Orange Co Health Care Agency purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Adult and Child Care Center, Choices, Inc., Diversified Support Services, Midtown Mental Health Center had a data breach in 2012, in Indiana. A hacking incident that occurred on or around May 10 may have exposed the protected health information of patients. The incident was reported by HHS on July 27.UPDATE(08/16/2012): A total of 505 clients and family members of clients of Diversified Support Services and 890 clients and family members of clients of Midtown Mental Health Center were affected. Social Security numbers, private health information, and demographic information were exposed. (1,945 records involved) [source].

Alcohol Drug Program Administration purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Anchorage Community Mental Health Services, Inc. had a data breach in 2012, in Alaska. An unauthorized disclosure involving a computer or computers resulted in the exposure of protected health information. The breach occurred sometime between December 20, 2011 and January 4, 2012. This breach was reported on the HHS website. [source].

California Dept. Of Mental Health purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Arizona Counseling and Treatment Services (ACTS), Cenpatico Behavioral Health of Arizona had a data breach in 2013, in Arizona. The home theft of any employees laptop and external drive resulted in the exposure of patient information. The theft occurred sometime between March 18 and March 25; other items were stolen besides the laptop and hard drive. Neither the laptop nor the hard drive were encrypted. Patients who visited either Cenpatico or its contractor ATS between 2011 and 2013 may have had their names, dates of birth, and treatment plans exposed.UPDATE(04/17/2013): More than 3,000 patients were affected by the breach. [source].

Dcf, Substance Abuse & Mental Health purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Austin Center for Therapy and Assessment had a data breach in 2011, in Texas. The July 8 theft of a laptop resulted in the exposure ofprivate patient information. Patient names, addresses, Social Security numbers and treatment information may have been obtained from the stolen laptop. (1,870 records involved) [source].

Florida Council For Community Mental Health purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Butler County Department of Mental Retardation & Developmental Disabilities had a data breach in 2006, in Ohio. In April, three laptop computers were stolen from the agencys office. They contained personal information on mental health clients, including Social Security numbers. Those affected were contacted in May. (100 records involved) [source].

Lourdes Counseling Center purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

California Department of Developmental Services had a data breach in 2013, in California. Stacks of patient and billing records were left in an unsecured and abandoned office in March of 2012. Credit card and Social Security numbers may have been exposed. [source].

Nyc Office Of Mental Health purchases statewide personal hospital discharge data from at least NY [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

California Department of Developmental Services had a data breach in 2013, in California. An employee at North Los Angeles County Regional Center left a work laptop, a personal laptop, and an iPhone in their car overnight. The items were stolen during the night. The employee worked for a program that served disabled infants and toddlers. Names, Social Security numbers, and other personal information were on the unencrypted work laptop. The theft occurred in November and patients were notified in January of 2013. (18,100 records involved) [source].

Tbs (Therapeutic Behavioral Services) purchases statewide personal hospital discharge data from at least MD [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Carolina Center for Development and Rehabilitation had a data breach in 2010, in North Carolina. After a doctor left office cleaning to his sons, they mistakenly threw out hundreds of medical records. The medical records were left in a public recycling bin and included medical histories, pictures of patients and Social Security numbers.UPDATE (7/31/10): The psychologist has contacted 1,590 of his patients.UPDATE (9/7/2011): The psychologist has paid $40,000 for violating state regulations by illegally dumping files containing patients financial and medical information. This information included names, Social Security numbers, addresses, dates of birth, drivers license numbers, insurance account numbers, and health information. (1,590 records involved) [source].

West Seattle Psychiatric Hospital purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Centerstone had a data breach in 2010, in Tennessee. According to Centerstone: During the weekend of April 30th, 2010, flood waters broke windows of our administrative office for School-Based Services... As a result of the unprecedented flooding that occurred, some clinical record information, along with name, Centerstone ID#, Social Security number, and date of birth, may have been removed from the building by flood waters. (1,537 records involved) [source].

Youth Alternatives Ingraham purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Coastal Behavioral Healthcare, Inc. had a data breach in 2012, in Florida.Numerous documents containing patient information were found in a vehicle during a traffic stop. A law enforcement officer notified Coastal Behavioral Healthcare of the potential breach on October 10, 2012. The documents contained a list of 136 Coastal Behavioral Healthcare patient names and identifying information dated April 2011. It is unclear how the information was breached and how many additional patients may have been affected.[source].

County of Los Angeles Departments of Health and Mental Health had a data breach in 2016, in California. The information was breached via Email. [source]

First Step Counseling, Inc. had a data breach in 2012, in New Jersey. An unauthorized disclosure of paper records may have exposed patient information. The breach may have taken place between May 1, 2011 and August 5, 2011. It was discovered or reported on November 16 of 2012. [source]

Foundations Recovery Network had a data breach in 2013, in Tennessee. The June 15 theft of an employees laptop resulted in the exposure of patient information. Names, Social Security numbers, dates of birth, addresses, medical information, and telephone numbers were on the laptop. [source]

Fox River Counseling Center had a data breach in 2015, in Wisconsin. The information was breached via Network Server. [source]

Iowa Department of Health Services had a data breach in 2013, in Iowa. Former patients of the Mental health Institute in Independence and state employees may have had their confidential information exposed. A backup tape was found to have been missing as of April 30. Officials of Iowa Department of Human Services believe the tape was accidentally discarded or destroyed. [source]

Lakeshore Mental Health Institute had a data breach in 2013, in Tennessee. [source]

Long Island Consultation Center (LICC) had a data breach in 2010, in New York. A computer device containing doctor reports was reported missing from a secured area at LICC on May 24th. Names, dates of birth, diagnostic information and treatment information of some patients may have been included on the device. [source]

Michigan Department of Community Health had a data breach in 2006, in Michigan. [source]

Navos Mental Health Solutions had a data breach in 2011, in Washington. Paper records with sensitive information were misplaced, stolen, or improperly accessed sometime around March 15, 2011. [source]

North Los Angeles County Regional Center (NLACRC) had a data breach in 2013, in California. The information was breached via Network Server. [source]

Prince William County Intellectual Disabilities Case Management had a data breach in 2010, in Virginia. [source]

Private Counseling and Psychotherapy Practice had a data breach in 2010, in New York. The September 6 theft of a desktop computer resulted in the exposure of patient information. [source]

Region Six of the Georgia Department of Behavioral Health and Developmental Disabilities had a data breach in 2014, in Georgia. The information was breached via Laptop. [source]

Restart Behavioral Health Care had a data breach in 2012, in North Carolina. [source]

Stronghold Counseling Services, Inc. had a data breach in 2013, in South Dakota. The December 24, 2012 theft of a computer resulted in the exposure of patient information. [source]

Treatment Services Northwest had a data breach in 2011, in Oregon. A computer was stolen on or around July 29, 2011. It contained the protected health information of 1,200 patients who visited for outpatient alcohol and drug treatment services. [source]

Tricounty Behavioral Health Clinic had a data breach in 2012, in Georgia. An August 26 office theft of a laptop resulted in the exposure of patient information. [source]

Valley Mental Health had a data breach in 2013, in Utah. [source]