theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Personal Transport companies transport patients and include helicopter (MedEvac), ambulance, or Safe Ride. They also include non-patient specialized transportation (i.e. taxis) when transporting patients for medical reasons. Your medical history is collected during emergency transportation, if possible, as well as the procedures performed during transport, while non-emergency transportation collects some medical information from you, your healthcare provider or care facility in case of emergency.

Examples

E M T Associates purchases statewide personal hospital discharge data from at least TN, CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Advanced Data Processing, Inc. (ADPI), Grady EMS had a data breach in 2012, in New Jersey. Information from certain ambulance agencies was inappropriately accessed and disclosed. Patient account information such as names, Social Security numbers, dates of birth, and record identifiers were exposed by a dishonest ADPI employee. ADPI learned of the breach on October 1. The dishonest employee was fired and apprehended by authorities.UPDATE(12/04/2012): The former ADPI employee stole information associated with Grady EMS ambulance service. About 900 Grady EMS patients had their information exposed between June 15, 2012 and October 12, 2012.UPDATE(01/05/2013): A detailed list of the organizations and number of people who were affected is available on phiprivacy.net here:http://www.phiprivacy.net/?p=10825UPDATE(03/08/2013): Osceola County EMS released a notification in March of 2013 here: http://tinyurl.com/a335kakUPDATE(03/14/2013): The Yuma, Arizona Fire Department was also affected by the breach. ADP handles the billing for Yumas emergency medical services. Names, Social Security numbers, dates of birth, and record identifiers may have been accessed. [source].

  

Miemss purchases statewide personal hospital discharge data from at least MD [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Carolinas Medical Center, NorthEast had a data breach in 2007, in North Carolina. A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years. (28,000 records involved) [source].

  

Nor-Cal Ems, Inc. purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Life Flight (IHC Health Services Inc.) had a data breach in 2013, in Oregon. An administrative error caused the information of patients flown by Life Flight helicopters to be available online. Patients flown during April, May, and June of 2004 may have had unspecified information exposed. It was confirmed that 107 patients had their Social Security numbers exposed. It is unclear how long the information was available and if patients flown during additional months may have been affected. The information was moved to a secure server to address the breach.UPDATE(05/17/2013): The sensitive information was available online as early as October 12, 2009. (107 records involved) [source].

  

Washington State Traffic Safety Commission purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Randle Eastern Ambulance Service inc. had a data breach in 2010, in Florida. A man and his wife who were previously charged with selling patient information in 2009, were charged with stealing personal information of individuals transported by Randle Eastern Ambulance Service Inc. (American Medical Response). The information was then sold to South Florida personal injury attorneys and clinics. The stolen information included names, telephone numbers, medical diagnoses, and addresses. They used the help of a former AMR employee. [source].

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.