Health insurer Aetna reached a settlement with New Jersey for potentially disclosing the private health information of nearly 1,000 customers in the state. The case involves two separate mailings—one to people with HIV and another to those with a heart condition. As reports, as part of the settlement, Aetna will take steps to safeguard its customers’ privacy and pay a $365,000 penalty.

This is in addition to a $17 million–plus settlement reached with nearly 12,000 individual customers in several states.

That case stems from a class-action suit filed by customers with HIV over whether they were allowed to fill their prescriptions at brick-and-mortar stores as opposed to mail-order pharmacies. Aetna agreed that customers could get their meds at local pharmacies, but when a third-party administrator mailed customers a notification to that effect, it used envelopes with glassine windows that, in some cases, revealed the phrase “HIV Medication.”

That mailing went to about 12,000 people, including 647 in New Jersey.

In a similar case, the insurer sent out a mailing regarding the heart condition atrial fibrillation with customers[JM1] ’ health data visible through the envelope. Those letters reached 186 people in New Jersey, according to

“Aetna fell short here, potentially subjecting thousands of individuals to the stigma and discrimination that, unfortunately, still may accompany disclosure of the HIV/AIDS status,” New Jersey Attorney General Gurbir Grewal said in a statement quoted on the news site. “I am pleased that our investigation has led Aetna to adopt measures to prevent this from happening again.”

Aetna is now required to hire an independent consultant to ensure it properly protects its customers’ privacy.

For background on the Aetna cases, read “Aetna to Pay $17M Because It Mailed Envelopes Revealing HIV Info” and “Aetna Fined by NY State Over HIV Privacy Breach.”

And for a related article from April, see “Lawsuit Claims CVS Mailing Revealed the HIV Status of 6,000 Clients.”