theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Financial firms and consultants receive information from you, the patient and discharge data. These companies may even be involved in personal lending involving mortgages or credit cards.

Examples

Bank Of America Merrill Lynch/ Healthcare Finance purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Dezonia Group had a data breach in 2009, in Illinois. The city of Chicago bills people for ambulance rides -- $600 and up. It uses a third party, Dezonia group, for billing. An employees laptop, containing patient names, addresses and Social Security numbers, was stolen from the company. Reports differ as to whether or not the data was encrypted. (63000 records involved) [source].

  

Bradwish Financial Services, Inc. purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Holyoke Medical Center, Caritas Carney Hospital, Milton Hospital, Milford Hospital had a data breach in 2010, in Massachusetts. A large pile of medical records was found at Georgetown Transfer Station public dump. The reports contained names, addresses, diagnosis, Social Security numbers, and insurance information. A medical billing company known as Goldthwait Associates is believed to be responsible. The medical records are mostly from pathology patients served at the hospitals between 2007 and March of 2010.UPDATE (9/2/10): Holyoke reported that 24,750 patients were affected. The exact number of patients affected from other medical centers is still unknown. Between 8,000 and 12,000 patients of Milton Hospital were affected.UPDATE (10/11/10): Milton Pathology Associates, P.C. reported that a prior owner of Goldthwait Associates improperly disposed of patient information. Eleven thousand patients were affected. Milford Regional Medical Center reports that the incident affected 19,750 patients.UPDATE(01/07/2013): People associated with Goldthwait Associates, Chestnust Pathology Services, Milford Pathology Associates, Milton Pathology Associates, and Pioneer Valley Pathology Associates agreed to collectively pay $140,000 to settle allegations related to the breach. (45,600 records involved) [source].

  

Dixon Hughes, Pllc purchases statewide personal hospital discharge data from at least MD TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Medassets Inc., Saint Barnabas Health Care System, Cook County Health and Hospitals (CCHHS) had a data breach in 2011, in Georgia. An external computer hard drive was stolen from a MedAsset employees car on June 24. MedAsset provides administrative and business services to medical centers. The hard drive contained the personal information of patients who were being considered for governmental benefits at six Saint Barnabas acute care hospitals and patient information from Cook County Health and Hospitals System in Chicago. Patient names, medical center account numbers, medical record numbers, dates of birth, medical center charges, amount paid, health insurance information and discharge dates were exposed. Approximately seven percent of the Saint Barnabas System patients who were affected had their Social Security numbers exposed as well. The six Saint Barnabas Health Care System clinics are:Clara Maass Medical Center - 8,795Community Medical Center - 6,950Kimball Medical Center - 6,785Monmouth Medical Center - 6,443Newark Beth Israel Medical Center - 15,015Saint Barnabas Medical Center - 6,179Also, 32,008 CCHHS patients were affected. (3,500 records involved) [source].

  

Gerson, Preston, Robinson & Co. purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard. Ohio State University Medical Center, MTE Consulting had a data breach in 2005, in Ohio. A laptop containing patient information was stolen from a financial consultant. MTE Consulting notified OSU medical center a month after the laptop was stolen and OSU sent a brief letter to the affected clients. (15,000 records involved) [source].

  

Healthcare Financial Consultants purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Tax Matters had a data breach in 2011, in Texas. Someone noticed that thousands of intact personal documents had been dumped in an unsealed dumpster. He called a local news crew and they came to recover and store the documents. The personal documents included applications, resumes, check books, federal income tax forms, and even patient diagnosis forms. The information covered a period between 2003 and 2007. A new employee of Tax Matters dumped the documents without shredding them. [source].

  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.