Documenting all the places
personal data goes.


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.

Employers receive information from health insurance companies about the overall health of employees and family members covered by the employer's health insurance plan. The information employers receive from Health Insurance Companies should not include the names of employees. Employers often share information with the the employee unions about their employees since unions commonly coordinate health insurance.

Employers also receive personal health information from wellness programs. Because Wellness Program often have an incentive and reward structure aimed at changing your life specifically, information between the Wellness program and the Employer usually includes your name.

These data sharing occur because employers have a financial interest in your healthcare. Not only do employers in the United States provide health insurance options to employees that cover employees and the families of employees, but employers also tend to contribute monthly insurance payments to the health plan. The healthier the population of employees, the less healthcare costs may be for the employer.

A Self-Insured Employer pays your medical bills directly, rather than there being a separate health insurance company. Because medical bills often include sensitive information, such as diagnoses, procedures and lifestyle content, self-insured employer typically use third parties to receive medical bill details from physicians, hospitals, and clinical laboratories. Bills typically include your name, address, policy number, date of birth, diagnoses, and procedures. Feedback to the employer should be aggregate information that does not include your name.


HealthCare Concepts, Inc. purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.


Affiliated Computer Services (ACS), Kraft Foods had a data breach in 2007, in Illinois. A computer tape with the names and Social Security numbers of current and former Kraft employees was lost by ACS. ACS administers Krafts prescription drug benefits program. ACS believes it accidentally destroyed the tape. Kraft reported the number of affected residents in North Carolina, New Hampshire, Maine and New York, but the total number nationwide was not reported and is likely to exceed 1446. (1446 records involved) [source].


(return to health DataMap)

Copyright © 2012-2016 President and Fellows Harvard University.