Aetna settles HIPAA breaches affecting nearly 18,500 members

Aetna agreed to pay the Office for Civil Rights $1 million to settle three separate HIPAA violations, HHS said Oct. 28. 

Five things to know: 

1. The breaches all took place within a six-month period in 2017 and affected nearly 18,500 members.

2. The first took place in April 2017. Aetna found two web services that displayed plan-related documents allowed those documents to be accessible without login credentials. Aetna said 5,002 individuals were affected by the breach, which disclosed names, insurance identification numbers, claim payment amounts, procedure service codes and dates of service.

3. The second took place in July 2017. Aetna mailed members benefit notices in which members' names, addresses and the words "HIV medication" could be seen through envelope windows. Aetna said 11,887 individuals were affected by the breach.

4. In September 2017, Aetna mailed a research study to members. The mailing contained the name and logo of the atrial fibrillation, or irregular heartbeat, research study in which they were participating. Aetna said 1,600 individuals were affected by the breach.

5. Aetna agreed to adopt a corrective action plan as part of the insurer's settlement.

More articles on payers:
CHI St. Luke's threatens split with Molina, 2nd insurer this week
ProMedica health plan to terminate Ohio hospital's in-network status
UnitedHealthcare to send members kits with COVID-19 tests, Tamiflu

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.