黑料吃瓜网

础别迟苍补听听a lawsuit for $17 million Wednesday over a data breach that happened in the summer of 2017. The privacy of as many as 12,000 people insured by Aetna was compromised in a very low-tech way: The fact that they had been taking HIV drugs was revealed through the clear window of the envelope.

鈥淚 was shocked,鈥� said Sam, who distinctly recalls the day he received the notice in August. (Kaiser Health News and NPR agreed not to use his full name because he worries about how going public with his HIV status might affect his work.) The letter came to his mailbox in an apartment complex in New Jersey. He wasn鈥檛 directly involved in the lawsuit but says the letter hit a level of vulnerability he had never felt before.

鈥淚 haven鈥檛 disclosed my HIV status to my parents,鈥� said Sam, 36, who is a civil rights attorney. 鈥淟et鈥檚 say that letter had gotten forwarded to their house and someone happened to open the mail. Those were the types of things going through my mind.鈥�

In a statement, Aetna wrote:听鈥淭hrough our outreach efforts, immediate relief program and this settlement we have worked to address the potential impact to members following this unfortunate incident.鈥�

The insurer also said it is 鈥渋mplementing measures designed to ensure something like this does not happen again as part of our commitment to best practices in protecting sensitive health information.鈥�

In an ironic twist, the letters were sent in response to a settlement over previous privacy violation concerns. Aetna had required members to obtain HIV medications through mail-order pharmacies. The affected people had taken medication to treat HIV or to lower the risk of becoming infected with the virus, an approach called听, or pre-exposure prophylaxis.

Lawsuits filed in 2014 and 2015 alleged that policy was discriminatory, that it prevented patients taking HIV medicine from receiving in-person counseling from a pharmacist and that it jeopardized members鈥� privacy.

Aetna settled with the individual plaintiffs, changed its policy to allow members to fill HIV prescriptions in person at retail pharmacies, and, in turn, sent out notification letters to anyone who had filled prescriptions for HIV medications.

It was those notification letters that contained a large envelope window that exposed sensitive HIV information.

While the stigma surrounding HIV may be less severe than it used to be and treatments have improved greatly, Ronda Goldfein, director of the AIDS Law Project of Pennsylvania, said the reality is that serious discrimination still exists. That means protecting patient confidentiality is critical to ensuring people feel safe getting care.

As hundreds of calls from people who received the Aetna letter started coming into Goldfein鈥檚 office and others around the country, she learned of more harrowing and devastating experiences. She said she heard from one man who had homophobic slurs painted on his door when neighbors saw the letter. Other letter recipients felt the need to move out of their neighborhoods. For one woman, whose status became known in her tight-knit immigrant community, 鈥渟he stopped being able to function, she stopped being able to go to work, and she lost her job,鈥� Goldfein said.

Adrian Lowe (left), staff attorney with the AIDS Law Project of Pennsylvania, and Ronda Goldfein, an attorney and executive director of the AIDS Law Project, filed a class-action suit against Aetna over privacy breaches. (Elana Gordon/WHYY)

The AIDS Law Project of Pennsylvania and the Legal Action Center initially issued a demand letter in late August that the insurer stop the mailings. The company responded, setting up a relief fund for affected people and apologizing. 鈥淭his type of mistake is unacceptable, and we are undertaking a full review of our processes to ensure something like this never happens again,鈥� the health insurer said.

Goldfein and others听听than first thought: Up to 12,000 people had received it. Her agency, the Legal Action Center and Berger & Montague PC filed听.

The privacy breach as outlined in the proposed settlement was twofold: Aetna released the names of 13,480 people to its legal counsel and a vendor without proper authorization. Of those, 11,875 got the letter that revealed they were taking HIV medication.

The proposed settlement is awaiting approval in federal court, but in it Aetna has agreed to pay $17 million and set up new 鈥渂est practices鈥� to prevent something like this from happening again.

As part of the payout, the law firms are setting aside at least $12 million for payments of at least $500 to the estimated 11,875 people who may have received a letter exposing that information, acknowledging that 鈥渢he harm was in the status being disclosed,鈥� Goldfein said. Plus, people won鈥檛 have to file additional paperwork and go through more mailings pertaining to their HIV medications.

A fund will be set up for those who experienced additional financial or emotional distress. Individuals will be able to claim up to $20,000. The rest of the money will go toward legal fees and costs.

鈥淚t鈥檚 a much bigger settlement than ordinary identity theft scenarios, where an online database has been breached and the main injury people are claiming is that they might be victims of identity theft and maybe have their financial information compromised,鈥� said , a specialist in privacy law and data breaches at the University of Minnesota.

The amount may be unusual, but McGeveran also said low-level breaches like this aren鈥檛. Companies may be so focused on IT security that they overlook other ways that privacy can be breached.

鈥淭hey鈥檙e more common than people realize,鈥� McGeveran said. 鈥淭here鈥檚 so much attention to cybersecurity, and rightly so, but a lot of medical privacy concerns are much more analog than that. They鈥檙e about things being overheard, they鈥檙e about paper records and in this case it鈥檚 about a paper mailing.鈥�

Beyond the payout itself, she hopes the suit helps change the culture of companies when it comes to the attention paid to medical privacy, and the rights of people with HIV in particular. To highlight that, lawyers used 鈥淎ndrew Beckett鈥� as the pseudonym for the original plaintiff in the case, a Pennsylvania man from Bucks County.

It鈥檚 a nod to the Tom Hanks character in the 1993 film 鈥淧hiladelphia,鈥�听who was fired after his law firm found out he had HIV. This 鈥淏eckett鈥� is taking PrEP.

鈥淗IV still has a negative stigma associated with it, and I am pleased that this encouraging agreement with Aetna shows that HIV-related information warrants special care,鈥� the man known as Beckett said in statement.

This story is part of a partnership that includes , and Kaiser Health News.