logo
    • Magazine
    • Membership
    • Donate
  • Racial Justice
  • Economic Justice
    • Collections
  • Climate Justice
  • Health Justice
  • Leadership
  • CONTENT TYPES
  • Subscribe
  • Webinars
    • Upcoming Webinars
    • Complimentary Webinars
    • Premium On-Demand Webinars
  • Membership
  • Submissions

What Can Nonprofits Learn from Aetna’s Medical Information Breach? A Heads-Up to Boards

Sheela Nimishakavi
August 31, 2017
Share
Tweet
Share
Email
Print
Picture taken by AIDS Law Project of Pennsylvania.

August 30, 2017; Gears of Biz

After a mailing to customers possibly revealed the HIV status of nearly 12,000 of its members, Aetna was forced to send out a second letter to do damage control, saying, “We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members.” No nonprofit organization wants to find itself in this situation, and organizations both large and small can learn from Aetna’s mistake.

How did a major health insurance company make such a tremendous privacy breach? A review of the case indicates it is actually an easy to mistake to make and any organization could conceivably end up in the same situation if the necessary precautions are not taken.

Sign up for our free newsletters

Subscribe to NPQ's newsletters to have our top stories delivered directly to your inbox.

By signing up, you agree to our privacy policy and terms of use, and to receive messages from NPQ and our partners.

Aetna sent a letter to members who had HIV drug prescriptions to inform them of upcoming changes. According to an NPR report, the insurance company “confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted within the envelope in a way that allowed personal health information to be viewable through the window.” Pictures included in the NPR report show just how large the window on the envelope was, and clearly show that the first few sentences of the letter as well as the full name of the patient are visible.

Several Aetna members have indicated that family members learned about their HIV status through this medical information breach. While private information being leaked in general is a violation of trust, this problem is compounded by the fact that HIV still carries a stigma and HIV positive individuals may face discrimination from not only family and friends, but also employers. As a result, The Legal Action Center and the AIDS Law Project of Pennsylvania have filed a class action lawsuit against Aetna contending that the insurance company violated the Health Insurance Portability and Accountability Act (HIPAA), which essentially protects patients’ personal health information. Aetna could face fines up to $50,000 per violation.

Many nonprofit organizations have access to private information such as HIV status, sexual orientation, disability status, and more. And yet, some of these organizations do not hold themselves to the high security standards set forth by HIPAA and risk inadvertently revealing information about their constituents. Even unassuming communications can imply medical information. For instance, a postcard invitation to a support group from an organization that serves people with HIV can imply that the recipient has HIV or someone close to them does. This is not to say that nonprofits should halt all communications, but they should have policies in place that prevent information leaks due to negligence, and this is the responsibility of the board to ensure.—Sheela Nimishakavi

Share
Tweet
Share
Email
Print
ABOUT THE AUTHOR
Sheela Nimishakavi

Sheela Nimishakavi is a nonprofit finance and operations professional with a passion for creating socially just and inclusive communities. She has held senior management positions at several community based organizations addressing access to healthcare and services for persons with disabilities, currently serving as the Director of Operations of the Brain Injury Association of Virginia. After working in the nonprofit field for over a decade and seeing many organizations struggle with the administrative requirements of running a nonprofit, Sheela founded ThirdSuite, a consulting firm that offers nonprofit administrative services and trainings to help organizations increase their capacity and further their mission. Sheela received an MA/MPH in Health Policy and Management from Boston University School of Public Health, and a BS in Neurobiology, Physiology and Behavior from the University of California, Davis. She currently serves on the boards of the Central Virginia Grant Professionals Association and Empowering People for Inclusive Communities.

More about: right to privacyManagement and LeadershipNonprofit News

Become a member

Support independent journalism and knowledge creation for civil society. Become a member of Nonprofit Quarterly.

Members receive unlimited access to our archived and upcoming digital content. NPQ is the leading journal in the nonprofit sector written by social change experts. Gain access to our exclusive library of online courses led by thought leaders and educators providing contextualized information to help nonprofit practitioners make sense of changing conditions and improve infra-structure in their organizations.

Join Today
logo logo logo logo logo
See comments

NPQ_Winter_2022Subscribe Today
You might also like
Hierarchy and Justice
Cyndi Suarez
Salvadoran Foreign Agent Law Threatens Human Rights Movements
Devon Kearney
Charitable Tax Reform: Why Half Measures Won’t Curb Plutocracy
Alan Davis
Healing-Centered Leadership: A Path to Transformation
Shawn A. Ginwright
Into the Fire: Lessons from Movement Conflicts
Ingrid Benedict, Weyam Ghadbian and Jovida Ross
How Nonprofits Can Truly Advance Change
Hildy Gottlieb

Upcoming Webinars

Remaking the Economy

Black Food Sovereignty, Community Stories

Register Now
You might also like
Hierarchy and Justice
Cyndi Suarez
Salvadoran Foreign Agent Law Threatens Human Rights...
Devon Kearney
Charitable Tax Reform: Why Half Measures Won’t Curb...
Alan Davis

Like what you see?

Subscribe to the NPQ newsletter to have our top stories delivered directly to your inbox.

See our newsletters

By signing up, you agree to our privacy policy and terms of use, and to receive messages from NPQ and our partners.

Independent & in your mailbox.

Subscribe today and get a full year of NPQ for just $59.

subscribe
  • About
  • Contact
  • Advertise
  • Copyright
  • Careers

We are using cookies to give you the best experience on our website.

 

Non Profit News | Nonprofit Quarterly
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.