CVS Caremark Suffers Envelope Breach Of HIV Information As Aetna Faces Lawsuit For Similar Issue
Pharmacy benefit information was mailed to about 4,000 members of Ohio’s AIDS Drug Assistance Program.
By Susan Morse, HEALTHCARE FINANCE
August 31, 2017
In another breach of privacy information regarding patients and HIV, CVS Caremark recently discontinued a mailing to Ohio patients because a transparent window revealed a reference to HIV.
As in the recent case involving Aetna, the patient’s name, address and an HIV reference were visible through the envelope window, according to CVS Health spokesman Mike DeAngelis.
“Our PBM, CVS Caremark, recently mailed pharmacy benefit information to approximately 4,000 members of our client, the state of Ohio’s AIDS Drug Assistance Program,” DeAngelis said. “A reference code for this assistance program included a series of letters and numbers (PM 6402 HIV) that were visible within the envelope window. This reference code was intended to refer to the name of the program and not to the recipient’s health status. No other protected health information was exposed.”
As soon as CVS Health learned of the incident it immediately halted the mailings. It is currently taking steps to eliminate the reference to the plan name in any future mailings, DeAngelis said.
Transparent windows in envelopes mailed to about 12,000 customers in 23 states by an Aetna vendor have led to a class action lawsuit against the insurer for breach of privacy.
The glassine window showed the Aetna member’s name and address, and in an unknown number of cases, the contents slipped to also reveal options for filling prescriptions for HIV medication.
Aetna learned of the issue on July 28 and said it was undertaking a full review of its processes.
CVS Caremark is CVS’s pharmacy benefit manager.
“CVS Health places the highest priority on protecting the privacy of our patients and we take our responsibility to safeguard confidential patient information very seriously,” DeAngelis said.