theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Care facilities include retirement homes, skilled nursing facilities, hospice, live-in rehabilitation and other non-hospital overnight healthcare facilities. These facilities need medical histories for you, if you are a client, to provide care and keep records of any medical issues and procedures that occur while you may be living there.

Examples

Covenant Health System purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Alliance Inc. had a data breach in 2010, in Maryland. A laptop containing client information was stolen from an employees car on May 3. Client names, addresses, Social Security numbers and diagnoses may have been exposed. The incident was reported on May 10. [source].

  

Kindred Healthcare purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Azure Acres had a data breach in 2011, in New York. The November 12 theft of a physicians laptop resulted in the exposure of client information. The information included full name and billing information, but did not include addresses or Social Security numbers. Azure Acres is a drug and alcohol abuse facility. [source].

  

Rehabcare purchases statewide personal hospital discharge data from at least MD [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hope Hospice had a data breach in 2013, in Texas. An employee used an unsecured email to send sensitive patient information. Two separate administrative violations occurred on December 27, 2012 and on February 22, 2013. The issue was discovered on February 25. The information was secured on February 28, 2013. Patient names, referral sources, Hospice admission and discharge dates, the names of insurance providers, and chart numbers may have been exposed. [source].

  

Signature Healthcare Consulting purchases statewide personal hospital discharge data from at least FL TN [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hospice of North Idaho (HONI) had a data breach in 2013, in Idaho. The June 2010 theft of an unencrypted laptop from an employees car resulted in the exposure of patient information. The HHS Office for Civil Rights investigated the breach and found that HONI had not conducted a risk analysis to safeguard electronic protected health information. It was also discovered that HONI did not meet a HIPAA Security Rule that required them to have policies or procedures in place to address mobile device security. HONI agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 regarding potential Health Insurance Portability and Accountability Act of 1996 Security Rule violations. HONI also began taking extensive steps to improve their HIPAA Privacy and Security compliance program since the June 2010 breach. [source].

  

Sutter Vna & Hospice purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hospice Palliative Care of Alamance-Caswell, LifePath Home Health had a data breach in 2013, in North Carolina. The February 24 burglary of three laptops resulted in the exposure of patient information. The laptops were stolen from the hospital in addition to needles, syringes, and miscellaneous items. The unencrypted laptops contained emails that had sensitive patient information. [source].

  

United Medical Corporation purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Huntington Place Senior Community had a data breach in 2010, in Louisiana. Personal documents were found in the abandoned nursing home. The documents included names, Social Security numbers, medical records and dates of birth of patients. [source].

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.