Aetna will pay New Jersey $365,000 to settle two separate patient confidentiality breaches, and Humana will pay Texas $700,000 for an inadequate network in Houston, Austin, and San Antonio.
Aetna and Humana this week will each paid hundreds of thousands of dollars to resolve disputes with state regulators in New Jersey and Texas.
Aetna agreed to pay New Jersey $365,211 to settle two separate cases where the health insurer improperly disclosed health information in 2017, potentially affecting about 850 New Jersey residents.
Meanwhile, in an unrelated case, the Texas Department of Insurance fined Humana $700,000 for inadequate network coverage in three counties.
New Jersey Settlement
The two settlements with New Jersey resolve two health information breaches that occurred in the summer of 2017.
The first instance was part of a multistate investigation of a health information breach that potentially affected about 12,000 Aetna customers, including 647 New Jersey residents.
Investigators said Aetna relied on a third-party mailing service that used oversized, transparent glassine address window that unintentionally disclosed the customers' HIV/AIDS status and other health issues.
In January, Aetna reached a $17 million settlement in a class-action suit brought by the affected customers.
Under the settlement with New Jersey, Aetna will improve safeguards to protect health information and ensure confidentiality. The company will also hire an independent consultant to monitor compliance.
"Companies entrusted with individuals' protected health information have a duty to avoid improper disclosures," New Jersey Attorney General Gurbir Grewal said in a media release.
"Aetna fell short here, potentially subjecting thousands of individuals to the stigma and discrimination that, unfortunately, still may accompany disclosure of their HIV/AIDS status," he said.
Aetna's second breach occurred in September 2017 and involved a mailing sent to 1,600 people concerning a study of patients with AFib. The envelopes for the mailing included the name and logo for the study – IMPACT AFib – which could have been interpreted as indicating that the addressee had AFib. Approximately 186 New Jersey residents were included in the AFib mailing.
New Jersey and the other investigating states alleged that Aetna not only violated the federal Health Insurance Portability and Accountability Act (HIPAA), but also state laws pertaining to the protected health information of individuals in general, and of persons with AIDS or HIV infection in particular.
State investigators also alleged that the two data breaches contravened Aetna's representations to enrollees—made clear on the company website—that Aetna would safeguard their private health information through "extensive operational and technical protections" and its "commitment to information privacy and compliance with legislation such as HIPAA and state privacy laws."
Texas Fines Humana
The Texas Department of Insurance fined Humana $700,000 for an inadequate number of in-network anesthesiologists in the Houston, Austin, and San Antonio service areas.
Texas regulators said that customers of Humana, the fourth-largest insurer in the state, faced higher medical bills because they couldn't get in-network anesthesia services at more than 20 hospitals and surgical centers in three of the state's largest metro areas.
Texas insurance regulators contacted Humana in August after learning several of its network contracts for anesthesiology services had been canceled. Humana agreed to immediate corrective actions and to reprocess consumers' bills.
"Protecting consumers from balance bills was a priority in this case, and we've done that," Insurance Commissioner Kent Sullivan said. "Humana has agreed to process these as in-network claims. Not one Humana consumer will pay extra because of this network issue."
Sullivan said Humana submitted reports to TDI that included providers no longer in its networks and did not adequately or timely disclose the issue to the state or consumers.
"Texas has strict network adequacy standards, and we’re going to hold insurers accountable for meeting them," Sullivan said.
John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.
KEY TAKEAWAYS
Aetna hires independent contractor to monitor, improve health information safeguards.
Humana agrees to reprocess claims by affected customers in three metro areas.