CVS halts patient mailings that revealed HIV reference through envelope window

CVS Health sign
CVS Caremark mailed pharmacy benefit information to approximately 4,000 individuals that included the reference code "PM 6402 HIV," which was visible through a window in the envelope.

Just days after Aetna was hit with a lawsuit tied to a similar incident, CVS Health says it has halted mailings that inadvertently made a reference to HIV visible through a window in the envelope.

The incident occurred when the company’s pharmacy benefits management arm, CVS Caremark, mailed pharmacy benefit information to approximately 4,000 members of one of its clients, Ohio’s AIDS Drug Assistance Program, according to a statement from CVS Health. The mailings included a reference code for the assistance program—PM 6402 HIV—which was visible within the clear envelope window.

RELATED: Aetna mailings may have exposed members' HIV status

Product Spotlight

Top-Rated Mobile App for Health Insurance Members

Zipari’s Mobile App is the smarter, easier, and better way for payers to engage members on the go and directly in the palm of their hands. Members can find the right doctors, receive notifications, send messages, view claims, track spending, talk to a nurse, download ID card, and more. It’s ready to install and launch in a few months.

While CVS said the code was intended to refer to the name of the program, not the recipients' health status, it immediately halted the mailings as soon as it learned of the incident. The company also said it is taking steps to eliminate referencing that plan name in any future mailings.

“CVS Health places the highest priority on protecting the privacy of our patients and we take our responsibility to safeguard confidential patient information very seriously,” the statement said.

Still, AIDS activist Eddie Hamilton told the Washington Blade that he has filed a complaint about the mailing to the Department of Health and Human Services’ Office of Civil Rights (OCR).

The CVS incident came to light in the same week that a Philadelphia law firm filed a class-action suit against Aetna for its own privacy breach. In that incident, Aetna sent a letter to approximately 12,000 members that contained instructions for filling prescriptions for HIV medication—which in some cases was visible through a window in the envelope.

Two legal advocacy groups have said consumers told them the mailings seen by family members, roommates and neighbors of Aetna members, noting that disclosing a person’s HIV status risks exposing them to “violence, discrimination and other trauma.”

Aetna sent a letter in the third week of August to affected members notifying them of the breach, which it said it first learned about July 31. The insurer also said it is “undertaking a full review of our processes to ensure something like this never happens again.”

Further, Aetna has reported the incident to the OCR. Healthcare organizations are required to report privacy breaches that affect more than 500 individuals within 60 days of discovery.

Suggested Articles

The DOJ alleges the agreement would raise the likelihood of coordination and reduce their incentives to compete aggressively against each other.

Ginger banked a $50 million funding round backed by the venture arms of Cigna and Kaiser Permanente. Here's how it plans to use the financing.

The proposed change was tucked into a proposed payment rule released by the Centers for Medicare & Medicaid Services on Monday.