Privacy Risks with Snail Mail

With all (or most) eyes on privacy issues in cyberspace, companies can lose sight of traditional methods of violating privacy rights.

A recent example is Aetna’s late July mailing of 12,000 letters where the large windowed envelopes easily revealed the recipients’ names, addresses, and HIV status and/or prevention information. While the number of affected individuals may seem comparatively low, this incident nevertheless garnered negative publicity and attention.

Since privacy violations can lead to lawsuits, heavy fines, or even criminal penalties, companies—especially those that handle protected information—should review their mailing policies. If third-party mailing companies are used, those companies’ policies should also be reviewed.

Some policies that may help reduce potential privacy breaches for snail mail include:

• Using heavier-stock or security envelopes with no windows
• NOT using envelopes with pre-printed sender information if the sender information would reveal private information (for example, if your organization name reveals the specific type of medical condition suffered by your patients)
• Having someone spot check the final product
• Making sure that addresses are up-to-date
• Using a form letter that only provides generalized information and instead requiring the patient to contact your office for particularly sensitive information, such as test results
• Eliminating unnecessary confidential information (such as Social Security Numbers)
• Shredding and/or proper disposal of misprinted mail
• Training employees or vendors regularly

If you need further or specific guidance, or guidance on other media, please do not hesitate to speak to an attorney.