theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Other government entities receive personal information from you, the patient and from public health and discharge data from States and hospital associations.

Examples

The Agency for Healthcare Research and Quality (AHRQ) is a division of the U.S. Department of Health and Human Services focused on researching public health policy and implementation issues.AHRQ sells and purchases statewide personal hospital discharge data. AHRQ purchased data from at least 3 states: CA, PA, and TX [source]. AHRQ also sells statewide personal hospital discharge data for 23 states through its Federal-State-Industry partnership called the Healthcare Cost and Utilization Project (HCUP). [source]

  

City of Charlotte had a data breach in 2010, in North Carolina. The city of Charlotte says the personal information of 5,220 current and former city employees and elected officials has been lost. The loss affects individuals who received health insurance from the city in early 2002. Two DVDs containing the Social Security numbers of the affected individuals failed to arrive at the offices of Towers Watson & Co., the citys benefits consulting firm, in Atlanta. The discs also contained prescription-drug information for five individuals. (5,220 records involved) [source].

  

Health Planning & Development are regional government agencies. They are known to purchase statewide personal hospital discharge data from at least 3 states: CA, FL, WA [source]. The purchased data does not contain the person's name, but it is possible to match some people by name [source].

  

City of Monroeville had a data breach in 2013, in Pennsylvania. A number of inappropriate security practices may have exposed the information of people who called Monroevilles 911 dispatch center, police department, fire department, or EMS department in 2012 or 2013. Monroeville is being investigated for possible violations of federal health privacy laws. An August 2012 complaint to the U.S. Department of Health and Human Services Office for Civil Rights stated that protected health information may have been given to a former police chief via email and that weak and poorly managed usernames and passwords were used to access a database of 911 callers medical information. [source].

  

Indian Health Services,Office Environmental Health purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Contra Costa County had a data breach in 2011, in California. Residents who owed money to the county health department had their names inadvertently published in a public document. The names were published in a report to the Board of Supervisors dated July 27, 2010. The error was discovered at the end of November, 2011. No patient information was exposed, but the publication of the names in the report constitutes a breach of patient confidentiality laws. The information was removed from the online report. [source].

  

City Of Oviedo, FL purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Department of Veterans Affairs had a data breach in 2010, in Texas. The names, Social Security numbers and treatment locations of about 140 veterans were mixed in with other paperwork. The paperwork was sent to an EEOC office and viewed by multiple persons there. It appears that the names should not have been visible. [source].

  

City of Seattle, WA purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Florida Department of Veterans Affairs had a data breach in 2010, in Florida. A digital camera with veteran information was discovered missing on November 21. It contained the names, Social Security numbers, dates of birth and images of patients. Images of veterans who had been photographed in the last three weeks were on the camera. (55 records involved) [source].

  

County Of Sacramento, CA purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hawaii State Department of Public Safety had a data breach in 2011, in Hawaii. A reporter requested statistics from the State Department of Public Safety. Though the reporter only wanted the number of people who use medical marijuana, he was sent an email with patient names, addresses, plant locations, certificate numbers, and the names of prescribing physicians. Patients became aware of the issue when information was printed in a front-page news story, though no patients were identified. [source].

  

County Of San Diego, CA purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hidalgo County Commissioners Office had a data breach in 2007, in Texas. The private medical information, including Social Security numbers and treatment details of people who sought medical assistance from the county was posted on the Hidalgo County Website. (25 records involved) [source].

  

County Of Ventura, CA purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Lynchburg City had a data breach in 2007, in Virginia. Personal information of Lynchburg city employees and retirees was accidentally posted on the citys website among that information employees prescription medications. [source].

  

Joint Legislative Audit & Review Committee, WA purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Milwaukee County had a data breach in 2008, in Wisconsin. Milwaukee County officials mistakenly released numerous confidential court records for a citizens groups web site that detail payments for tests and other costs linked to to mental competency, paternity and guardianship cases. Entries for psychiatric examinations and guardianship fees in which the clients names were still listed. [source].

  

Maine Bureau of Insurance purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Pennsylvania Department of Aging had a data breach in 2007, in Pennsylvania. A state Department of Aging-owned laptop computer containing personal information on senior citizens was stolen from a Johnstown home. The information included names, addresses, Social Security numbers and some medical information. (21,000 records involved) [source].

  

Maine Department of Labor purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Pinellas County and Florida state agency offices had a data breach in 2008, in Florida. Documents with Social Security numbers, medical information and other legally protected data were found in trash containers at government buildings. Also found were hundreds of improperly discarded records were found that included medical data, privileged communications between attorneys and clients, juvenile defendant records and child abuse materials. [source].

  

Maine House of Representatives purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Southwestern Indiana Regional Council on Aging (SWIRCA) had a data breach in 2010, in Indiana. Client information was on a case managers laptop that was stolen from the SWIRCA office. Files on the laptop contained patient names, Social Security numbers, dates of birth, addresses, phone numbers, demographic information, medical condition information and case information. The laptop was stolen sometime between November 4 and 8. (757 records involved) [source].

  

Maine State Legislature purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Town Council of Chapel Hill had a data breach in 2012, in North Carolina. A licensed clinical social worked accidentally attached confidential client information to an email that was forwarded to town council colleagues. A copy of her and her husbands 2011 income tax returns was also in the email. The email automatically became available to the public and the error was noticed nearly a week later. Unfortunately, the email was also forwarded a second time to a public account. Consequently, the information was publicly available for a week. Many of the affected clients were University of North Carolina students. Names, Social Security numbers, clinical notes about client mental health, payment amounts, and insurance forms were exposed. (12 records involved) [source].

  

Office of Policy and Legal Analysis, Maine State Legislature, ME purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Utah Department of Workforce Services had a data breach in 2010, in Utah. A leak that allowed anti-immigration activists to post and circulate the names, Social Security numbers, medical information, addresses, workplaces, and phone numbers of alleged illegal immigrants in Utah has been linked to Utahs Department of Workforce Services. A large number of employees had access to this information. [source].

  

Office of the Governor, ME purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Veterans Affairs Chicago HCS had a data breach in 2010, in Illinois. The Orthopedics Department was using Yahoo.com to keep track of patient scheduling. The information had been stored on Yahoo.com since July of 2007 and multiple current and former residents of the center had access to the password and account. Patients had their name, date and type of surgery and final four digits of Social Security number exposed. The information was deleted from the web page on November 29. [source].

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.