A security breach by a private company that contracted with Californias public health department inadvertently allowed unauthorized access to the HIV status of 93 people, according to a lawsuit filed this week in San Francisco County Superior Court.
New York-based nonprofit filed the against the contractor, , on behalf of the people whose confidential medical information was compromised.
People have a right to choose when and to whom to disclose their HIV status, said Jamie Gliksberg, a staff attorney for Lambda Legal, which supports LGBT rights. Their right was taken away from them with this breach.
The plaintiffs were all beneficiaries of the states version of the federally funded (ADAP), which low-income Californians with HIV and AIDS pay for their medications and insurance premiums. The California Department of Public Health hired A.J. Boggs in 2016 to handle enrollment for the program but terminated the contract last year.
The lawsuit alleges that A.J. Boggs violated a California state law that bars the release of public health records related to HIV and AIDS.
A.J. Boggs CEO, J. Clarke Anderson, declined to comment on the case, saying his company had not yet received the official complaint.
The California lawsuit is not the only one involving an inadvertent release of peoples HIV status. In January, health insurance giant for $17 million after some of the letters it sent to 12,000 patients in 2017 ironically, regarding a previous violation of privacy revealed through the envelope windows that they were taking HIV medications.
CVS Health faces a legal challenge in Ohio over allegations that it exposed the HIV statuses of 6,000 patients last year in the same way.
There has not been enough care given to peoples private medical information, specifically HIV patients, Gliksberg said. People living with HIV … need to know that health organizations are protecting the privacy and confidentiality of their status.
This week, reported that Grindr, adating app for the LGBTQ community, had provided the HIV statuses of its users to other companies. Grindr and said it would stop, though it noted it was a public forum and its users had the option not to post such personal details.
The California lawsuit alleges that the enrollment portal for the states AIDS drug program was left vulnerable to unauthorized third-party access in August 2016 and that the contractor didnt notice it for three months. During that time, enrollees medical information was improperly viewed, according to the suit. It said that the company had violated the trust placed in it to safeguard patient privacy.
The states public health department sent patients a letter about the security breach in April 2017. It said the department had determined that its contractor did not adequately protect patients personal information, and that the information may have been available to unauthorized third parties from Aug. 16, 2016, to Dec. 7, 2016.
One plaintiff, who declined to be named in the lawsuit or to talk to a reporter, said in a statement that the notification hit him like a ton of bricks.
I need these medications to live, and I could only afford them through ADAP, he said. That doesnt mean, however, that I want everyone to know my HIV status.
Lambda Legal is basing the suit on that plaintiffs experience, but is seeking class-action status. The goal of the lawsuit is to prevent future breaches, Gliksberg said.
The state hired A.J. Boggs despite the concerns of AIDS service organizations and the Los Angeles County Department of Public Health, which said the company had not adequately prepared for the task and that the transition was too hasty.
Kaiser Health News reported in January 2017 that after A.J. Boggs took over enrollment, some patients were unable to get their drugs or timely medical care. AIDS service providers and advocates said patients were turned away from pharmacies and others were dropped from the program for no reason.
After the state public health department discovered the security breach, it closed down the online enrollment portal. In March 2017, it fired A.J. Boggs, saying the companys performance threatened patients access to lifesaving medications. The department decided to determine eligibility and enroll patients in-house rather than hire a new contractor.
Since then, there have not been any new security problems, said Courtney Mulhern-Pearson, senior director of policy and strategy for the San Francisco AIDS Foundation. We are glad that the concerns were addressed and now we are working to get things back on track, she said.
窪蹋勛圖厙 News' coverage in California is supported in part by .
