United States healthcare provider Aetna has apologised after letters sent to thousands of patients publicly displayed their HIV status.
The correspondence was sent to about 12,000 people to report a change in medication access.
The Legal Action Center, an advocacy group, called on Aetna to correct the mistake, which they argue could expose patients to discrimination.
They say it creates “a tangible risk of violence . . . and other trauma”.
The health insurer, which provides medical coverage to millions of Americans, said in a statement: “We sincerely apologize to those affected by a mailing issue that inadvertently exposed the personal health information of some Aetna members.”
It pledged “a full review of our processes to ensure something like this never happens again”.
In a follow-up letter sent to the affected customers last week, Aetna said the blunder happened on 28 July 2017, and they became aware of it three days later.
Aetna said it “confirmed that the vendor handling the mailing had used a window envelope, and, in some cases, the letter could have shifted”, allowing personal information to be seen.
No other details were visible through the plastic window, Aetna said.
Sally Friedman, the Legal Action Center legal director in New York, said: “Aetna’s privacy violation devastated people whose neighbors and family learned their intimate health information.”
She added that customers “were shocked that their health insurer would utterly disregard their privacy rights”.
Legal Action Center says that some customers have already filed complaints with federal and local regulators.
They add that additional legal action is being considered.