theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Mental & Addiction organizations are public and private mental health and substance abuse facilities. Your medical conditions (including substance addiction) and medications may be recorded by these organizations when using their services.

Examples

Orange Co Health Care Agency purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Adult and Child Care Center, Choices, Inc., Diversified Support Services, Midtown Mental Health Center had a data breach in 2012, in Indiana. A hacking incident that occurred on or around May 10 may have exposed the protected health information of patients. The incident was reported by HHS on July 27.UPDATE(08/16/2012): A total of 505 clients and family members of clients of Diversified Support Services and 890 clients and family members of clients of Midtown Mental Health Center were affected. Social Security numbers, private health information, and demographic information were exposed. (1,945 records involved) [source].

  

Alcohol Drug Program Administration purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Anchorage Community Mental Health Services, Inc. had a data breach in 2012, in Alaska. An unauthorized disclosure involving a computer or computers resulted in the exposure of protected health information. The breach occurred sometime between December 20, 2011 and January 4, 2012. This breach was reported on the HHS website. [source].

  

California Dept. Of Mental Health purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Arizona Counseling and Treatment Services (ACTS), Cenpatico Behavioral Health of Arizona had a data breach in 2013, in Arizona. The home theft of any employees laptop and external drive resulted in the exposure of patient information. The theft occurred sometime between March 18 and March 25; other items were stolen besides the laptop and hard drive. Neither the laptop nor the hard drive were encrypted. Patients who visited either Cenpatico or its contractor ATS between 2011 and 2013 may have had their names, dates of birth, and treatment plans exposed.UPDATE(04/17/2013): More than 3,000 patients were affected by the breach. [source].

  

Dcf, Substance Abuse & Mental Health purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Austin Center for Therapy and Assessment had a data breach in 2011, in Texas. The July 8 theft of a laptop resulted in the exposure ofprivate patient information. Patient names, addresses, Social Security numbers and treatment information may have been obtained from the stolen laptop. (1,870 records involved) [source].

  

Florida Council For Community Mental Health purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Butler County Department of Mental Retardation & Developmental Disabilities had a data breach in 2006, in Ohio. In April, three laptop computers were stolen from the agencys office. They contained personal information on mental health clients, including Social Security numbers. Those affected were contacted in May. (100 records involved) [source].

  

Lourdes Counseling Center purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Developmental Services had a data breach in 2013, in California. Stacks of patient and billing records were left in an unsecured and abandoned office in March of 2012. Credit card and Social Security numbers may have been exposed. [source].

  

Nyc Office Of Mental Health purchases statewide personal hospital discharge data from at least NY [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Developmental Services had a data breach in 2013, in California. An employee at North Los Angeles County Regional Center left a work laptop, a personal laptop, and an iPhone in their car overnight. The items were stolen during the night. The employee worked for a program that served disabled infants and toddlers. Names, Social Security numbers, and other personal information were on the unencrypted work laptop. The theft occurred in November and patients were notified in January of 2013. (18,100 records involved) [source].

  

Tbs (Therapeutic Behavioral Services) purchases statewide personal hospital discharge data from at least MD [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Carolina Center for Development and Rehabilitation had a data breach in 2010, in North Carolina. After a doctor left office cleaning to his sons, they mistakenly threw out hundreds of medical records. The medical records were left in a public recycling bin and included medical histories, pictures of patients and Social Security numbers.UPDATE (7/31/10): The psychologist has contacted 1,590 of his patients.UPDATE (9/7/2011): The psychologist has paid $40,000 for violating state regulations by illegally dumping files containing patients financial and medical information. This information included names, Social Security numbers, addresses, dates of birth, drivers license numbers, insurance account numbers, and health information. (1,590 records involved) [source].

  

West Seattle Psychiatric Hospital purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Centerstone had a data breach in 2010, in Tennessee. According to Centerstone: During the weekend of April 30th, 2010, flood waters broke windows of our administrative office for School-Based Services... As a result of the unprecedented flooding that occurred, some clinical record information, along with name, Centerstone ID#, Social Security number, and date of birth, may have been removed from the building by flood waters. (1,537 records involved) [source].

  

Youth Alternatives Ingraham purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Coastal Behavioral Healthcare, Inc. had a data breach in 2012, in Florida. Numerous documents containing patient information were found in a vehicle during a traffic stop. A law enforcement officer notified Coastal Behavioral Healthcare of the potential breach on October 10, 2012. The documents contained a list of 136 Coastal Behavioral Healthcare patient names and identifying information dated April 2011. It is unclear how the information was breached and how many additional patients may have been affected. [source].

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.