theDataMap

Maps	Who?  | 1997

Reports

History

News	About  | HIPAA

Contact

Sponsors

Organizations | Map.     Legend: click for details, with your name, without your name.

Flows not covered by HIPAA are in bold.

Of the hundreds of flows of personal health data documented on thedatamap, only half are actually covered by the Health Information Portability and Accountability Act (HIPAA). HIPAA governs the sharing of personal health information in the United States, but only applies to those entities involved in the direct billing of patient care. So, HIPAA covers some of the data flows from physicians and hospitals, but not all. A noteworthy exception is Discharge Data, which is authorized by state laws. Hospitals and physicians send a copy of each visit to the state and the state, in turn, often shares the data in ways less protective than HIPAA warrants.

Discharge data collected and sold by states (details)

Example of a privacy vulnerability in discharge data

Top multi-state buyers of discharge data