The ACLU, Lambda Legal, and HIV & AIDS Legal Services Alliance (HALSA) are "demanding a full explanation for the unauthorized and illegal disclosures of confidential identifying information of approximately 5,000 HIV-positive Medi-Cal recipients." Beginning in 2007, the leaked information was sent to a third party service provider.

In part of a terse press release, the ACLU notes:

Lambda Legal and ACLU-NC became aware of the breach during discussions about AB 2590, a bill which would have diluted the strong confidentiality protections under California law for those with HIV/AIDS and would have legalized the unauthorized release of such information to an HIV/AIDS service provider. Although current law forbids unauthorized disclosures about a person's HIV status, the state agency released confidential identifying information about HIV-positive Medi-Cal recipients without authorization or proper limitations on how that information was to be used by a private organization, the AIDS Healthcare Foundation.

"The state stepped out of bounds when it disclosed the confidential records of HIV-positive Medi-Cal patients, even including their contact information," said Elizabeth Gill, Staff Attorney at the ACLU of Northern California.

Why is this so egregious? SFist asked local AIDS/gay activist Michael Petrelis to give us his thoughts:

As a person with AIDS on Medi-Cal, my first reaction was to wonder if I was one of the persons to have their privacy breached by the state of California. Should I worry about the violations? Yes, whether my medical information was shared or not, these violations must be of concern to all people living with HIV dependent upon Medi-Cal for any services.