Gilead sued for HIV-related privacy invasions

506
Photo: November 23, 2019 Foster City, California. Gilead headquarters in Silicon Valley.

Gilead Sciences Inc., a biopharmaceutical company based in Foster City, California, was recently sued for allegedly violating HIV-privacy rights when sending out a mass mailing to customers using envelopes linking them to HIV-related medications.

In April, Gilead sent the mailing to customers enrolled in a medication-affordability program for the drugs Truvada or Descovy. The drugs are taken to reduce the risk of HIV infection, a prevention measure called pre-exposure prophylaxis (PrEP). The envelopes displayed “HIV Prevention Team” as the return address in bold-red lettering, according to a 24-page lawsuit filed May 21 in the U.S. District Court for the Northern District of California.

Two men who received the letter are plaintiffs in the class-action lawsuit, which has been assigned to U.S. Magistrate Judge Joseph C. Spero. One plaintiff is from Indiana and the other is from Alabama. They’re very protective of their privacy and were extremely upset when receiving the mailing. The Alabama plaintiff received the mailing at his workplace, according to the lawsuit.

It’s unclear at this point how many other Gilead customers on PReP received the mailing. The recipients’  friends, relatives, roommates, landlords, neighbors, mail carriers and “complete strangers” could have seen the envelopes, according to the lawsuit.

“People living with HIV, people at risk for HIV, and people taking HIV medications to prevent HIV acquisition face extreme stigma,” the lawsuit alleges. “In fact, stigma is widely recognized as a driver of the epidemic.”

In a prepared statement, Gilead apologized for using the envelopes.

“Gilead Sciences, Inc., is aware of the class action filed in U.S. District Court for the Northern District of California relating to a mailer that included the words ‘HIV Prevention Team’ in the return address,” according to the statement. “We understand that health matters are deeply personal to the people we serve, and that consumer privacy is of the utmost importance.

“We recognize the concern expressed by some people who received this envelope from Gilead as part of a limited educational awareness campaign. We regret that the envelope caused any concerns, and we apologize to anyone affected. However, we deny the assertions in the complaint and will file our response in a timely manner.

“On discovering that an envelope template usually used for communications with healthcare professionals was inadvertently used for the consumer mailer in question, we took immediate action to address it — including to discontinue the use of this particular envelope. We have also initiated a full review of our processes and training for employees and external vendors.”

Plaintiffs are seeking an unspecified amount in damages, along with reasonable attorneys’ fees and an order that Gilead implements policies to protect the confidentiality of HIV-related information. A jury trial has been requested.

Other health care companies have also been sued for disclosing HIV-related information in the mail. Health insurer Aetna Inc. settled for $17 million a class-action lawsuit involving a 2017 mailing to about 12,000 people that inadvertently revealed the recipients’ HIV status in the envelope’s window. CVS Health Corp. settled a similar suit for $4.4 million.

The AIDS Law Project of Pennsylvania was joined by the law firms Berger Montague and Langer, Grogan & Diver in filing the Gilead lawsuit. 

Ronda B. Goldfein, executive director of the Law Project, issued this statement: “The Aetna case put a spotlight on the obligation to safeguard confidential HIV information. We hoped that the Aetna case would put an end to faulty mailings by companies holding this sensitive information. Mail delivery should not strike fear in the hearts of people who live with HIV or are at risk of getting it.”Adrian M. Lowe, staff attorney at the Law Project, echoed those sentiments. “Once again a giant in the healthcare industry has been careless with the private patient information entrusted to it,” Lowe said. “Again, the breach happened through a bulk mailing where, it appears, no one involved looked at it and said ‘Wait, maybe this isn’t a good idea.’ It’s discouraging. People seeking healthcare shouldn’t be put in a position to doubt whether their healthcare providers will be careful to safeguard their privacy.”