theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Social Services are local, state or federal government public services including healthcare, public housing, youth, family and senior programs and assistance for people with disabilities. These government organizations collect medical information from you, if you are a member of a population they serve. Even being on a department's list may imply medical conditions.

Examples

DHHS purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Area Agency on Aging, Inc. had a data breach in 2011, in Ohio. The June 3 theft of a laptop from an employees car resulted in the exposure of consumer information. The laptop was assigned to a PASSPORT case manager. It contained the health information of 43,000 consumers and the personal contact information of 35,000 related clients personal representatives. [source].

  

Ca Wic Association purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Avalon Centers had a data breach in 2011, in New York. A former judge was arrested for making false statements to a federal agent. The former judge was attempting to reopen an eating-disorder clinic and tossed old records into a nearby dumpster in June of 2010. Authorities found 15 to 20 boxes of papers with patient names, Social Security numbers, addresses, dates of birth, medical complaints, medical diagnosis, treatment information and other health information. When a federal agent asked the former judge about the boxes, he responded that they contained business information without any sensitive medical information. (172 records involved) [source].

  

Department Of Social & Health Services, WA purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Butler County Department of Job and Family Services had a data breach in 2010, in Ohio. The Agency learned in 2008 that confidential records were being left in public dumpsters without being shredded. Documents from Medicaid, Food Stamps, Ohio Works First, and child care programs included information such as Social Security number, name, address, phone number and pay stub. The agency failed to notify those who were affected. (10,600 records involved) [source].

  

Department Of Veterans Affairs, Palo Alto purchases statewide personal hospital discharge data from at least NY [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Health Care Services had a data breach in 2010, in California. The California Department of Health Care Services released confidential and identifying information about HIV positive Medi-Cal recipients to a third party service provider. A network of organizations have deemed this action illegal and unauthorized. A letter was sent by the network asking for an explanation of how this happened and reassurance that it will not happen again. [source].

  

DSHS-Cancer Epi. & Surveillance purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Health Care Services had a data breach in 2010, in California. The personal security of nearly 50,000 people may have been breached by the California Department of Health Care Services. Social Security numbers were printed on the address labels of letters that were mailed by the department. State employees mistakenly included the numbers in a list of patient addresses. The list was sent to an outside contractor, who printed and mailed the envelopes. (50,000 records involved) [source].

  

DSHS-Community Preparedness Section purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Health Services had a data breach in 2005, in California. A laptop containing the names, Social Security numbers, and medical information of Medi-Cal beneficiaries was stolen from the car trunk of an employee. The Department of Health Services began notifying beneficiaries in late May. (21,600 records involved) [source].

  

DSHS-Emerg & Acute Infec Disease purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Health Services (CDHS) had a data breach in 2006, in California. On June 12, a box of medi-Cal forms from December 2005 were found in the cubicle of a california Dept. of Health Services employee. The claim forms contained the names, addresses, Social security numbers and prescriptions for beneficiaries or their family members. (1,550 records involved) [source].

  

DSHS-Region 9/10 purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

California Department of Healthcare Services had a data breach in 2012, in California. Names and Social Security numbers were discovered on the website of the Department of Health Care Services. People who sent their information in order to become a provider of In-Home Supportive Services (IHSS) may have had their information exposed online between November 5, 2012 and November 20. The issue was discovered on November 14 and was not fully addressed until November 20. The list should have only contained provider names, addresses, and provider types. It also contained Social Security numbers that were listed in the column for Provider Billing Numbers. The Social Security numbers were not easily recognizable in this format.UPDATE(12/11/2012): Nearly 14,000 people were affected. (14,000 records involved) [source].

  

DSHS-Tower Library- Chsu purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Chautauqua County Department of Social Services had a data breach in 2006, in New York. Paperwork being used in Medicaid fraud investigations was stolen from an employees car. The theft occurred sometime between July 31 and August 1. People who were being investigated may have had their private information exposed. (12 records involved) [source].

  

Florida Department Of Children & Families purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Child Protective Services had a data breach in 2008, in Texas. Hundreds of private, personal records were discarded with the trash, including records detailing medical histories of clients with diseases and drug addictions. Documents showing sexual abuse and information that could be used for identity theft, such as Social Security numbers, were also found in the trash. [source].

  

JWB Childrens Services Council Of Pinellas purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Department of Social and Health Services - Washington had a data breach in 2011, in Washington. A coding error caused mailing mistakes to be made in July. Medical enrollment forms with the addresses of custodial parents were sent to non-custodial parents. However, no addresses were disclosed in cases involving foster care of domestic violence. [source].

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.