This is the kind of thing that induces panic attacks in my business because so much time is spent on the look and feel of any letter going out to customers, and so little time is spent on the finished product (ie QA process for the letter in the envelope). It's probably not a matter of the company being evil (although Aetna could probably be described that way at times). It's more than likely 1) the lack of proper procedure in place regarding mass mailing, 2) the lack of a standardized Quality Assurance program, and/or 3) a 3rd party was contracted out by Aetna to do the mass mailing and they you could probably wrap back through #1 and #2 for them as well.
None of scenarios can diminish just how awful this is of course. There are some things you can get wrong on that envelope that are bad, but not really livelihood threatening. This is life changing for a huge number of people I'm sure, and the companies involved should be held accountable for the breach.
>To contract this out would be a terrible breach of protocol.
That's false. HIPPA covered entities are allowed to engage contractors, who are allowed to handle protected health information (they also must comply with HIPPA, of course).
Note that the USPS also scans and stores images of the front and back of all mail it delivers, even if you don't opt in for their digital delivery service[0]. So this means that the USPS - and anybody else with access to their images, which includes law enforcement - now knows the HIV status of these people.
Scarier point: USPS probably knows without that. If these letters are sent out in batches and the envelopes/timing/vender is unique, then all it takes is knowing that 1 letter is abut HIV and then you know all of them are without ever seeing the content.
If you know how to "don't take no for an answer" I'll say optimistically, you'll be alright.
My experience with my wife's health care (Aetna) has been that she will call, try to get an issue resolved, be told "there is no resolution possible" enough times by enough different people that she is ready to give up. Then we call together, and suddenly the story changes.
The particular issue we were dealing with, is not really important, but tl;dr I almost wound up with two health insurances because I tried to stay insured and cover my bases when I was changing jobs, and nobody needs two health insurances.
They tried to tell us we couldn't cancel when I got a new job that came with better coverage for less. I thought that was a qualifying event! But, through some nonsense technicality we would not be allowed to cancel during the plan year, and even though I'd never made a claim and we were making quarterly payments, we'd be on the hook for the remainder of payments for the whole year. (This is illegal, I'm sure of it.)
The best advice I can give you is, know your rights and how to assert them. Good luck with that though, health care in this country is byzantine and I had the benefit of people in my family that work in health care administration who could help me understand.
1) know who to appeal to outside the company. This is the nuclear option. It's usually listed in fine print on every paper denial.
2) "My (partner) works in insurance. He does shit like this for a living. Please don't make me have to (goto 1)".
3) Feel free to cite the law where relevant, on paper, certified mail. The response is invariably "this is wrong, you misunderstand the law, but we will make an exception and (follow the fucking law this once.)"
I was in health insurance, management level, before I went into medicine.
This is not something I'd recommend. Any lapse in payment will be used to suspend your policy in the future in the event you get flagged as a high-expense patient, backdated to the period you didn't pay your premiums on time.
Pay on time, keep documentation you paid on time. Hell, turn on autopay and keep documentation on -that-.
Don't ever think you can hold your premiums hostage. You'll only be screwing yourself.
Edit: if you're referring to clinic bills, be sure you're in active communication with the practice manager so you don't get sent to collections. If it's a hospital, you'll be sent to collections anyway - they automate that process, once you're sufficiently late.
I wonder if they meant that you shouldn't pay providers until things are sorted out. I agree that you need to pay your premiums, but doctors and hospitals will just send you to collections. Still not a great option, but it does keep the money in your pocket until things are sorted out. (Of course, I wouldn't do this unless I was very sure I was right, also, so that any collections issues would be an insurer/provider error.)
It is (also) their problem. If they're in the network, they've agreed to certain terms as well.
I'm not saying skip out on your bills. I'm saying that the provider and insurance need to figure the bill out. I'm not floating a provider in my network so that I can fill out a ton more paperwork to get reimbursed eventually.
And yes, they do make errors in major ways. Just two years ago, I got as though I hadn't made my deductible. It was a $2500 difference. It's much easier to have a provider refile to get their money than for me to pay them and then work through the insurer's system to get reimbursement.
As far as your provider is concerned, whether your insurance should pay or not isn't really their problem. I have never been somewhere that did not make me sign a form saying that I agreed to be responsible for whatever my insurance did not pay.
We had a very similar experience with Blue Cross for many years. I'd swear they have an RNG that randomly denies claims 80% of the time. You just had to fight each one on the phone.
The people on the phone only had the apparent authority to "send the claim through the system again". About a month later you'd find out what happened. If denied again, we would just repeat until we eventually got lucky with the RNG.
They did eventually pay everything they should have, but we'd average about two hours on the phone per doctor visit.
What floors me is how no one has disrupted this field yet. I have seen a few ground zero startups trying to disrupt healthcare. Make it more effecient, cut out fraud, etc but so far no one is making a dent.
Why is it so hard for some smart young folks to come along and hammer out solutions to accomplish less fraud, easier, and faster to use systems etc?
It seems like it's really REALLY hard to bust up this abortion we call healthcare in the US.
This is because anybody who knows what's going on wants health insurance outlawed. Everyone else just wants to milk sick people for every dime they have.
With specific exceptions (medical devices - those Rascal ads are there for a reason) there generally isn't a ton of fraud. What there is is a lot of middlemen each taking their own cut, which cumulatively adds up to a lot of overhead. It's the "efficiency" part that you mention.
Efficiency is a tough nut to crack but there are organizations like Kaiser Permanente that have been very successful with a vertical integration model to cut this overhead. The problem is that it's a political fight every step of the way - doctors, hospitals, insurance companies, and drug makers each have their own extremely powerful lobbies who will spend lavishly to keep their cut of the profits flowing.
Which is why we're actually moving in the opposite direction - the ACA moves away from this type of integrated care organization and towards a fee-for-service model. The idea is to have the consumer be the one choosing the cheapest MRI provider or whatever - but in practice the pricing is still entirely opaque and the public are more or less thrown to the wolves. The finest health-care plan the Heritage Foundation could devise...
And of course everyone has their own idea of how to improve efficiency, all of which translates into a lot of paperwork and red tape. That is why your insurance denies claims after all - "efficiency" (airquotes). It creeps into every aspect of medical care, especially anything having to do with Federal dollars (Medicare/Medicaid). And to be fair a lot of it is justified, it is an uphill battle to get providers to adopt even basic best-practices like checklists during surgical procedures ("remove and count all 5 pieces of gauze before you close the patient"...). Another thing that doctors fight tooth and nail is clinical decision-support tools - even though these are a value-add for the physician in many cases (did you want to order that test with contrast or without? A family doctor may not know.)
(disclosure: I worked on such a tool at my current employer)
One little-addressed area of extreme waste is generic drugs. The idea is that once your patent expires (after decades of "patent evergreening" of course) anyone can make your drug - but in practice that's not how it works, one company just dumps product on the market at cost until everyone else leaves the market, at which point they are once again free to charge whatever they want. The overhead costs of starting drug production is quite high, and in practice it's more difficult for new drugs to claim bioequivalence because the drugs involve biological steps in their production. A company is not obligated to share the organisms used in their production process and if a competitor creates their own they must repeat FDA approval processes, which are inordinately expensive.
There's a very interesting Vox piece where the author was trying to obtain an estimate of how much his son's birth would cost [1] (the video is much more informative than the article).
Suffice it to say he was impressively unsuccessful, but it gives very interesting insight into how and why the problem is so complex, just from a consumer's perspective.
You shouldn't be downvoted for normal and reasonable questions, or even for self doubt.
Aetna is terrible. The lobby against healthcare reform at every turn. They didn't want obamacare/ACA they didn't want to compete accross state lines, they want to be able to exempt people from pre-existing conditions, they want to give people the run-around.
They are not trustworthy and they are run by bad people. (don't beat up on their phone agents though, they are just trying to make ends meets).
Competing across state lines means all insurance will be regulated by the state with rules that most favor the insurer, it isn't all that likely to be good for consumers.
The banking renaissance in South Dakota is a result of a similar situation.
> Competing across state lines means all insurance will be regulated by the state with rules that most favor the insurer
Not really; states are still free to set additional requirements for insurance plans that cover members of that state.
To be honest, competing across state lines would not actually do much in the long run. It'd provide an extra degree of competition in the short-term, but ultimately then insurers would consolidate into multistate operations (which is already the case to a large degree).
(b) Exemptions From Covered Laws in a .—Except as provided in this section, a health insurance issuer with respect to its offer, sale, rating (including medical underwriting), renewal, and issuance of individual health insurance coverage in any secondary State is exempt from any covered laws of the secondary State (and any rules, regulations, agreements, or orders sought or issued by such State under or related to such covered laws) to the extent that such laws would—
Of course it spells out a bunch of situations where the secondary state would still have authority, but reducing the ability of states to regulate sure seems to be one of the goals there.
Many credit card companies are headquartered in Delaware because that state doesn't place any limits on interest rates for credit facilities, iirc. States don't always negotiate well and may opt to enrich themselves at the expense of consumers in other states. This is a problem with letting the market dictate solutions; more often than not, things will tend towards a lowest-common denominator, and the financial incentives for firms, consumers, and states are often perversely aligned.
It seems insurer's scream louder about the "insuring across state lines" bit then they did against Obamacare in my estimation. On that metric alone I estimate that it will be more effective.
Don't forget about pulling out of the ACA in some states to try to make it look like the merger they wanted to do wouldn't harm competition and then lying about it.
>(don't beat up on their phone agents though, they are just trying to make ends meets).
I've gotten very tired of this. Every time I'm on calls like this now I gently suggest to the phone agent that they know that what they are doing
contributes to a system that hurts people and that they should try to do something more with their lives.
Don't scream or bluster. Do it with gentleness and respect and get ready to be occasionally very surprised at the results.
I worked in a call center during high school. Everyone is there just for the paycheck. These call centers are usually in places with terrible economies and these centers are the only job option for many people.
I worked alongside many people in their 60s. Imagine doing that as a retirement plan.
I accept that it sounds intensely condescending and harsh. I present it as an alternative to either screaming profanity (which they hear non-stop, all day), or meekly accepting the "there's nothing that can be done" lie they are instructed to feed you to get you off the phone in minimum time.
Nine times out of ten, you'll get a dismissive hangup but every once in a while it shatters the script and you'll get a quick story of someone trapped in a bad situation and then a quick word of advice on how to proceed in a a way that will get results.
Its a rhetorical phone nuke. Use it carefully. I started using it about 5 years ago when I noticed that the "heartfelt plea" had utterly stopped working.
I also use it often when "Microsoft tech support" calls me to tell me that they have detected that my computer has a virus. Its a touch more appropriate in that situation.
That's intentionally built into the regulation though, if you can not carry a plan and then sign up for coverage whenever you need it, it isn't anything resembling insurance anymore.
People are still really critical of the current regulation, where you can sign up during the enrollment period without any penalty.
No, probably not, but in the current conditions in the United States it's not like you have any choice as to whether you want to participate in for-profit medicine.
Not internally, but at least in the US you see lots of attempts to cut budgets of government programs. Even a modest budget cut could have a big impact on the level and quality of service of a government health system.
Tons of government programs have wait lists because they don't have enough money. And other programs don't give people enough, because the program doesn't have enough to do so.
Any government run healthcare would be money constrained the same way, and they would have to do exactly the same as the insurance companies to try to save money in order to have enough to at least give the impression of being fair to everyone.
The issue here is not for-profit insurance companies, it's that there is no competition on the Doctor side of things, so costs just go up and up and up.
This is true, but I'd like to qualify this by saying that all of the for-profit insurers (and most of the non-profit ones) are terrible. Generating revenue is in direct conflict with providing patient care which is a fundamental flaw in the setup. It's a uniquely American problem.
> Generating revenue is in direct conflict with providing patient care
Without revenue, there's no money to use to actually provide care.
> It's a uniquely American problem.
It's not at all. Aside from the fact that most of the world uses at least some degree of privatization in providing or paying for healthcare, even the few that don't do so at the metaphorical "last mile" (such as England) still suffer from the unavoidable problem that money isn't infinite, and sometimes decisions have to be made to deny people care that otherwise still would have a material benefit to the patient.
In most developed nations outside America, a doctor's opinion carries more administrative weight. There may be an administrator, but if a doctor says a procedure is to be done, the payment can generally follow. A doctor is like an officer in that regard.
In America, the insurance company and their payment policies carry more weight than the doctor's decisions. This matters a great deal if you have a traumatic accident and require many surgeries, as happened to a friend of mine. In America, if you have a trauma, you are recommended to get a lawyer immediately to help your medical expenses be handled properly. Think about that... in America, if you get hurt, you need a lawyer almost a badly as you need a doctor. Not because you need to sue the cause, but because you need to encourage the insurance company. There's something fundamentally miserable about that.
> In most developed nations outside America, a doctor's opinion carries more administrative weight. In America, the insurance company and their payment policies carry more weight than the doctor's decisions.
No, in most developed nations other than the US, the doctor has approximately the same power that they do in the US.
The difference is that, under capitated systems or systems like the NHS (which is not actually capitated yet, but functions more or less like it is), the doctor factors the cost into their decision-making process. That might sound like a good thing for patients, but it's generally not - it means they have an incentive to avoid unnecessary care, but they also have a very direct incentive to bias on the side of avoiding necessary care as well, to avoid eating into their budget.
This is absolutely a problem with the NHS, although Hacker News readers tend not to be the demographics that suffer from it the most, so you don't hear about it as much here.
> in America, if you get hurt, you need a lawyer almost a badly as you need a doctor
I get that this is intended to be hyperbole, but even on that scale, it's absurd.
The difference is that those systems goes to great lengths to ensure that the decision is done based on clinical needs and objective measures of what achieves the most patient benefit for the available money.
As a result it is very transparent what is sacrificed - e.g. you can find NICE [1] documentation on evaluations of individual drugs and treatments and their benefits, and documentation of the decision making processes of the NHS trusts, so they can be debated and used as a basis for deciding funding, or you're free to sign on to additional private cover if the exemptions worry you.
What we don't get is debates like this where people need to exchange information about whether or not an insurer is likely to try do be excessively strict in denying claims etc., because those kinds of things are extremely marginal here, not something most people ever need to deal with.
> As a result it is very transparent what is sacrificed - e.g. you can find NICE [1] documentation on evaluations of individual drugs and treatments and their benefits, and documentation of the decision making processes of the NHS trusts, so they can be debated and used as a basis for deciding funding, or you're free to sign on to additional private cover if the exemptions worry you.
The decisions that NICE makes are not fundamentally different from the decisions that insurers make when deciding which medications and treatments are covered for various conditions, and in fact, you can find analogous documentation of these decisions from every major insurer.
> The difference is that those systems goes to great lengths to ensure that the decision is done based on clinical needs and objective measures of what achieves the most patient benefit for the available money.
Emphasis mine.
NICE is not operating in some magical world where "revenue" and "costs" are somehow not intrinsically linked with clinical decisions. They're doing the same thing that insurers do - make decisions about treatments based on objective measures of clinical outcomes, subject to a finite budget.
Ironically, this entire thread is about HIV, and HIV treatment and prevention are one area in which the NHS falls drastically short of what's available in the US both to people on private insurance and to people without insurance coverage whatsoever.
The point is not that NICE is perfect, but that these limitations are subject to democratic control - if people feel that the NHS treatments are inadequate based e.g. on the NHS being unable to fund treatments that are recommended by NICE, the government has a direct and immediate ability to control the funding. It happens quite regularly that public debate over NHS funding of specific treatments leads to concrete change in policy.
And, as pointed out, people additionally have the option of taking out additional coverage, which as it happens also provide us with a good idea of to what extent people feel the NHS is sufficient. Typically only around 10% take up private insurance, mostly as a perk offered by some employers.
The availability of that as a (quite cheap) "escape hatch" is quite interesting in that respect. Especially given that the average person in the UK pay far less towards the NHS than the average American pay for healthcare via taxes and health insurance - you can sign up for high end private insurance in the UK and still end up paying less.
> They're doing the same thing that insurers do - make decisions about treatments based on objective measures of clinical outcomes, subject to a finite budget.
NICE's recommendations are not subject to the NHS budget. They are independent for a reason. Cost efficiency of a treatment enters into their assessments, but they do not have final say on which treatments are offered. They make recommendations based on the clinical need and document efficacy, outcomes and costs. It's up to the NHS to then allocate funds accordingly.
> Ironically, this entire thread is about HIV, and HIV treatment and prevention are one area in which the NHS falls drastically short of what's available in the US
I don't know the details of this, but find it curious given that some quick searches indicate that the HIV/AIDS death rate in the US per 100,000 is a larger factor above the UK than the prevalence rate.
Of course that could be for other reasons than treatment.
I know there's been some debate over funding of preventative treatments (with the NHS finally deciding to fund trials), but that was over responsibility largely (preventative measures is in general a council responsibility), but if anything the fact that the NHS decided to start trials after public debate seems to me a pretty good demonstration of what I'm saying.
The system is not perfect, but it's open, transparent and subject to democratic control.
> And, as pointed out, people additionally have the option of taking out additional coverage,
That's like saying "people additionally have the option of paying out-of-pocket". Remember, by definition, the expected monetary value of insurance is negative, so unless the private insurance is being subsidized by taxpayer dollars (defeating the whole point), this is equivalent to saying that people are still free to pay for treatments themselves.
> NICE's recommendations are not subject to the NHS budget. They are independent for a reason. Cost efficiency of a treatment enters into their assessments, but they do not have final say on which treatments are offered. They make recommendations based on the clinical need and document efficacy, outcomes and costs. It's up to the NHS to then allocate funds accordingly.
You can't escape the fact that, at the end of the day, the process still amounts to the same thing. Given a finite budget, decisions are made on how to allocate that funding based on clinical data, resulting in some people not receiving treatment, even though they would otherwise benefit clinically from it. What the NHS does is not fundamentally different from what insurance companies do.
Saying that it's subject to "democratic control" doesn't really mean a whole lot, except that the process ends up being a lot slower, and it becomes a political battle. (Notice that PrEP has been available in the US for five years at zero cost to patients, and it's still not available in the UK. Or, notice that the cure for HCV is generally accessible on private insurance in the US, but almost nobody in the UK is able to receive it through the NHS.)
> That's like saying "people additionally have the option of paying out-of-pocket".
No, that's pointing out that in the UK, we have an insurance system that is so cheap that for the very few that feels it's insufficient, it is still cheaper if they buy supplementary insurance on top, and they do have the option of have both private and socialised insurance.
> What the NHS does is not fundamentally different from what insurance companies do.
It does result in fundamentally better coverage for far less money. Somehow that seems "fundamentally different" to me. We pay on average about half as much, and for that everyone gets covered, and those that aren't satisfied can pay - still less - to get far more extensive cover.
The pigheaded insistence on defending the US system is to me utterly bizarre given that it's more expensive even if you choose to go private on top of the socialised systems in most of Europe. Especially given the kind of stories in this thread - from a European perspective they're the kind of horror-stories that makes at least me want to never consider living in the US.
> Saying that it's subject to "democratic control" doesn't really mean a whole lot
It does mean a whole lot when there are a number of examples of how it results in actual change.
> (Notice that PrEP has been available in the US for five years at zero cost to patients, and it's still not available in the UK.
Firstly, you can not consider the UK as a whole as one entity, as the NHS is not a single system, and control of NHS Scotland is devolved. Scotland started NHS funding of PrEP in April 2016.
This is an issue of speed of approvals of new treatments, which frankly says little about the respective systems - the reverse is often true too; drugs coming out of Europe often take years to get approved for use in the US.
Secondly, PrEP has been available to people in the UK from online pharmacies since 2016. It's not available on the NHS outside of a trial, but the flexibility of UK drug import rules means that buying PrEP in the UK is possible for around $50/month.
Also while it may have been technically available for 5 years in the US, wide insurance cover does not appear to have been present nearly that long.
Saying it is zero cost to patients in the US also seems like cherry-picking. The pages I find all say that outside of various programs targeting specific groups you can expect to pay your normal insurance co-pay, which for many will be more than the full cost of buying these drugs for UK patients outside of insurance.
In any case this boils down to the usual process of approvals varying country by country irrespective of the system - in most of the world PrEP is not yet approved, irrespective of budgets.
If you want to a meaningful comparison of this you'd need to do a wide comparison of time to approvals. Otherwise you need to look at availability of drugs post-approval.
> Or, notice that the cure for HCV is generally accessible on private insurance in the US, but almost nobody in the UK is able to receive it through the NHS.)
I believe that's at least two years out of date - as far as I can see expanded funding was approved in 2015, and an example of how policy was changed within weeks after a charity made the public aware of it. Given that the drug in question was rolled out in 2013/14 that does not seem unreasonable to me.
Same issue as above in any case, where looking at the newest drugs says little about long term availability of care.
> The pigheaded insistence on defending the US system
While I could respond to the rest of your points - including a couple of the statements which are factually incorrect - if this is the way you're going to talk to someone who's having a conversation with you in good faith, there's not much point in me spending any more time on the matter here tonight.
For those in one of the covered regions[1], Kaiser Permanente is largely not-evil. You have to go through your GP to get referrals to specialists, but it's a series of mostly consistent "I have X problem" "Try Y" "Didn't work" "Try Z" "Didn't Work" "OK, let's get you to a specialist" events.
[1]: Coverage areas as divided by corporate entities:
Northern California
Southern California
Colorado
Georgia
Hawaii
Mid-Atlantic (vicinity of Washington, D.C., including Maryland and Virginia)
Northwest (Northwest Oregon and Southwest Washington)
Washington (except Southwest Washington)
Lots of people complain about Kaiser. I was a member when I was growing up, and have signed up again now that I have a job offering Kaiser coverage.
For me Kaiser is a couple things. First of all it is peace of mind. They won't screw you. Essentially everything they offer is covered at a reasonable rate. Example: I was sent to the emergency room once and was able to pay on the spot with the cash in my wallet. Secondly, if you go to one of their medical centers everything is in that building. When I am sick, I don't want to go to a few stops across town to get everything (doctors office, lab, pharmacy, etc).
Additionally they actively do things to keep people healthy. They host farmers markets at some of their centers, run advertisements focused on getting exercise and eating well. In general, they make you feel like they are on your side.
I have Kaiser too and I stayed an extra day (vs average) after my unplanned C-section because of pain management issues, and nobody bothered me about it despite the floor being full. Only $500 and that included a salmon and steak and apple cider in champagne flutes celebration dinner one night for me and my partner. Their prenatal and postpartum support is top notch too, including free lactation consultant visits and a hospital grade pump rental (would cost me $1k+ at this point in fees otherwise) to support breastfeeding for as long as I want.
Compare to one of my friends with a bog-standard vaginal birth, was pressured to leave as soon as possible, partner kept getting kicked out of the room, and she paid $7k and counting while still getting random claims. LC visits also not covered despite wanting to breastfeed desperately, and she gave up due to issues that could have been resolved.
It's not even just the baby stuff that is like this - my dad has their medicare advantage plan and he LOVES it and I love the integrated care since it's so easy for his specialists to talk to each other without me having to be the messenger.
Kaiser gets a bad rap a lot of times, sometimes for good reason, but in the average case, they must be doing something okay that they don't fight me like Anthem used to do ALL THE TIME (plus remember when maternity coverage cost like $500 extra _per month_ on the individual market?)
Right now I'm on the hook for 5 figures with BC/BS for my son's birth expenses, because HR screwed up his application. It's a Kafkaesque byzantine labyrinth of red tape and buck passing. I'm not sure they're evil, just bureaucratic.
The last time I had insurance in the states (before moving away) was with Blue Cross.
I didn't personally have any problems, and generally zero problems with mental health car (my ex needed it). I don't know if it makes a difference, but my employer (a major pharmacy chain) merely hired them to administer their health plans and funded it through the company. When they dealt with me, they weren't really using their funds.
I have them through work, they're pretty shitty, for example, I currently have to either turn of uBlock (not an option) or open dev tools to unhide a div in order to log in. Why there is anything on health insurance website that communicates with a third-party server baffles me. That said, I don't think there are any good options in the US. They all have weird quirks like this, they all require a fight to get the payouts you're entitled to and they'll fudge the numbers so you end up paying way more than you expect. Welcome to America.
Edit: I do have APL gap insurance too. I have nothing but praise for them, easy to work with, paid quickly (checks usually made out to me directly because most places here don't deal with APL), and covered most of my out-of-pocket cost with Aetna which I maxed out last year.
Aetna has long had a poor reputation, even amongst insurance companies. The phrase "Aetna, Aetna, so sorry we met ya" was commonplace in the healthcare industry ~15y ago.
Was this in California around 2008? There was a big scandal about this and now there are big fines for doing it.
A few insurers were accepting people (and accepting payment) without actually setting them up in the system. When many of these people went to use the insurance, they were told that not only did they not have insurance, they would be denied any insurance for having pre-existing conditions.
My favorite is the HR person who says "we can correct any errors that were made with your insurance retroactively, don't worry"
I am worried, though! Because I've got this deduction coming out of my paycheck for insurance, and your insurance provider just told me that they've never heard of me! Escalate!
Wow, this is actually something I consider when sending letters to my clients. I don't ever want to "leak" their info, even if it's not really considered sensitive.
I always assume the top third to be "compromised", only putting the private contents in the lower two thirds or on the back.
I wonder why they don't have the mailing rule of the top third as a written policy.
> A cost/benefit analysis of "put all HIPAA-relevant information inside an opaque envelope" probably comes out ahead if it prevents one issue like this.
To be pedantic, the patient's name and address are both considered PHI under HIPAA.
The way that most insurers deal with this is by mailing an envelope that has no obvious information on the outside about the sender (it has a return address that's usually a PO box somewhere in the midwest, but not the company's name). So without opening it, you can't tell that the piece of mail relates to medical information.
Banks do this as well when mailing things like credit cards, to make it less obvious to a would-be interceptor of the mail that there's something valuable inside. (Of course, the deliberate inconspicuousness of it is itself conspicuous, but that's another problem).
Also there is something called a security envelope, which is printed on the inside with a pattern of lines that makes it difficult to read the contents of an unopened letter by holding it up to the light.
Back when mailing checks to pay bills was a thing, everyone had a box of them and that's what you used. I imagine companies today should still use them.
Does the US not have standardized letter and envelope sizes?
In Germany we have standards for paper sizes, window placement and the layout of business letters. Considering this type of letter is probably not typed out by hand, it's trivial to use a template with the correct layout. At that point the choice of letter becomes irrelevant.
I'd expect the US to have something similar but maybe they don't? If there are standards, this boils down to either "Aetna used non-standard envelopes" or "Aetna formatted letter incorrectly".
Yes we do have standard paper and envelope sizes in the US that are similar to Europe. What probably happened here is they printed the info in a dumb layout that was too close to the address field and/or whoever was running the folder-inserter machine did not move the tri-fold area to the right place. (Source: I used to sell these machines.)
The point is that the page layout, i.e. where the fold positions, address field, letter title, reference numbers, date, logo, and actual content go, is standardised as well (DIN 5008). Nobody forces you to use that standard but it frees your mind thinking about actually important stuff so everybody does.
This doesn't help against incorrectly using a folder-inserter but I have never seen that happen. What does the user need to do to have an incorrect fold?
I've not seen a standard position for such fields. Different software produces different layouts of printed information. I suppose it's possible that MOST software will produce a standard layout, but in my short time in the industry I witnessed a wide range of layouts for documents intended to be folded and inserted into a window envelope. (EDIT: Should add that 'software' would also include printer drivers and printer hardware/software that does not always interpret fonts, sizing, etc., in the same way.)
As for how folder-inserters can be used incorrectly: there are various settings you have to fine-tune, most notably the location of the creases. If the creases are too far in one direction, you will end up with the address not displaying appropriately in the window. So you run a test, bump it up or down, and repeat until the info is in the window correctly. THEN, and only then, do you proceed to run the remaining 100s or 1000s of pages.
Worth noting that tuning is not always due to printed pages being in different layouts. The machines themselves have moving parts that start drifting a bit over time, so you are basically recalibrating it.
There is no standard that I'm aware of. On a related note, if I had a dollar (or a Euro) for every US problem that the Germans solved long ago through straight thinking, I'd have enough money to move to Germany.
The standards for paper and envelope sizes [1] are so ingrained in me that it's almost like metric vs. imperial. They're ISO standards, though based on German standards, and being able to instantly know roughly how big a paper size is, is very convenient.
E.g. A4 almost the size of US Letter, but from there we know if you take an A4 sheet, turn it 90 degrees and puts another one above it in the same orientation, you have A3. Repeat for A2 and so on. Or fold an A4 in half and you have A6. Meanwhile an A4 sheet will fit in a B4 or C4 envelope without being folded, or in a B5 or C5 envelope folded in half...
If I had a dollar for every problem the Germans introduce by over-thinking current problems I could drive a German luxury car (that is old enough to not still be under warranty).
...and then your mechanic will curse you for having a vehicle that is insanely difficult (and expensive) to repair (hang out on /r/justrolledintotheshop for a little while to see what I mean - "service position" anybody? Or what about the carnage to fix a simple heater core?)...
Have you talked to some Germans about how "straight thinking" they think their country is? When you don't get to see the sausage made it looks good but peel pack the process a bit and you'll see that there are still very significant issues. Note: I have huge respect for German society and governance.
I don't know if there are actual codified standards, but I often receive letters (mostly bills) with the same envelope size and window placement. I would guess they just folded or ordered the contents of the envelope incorrectly.
A dude in my girlfriends class at a good university in nyc just had this happen and his roommate saw and went to the school and said they want him removed from the dorm, school obviously said no, but it was a huge ordeal.
Separately, it has been reported in the last several years that the U.S. Postal System has implemented imaging every single piece of mail it moves.
They have already OCR-ed addresses from mail, for years. If they are now retaining the raw images, does this mean that they've inadvertently collected and are holding the HIV status of all the Aetna customers affected by this information leak?
So far, it seems the USPS is not selling what it's collected. (Although I'm sure some of the "make a buck any way you can" crowd in DC and elsewhere would not be above enabling and pushing them to do so.) But, next year? And in case you thing this is far-fetched, many state departments of motor vehicles (DMV) already make their drivers license photographs commercially available, IIRC.
Since most of this thread has turned into comparing the terribleness of insurance companies I'll say it again:
A good said of less than legitimate identification documents are probably far more useful to someone needing urgent medical care than insurance coverage is.
Reading further in, it was a screw-up on the paper envelope that had too big of a window and referred to HIV treatment connected to the person's name. This is really bad, but it was 12k localized instances of crummy physical mailing.
Its pretty bad, but it's not like this was "300k people leaked by hackers for ransom".
HIV clinics have "no-contact" lists and if you hypothetically worked for a survey company that made a phone call to one of those numbers, and said you were calling from "XYZ clinic for PQR person who isn't here right now", and the person who takes your call connects the dots, and realizes XYZ clinic is an HIV clinic... you could make two people very upset, and one person homeless.
Hypothetically speaking... it could be real bad news.
Let's just say after that, we asked every medical office we ever worked with from then on, if they had any "no-contact" lists to please ensure they remove those people from the contact list before we started making calls.
We had a mail/phone operation and I'm just imagining our production manager not looking closely enough at even one of 12,000 pieces of mail in windowed envelopes that says "HIV medication" in plain view, before loading them into his car and mailing them at the post office.
He'd be canned instantly. Someone definitely got fired over this.
This could have been prevented, though, and now folks could have to deal with a lot of harassment. There are still folks out there that think AIDS is a punishment from god for a sinful lifestyle or will assume you are gay (with all the discrimination that comes with it). Yet other folks finding out will simply stop using normal gestures with you and stand further back, simply because they are afraid they'll magically catch aids.
Sure, it wasn't 300k people leaked by hackers for ransom. It was giving folks reason to discriminate against 12k people. Does it matter if it was localized?
There are two sides to the story though (I'm not defending Aetna, I'm saying this is not only a problem for people who live around bigots.)
Some non-zero percent of those 12k people live with a partner who doesn't know their HIV status. It is (edit: could be, if untreated) totally unethical for those people to fail to disclose their status to their partners, but arguably it's much worse for those people to be outed by their health insurance company, who should really be the (#@[expletive](/#@ experts in privacy here.
I'm really not sure it's OK that this letter went out at all, even if they had used the right privacy envelopes!
I fully expect to get downvoted for this, but it's an important point that I have to address.
> Some non-zero percent of those 12k people live with a partner who doesn't know their HIV status. It is totally unethical for those people to fail to disclose their status to their partners
This is itself based in old misinformation about HIV that serves to perpetuate harmful stigmas around HIV.
HIV is treatable, and when properly treated, cannot be transmitted[0]. That's not even taking into account other forms of HIV prevention that are practiced to reduce the risk of HIV transmission. While it's advisable for an HIV- to ask their partner's HIV status (and HCV, and other STD statues), a person with HIV under proper treatment should not be expected to proactively disclose that to every partner or potential partner, and it's not "totally unethical" for them to make the decision not to volunteer that information unasked.
[0] Decades of misinformation have drilled the false belief that HIV is always infectious into people's minds, to the point where public health groups are literally launching massive campaigns to correct this belief.
Here's the PARTNER study, which found no HIV transmissions after nearly 900 sero-discordant couples had sex without condoms more than 58,000 times where the HIV-positive partner was using suppressive antiretroviral therapy.
I haven't been personally in this situation, but I've been at a company that was afraid we were gonna lose the contract because of a miscommunication between their office and our office, where "no-contact" request was not honored.
I honestly had no idea what you just told me. My focus was on the illegal disclosure by the trusted health care company, because that was the angle I experienced a (much smaller scale) similar situation from.
(I know HIV clinics have no-contact lists, but I am skeptical whether or not health insurance companies do. This story is just a colossal mess, too many layers of wrong for me to comprehend.)
Some folks don't know they have it, and there are big gaps in health care. Not everyone that needs to be tested or should be tested has the means or transportation to do so, let alone afford the medications. Theoretically, we could test this with normal bloodwork and have tax dollars pay for the medications, treating it like a public health cause. We just don't, partially because of outdated views on it, bigotry, and so on.
Granted, this is completely ignoring the world outside the US, where there are other difficulties.
This is the real world you were referring to, right?
It should also be obvious that he's referring to folks that have medication available. HIV isn't the death sentence it used to be because we've made great strides.
Even though the badness of the situation, I'm saying it would have been terribly worse with mass leaks of the DB this came from. It's not like we in the tech community have seen leaks like that...
Regardless, I see this as a bad screw-up with with no ill intent behind it. It was literally a "too large window" on an envelope...
None of scenarios can diminish just how awful this is of course. There are some things you can get wrong on that envelope that are bad, but not really livelihood threatening. This is life changing for a huge number of people I'm sure, and the companies involved should be held accountable for the breach.