15 million civil fine in New York state and to improve its privacy protection policies after it mailed envelopes to clients that may have revealed HIV-related information, according to a statement by New York State Attorney General Eric Schneiderman and reported by CNBC.
This is the same privacy breach that resulted in a $17.2 million settlement that was announced last week. That lawsuit involved nearly 12,000 letters that were mailed in July 2017 across numerous states to clients taking HIV meds, including Truvada as pre-exposure prophylaxis (PrEP). Many of those clients said they experienced significant harm because of the breach—including vandalism and the loss of a home. (For more details, click here.)
The civil fine included 2,460 people across New York state, reports CNBC. In addition, Schneiderman’s office said it discovered a similar breach involving a September 2017 mailing to 163 New Yorkers living with atrial fibrillation, a heart condition.
“We have worked to address the potential impact to members following this unfortunate incident,” Aetna said in a statement, according to CNBC. “We are implementing measures designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information.”
In related news, CVS Health Corp. is buying Aetna for $69 billion.