LAMBDA LEGAL ARCHIVE SITETHIS SITE IS NO LONGER MAINTAINED. TO SEE OUR MOST RECENT CASES AND NEWS, VISITNEW LAMBDALEGAL.ORG

Victory! Lambda Legal Secures $372k Settlement in California HIV Medical Data Breach Case

Find Your State

Know the laws in your state that protect LGBT people and people living with HIV.
The settlement will provide $4,000 in compensation to 93 low-income Californians whose HIV status may have been accessed in a potential breach under a state-run medication program.
February 10, 2023

Lambda Legal today announces Final Approval of a $372,000 settlement for 93 low-income Californians living with HIV whose confidential medical records – including their HIV status – may have been compromised by a data breach of A.J. Boggs & Company’s online enrollment system for the California AIDS Drug Assistance Program (ADAP). ADAP is operated by the California Department of Public Health (CDPH) and 30,000 low-income Californians rely on ADAP for life-saving medication. In 2016, CDPH contracted with A.J. Boggs to administer the enrollment program. 

The Superior Court of California (San Francisco) ordered final approval of a class action Settlement Agreement. As a result of the settlement in the class-action lawsuit Lambda Legal filed five years ago, each of the 93 Settlement Class Members are eligible to receive $4,000 in compensation for the potential data breach. Any remaining funds not disbursed to Settlement Class Members will be divided between two nonprofit organizations serving Californians living with HIV, APLA Health and the San Francisco AIDS Foundation (SFAF), to be used exclusively for state-wide HIV advocacy work. 

“We are pleased that this settlement will compensate those people whose trust was violated by this vulnerable maintenance of sensitive confidential medical information; it sends a clear message of the importance of proper care and management of this information. HIV-related stigma is still a major driver of the HIV/AIDS epidemic, so privacy interest in one’s HIV-positive status remains a priority issue. We hope this lawsuit has raised awareness of the importance of treating health information of people living with HIV, with extreme care and confidentiality, because unauthorized disclosure could increase risk for discrimination, harassment, or even loss of trust in health care providers. People living with HIV need to know who has access to their personal and private medical information, and that those who are handling this information will keep it safe and confidential,” said Kara Ingelhart, Senior Attorney at Lambda Legal.  

“I’m relieved to see this case come to an end after my and others’ private medical information was improperly accessible to others. Unfortunately, there is a lot of stigma and discrimination attached to HIV-positive status, so breaches like these could jeopardize our safety and livelihoods. As members of already vulnerable communities—transgender people, women, people of color, undocumented people—we already overcome many barriers to access health care, so mishandling of our data creates community mistrust in the service providers. It is up to me to decide how and with whom I share my HIV status,” said Alan Doe, who is using a pseudonym for purposes of the lawsuit. 

CDPH identified the 93 Settlement Class Members whose HIV-related medical information may have been accessed in the data breach and previously sent each of these class members notification in a letter by mail in 2017. CDPH has maintained the confidentiality of the full list of potentially impacted persons and has contracted with the Claims Administrator Kroll (Kroll) for authorized confidential use of the CDPH-held contact information to reach those 93 people individually and administer the class settlement agreement. Settlement Class Members may contact Kroll by phone at 1-833-512-2305.  

The settlement comes five years after Lambda Legal filed the class-action lawsuit, arguing that vulnerabilities in the ADAP portal operated by A.J. Boggs may have led to unauthorized third parties accessing and viewing the private medical information of 93 Californians – including their HIV status – between August and December 2016. The enrollment process requires applicants to provide detailed information and access to their medical records, sensitive and confidential information that California state law requires not to be disclosed or disseminated without consent. 

ADAP is part of the federal Ryan White CARE Act, through which states are eligible to receive federal funding to conduct a program that helps ensure access to HIV medications for lower-income people living with HIV who are not eligible for Medicaid and do not have an alternative source to obtain HIV medications at a reasonable cost. In California, approximately 30,000 people are enrolled in its ADAP.

Kara Ingelhart of Lambda Legal, joined by pro-bono co-counsel Kara L. Kapp of Cozen O’Connor are representing Alan Doe.  

Read more about the case Doe v. A.J. Boggs & Company: https://www.lambdalegal.org/in-court/cases/doe-v-aj-boggs-co 

Read the complaint here: https://www.lambdalegal.org/in-court/legal-docs/ca_doe_20180403_class-action-complaint 

###

Contact Info

Tyleis Davidson: tdavidson@lambdalegal.org, 678-492-1821 

Share