theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Clinical, Imaging and Radiology Laboratories receive data from and provide data to providers (hospital, physician), health payers (insurer) and clearing houses.

Doctors and hospitals send out specimens for testing to clinical laboratories, who send back the results and send billing information to clearing houses and insurers.

Examples

Maine Molecular Imaging, LLC purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Alliance HealthCare Services, Inc. had a data breach in 2010, in California. One or more portable devices were lost or stolen between July 31 and August 5. [source].

  

Quest Diagnosis purchases statewide personal hospital discharge data from at least CA FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Berkely HeartLab (BHL) had a data breach in 2011, in California. Several former employees were found to have accessed patient information without authorization and taken the data to a competitor. Patient names, Social Security numbers, addresses, dates of birth, lab tests, and lab results were exposed. In January of 2010, BHL filed a lawsuit against Health Diagnostic Laboratory, Inc., and two former employees for trade secret violations and breach of contract. [source].

  

The Jackson Laboratory purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Blue Island Radiology had a data breach in 2010, in Illinois. A backup data tape and compact disc containing protected health information were never received. Individuals demographic, financial and clinical information were on the CD. [source].

  

Clinical Reference Laboratory had a data breach in 2014, in Kansas. Clinical Reference Laboratory, Inc. notified individuals of a breach regarding their personal information. On or around February 6, 2014 Clinical Reference Laboratory (CRL) sent a packet of invoices via the United States Postal Service to Nationwide Insurance for services performed. The package was damaged when it arrived at the USPS facility and some of the invoice pages were missing.The information in these missing pages included names, dates of birth, the last 4 digits of individuals Social Security number and the type of lab tests conducted.The company has arranged a free one year subscription through Equifax Personal Solutions. [source]

  

Clinical Reference Laboratory had a data breach in 2015, in Kansas. A parcel addressed by the covered entity (CE), Clinical Reference Laboratory, Inc., to Personalized Prevention, was damaged and opened during the mailing process by the United States Postal Service on or about November 4, 2014. The types of protected health nformation (PHI) involved in the breach included the names, partial Social Security Numbers, dates of service, and lab test types of 4,668 individuals. Since multiple breach reports have been received involving the same CE and fact pattern, this nvestigation is being closed and consolidated into one OCR investigation. [source]

  

Dearfield Medical Building had a data breach in 2007, in Connecticut. A box was discovered at inside a trash bin in May and contains information about lab tests and insurance approvals as well as other medical issues, documents are not medical charts, but do contain patient names and contact information. [source]

  

Diamond Institute For Infertility & Menopause had a data breach in 2017, in New Jersey. [source]

  

Integrity Transitional Hospital had a data breach in 2016, in Texas. The information was breached via Network Server. [source]

  

Labcorp had a data breach in 2006, in New Jersey. During a break-in June 4 or 5, a computer was stolen that contained names and SSNs, but according to the company did not have birth dates or lab test results. [source]

  

Laboration Corporation of America LabCorp had a data breach in 2010, in North Carolina. Thousands of medical documents fell out of a truck bed while in transit. The scattered documents contained billing information and possibly medical records from 1993 or later. [source]

  

Physicians Automated Laboratory had a data breach in 2012, in California. An office burglary on or around March 26 resulted in the exposure of patient information. Patient files containing names, phone numbers, dates of birth, addresses, and lab work were stolen from a laboratory. It is unclear why affected patients were not notified until two months after the incident. [source]

  

Physician's Automated Laboratory had a data breach in 2012, in California. An office burglary was discovered on March 26. The theft of lab requisition forms that were kept in a locked cabinet resulted in the exposure of information of patients who received laboratory services between February 1 and March 23. Patient names, addresses, phone numbers, dates of birth, insurance information, ordering practitioners name, and types of laboratory tests ordered may have been accessed. [source]

  

Planned Parenthood Southwest Ohio had a data breach in 2015, in Ohio. On October 1, 2014, the Covered Entity (CE) mistakenly disposed of binders containing protected health information (PHI). The CE's archived prescription dispensing logs and waived lab test logs were left in an unlocked closet after business hours and a custodian mistakenly put them in a trash dumpster. The following morning, the dumpster was emptied by the trash collector who took it to be buried with other garbage at a landfill that same day. The PHI involved in the incident included the names, dates of birth, lab results, and medications of approximately 5,000 individuals. After the CE filed the breach report, it determined that the incident was a non-reportable breach based on a four-part breach assessment and a low probability that the PHI in the binders had been compromised. The CE stated that its breach filing to OCR was not untimely, but was made in error. The CE conducted an investigation, re-trained all staff regarding its HIPAA policies and procedures, completed on-site HIPAA compliance audits, and implemented a new policy to address bulk trash removal from the health centers. OCR obtained written assurances that the voluntary actions of the CE listed above were taken. [source]

  

PST Services, Inc., Litton and Giddings Radiological Associates, P.C. had a data breach in 2012, in Montana. Litton and Giddings janitorial service, PST Services, failed to shred patient billing records before sending them to a Springfield recycling company. The records may have been viewed by unauthorized parties before being destroyed at the recycling center. [source]

  

Seacoast Radiology had a data breach in 2011, in New Hampshire. On November 12, Seacoast discovered that a server had been breached. Patient names, Social Security numbers, addresses, phone numbers and other personal information may have been exposed by the breach. Credit card and other financial information were not exposed. The estimated number of individuals who received notification is 231,400. Not all people who received a notification letter were affected. Patients and people serving as insurance guarantors were affected. It is believed that the hackers were utilizing Seacoasts bandwidth to play a popular game called Call of Duty: Black Ops. [source]

  

St. Joseph's Medical Center, HealthCare Clinical Laboratory, Patient Service Center had a data breach in 2012, in California. A February 2 office burglary resulted in the exposure of patient records from the Health Care Clinical Laboratory Patient Service Center. Two storage boxes that contained lab requisition forms were immediately discovered missing. They contained lab information provided between December 13, 2011 and January 5, 2012. A third box containing records of services administered between October 24 and November 18 was discovered missing on March 16. Names, Social Security numbers, insurance information, addresses, and phone numbers may have been exposed. At least one patient reported an attempt to open a credit card under their name since the thefts. [source]

  

VHS Genesis Lab had a data breach in 2010, in Illinois. The information was breached via Paper/Films. [source]

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.