3M is a Saint Paul, Minnesota-based company that makes health products such as hospital and dental supplies and has a consulting division focused on health information technology 3M purchases statewide personal hospital discharge data from at least 3 states: CA, MD, and WA [source]. The purchased data does not contain the person's name, but it is possible to match some people by name [source].

Georgetown University Hospital had a data breach in 2006, in District Of Columbia. Patient data was exposed online via the computers of an e-prescription provider, InstantDx. data included names, addresses, SSNs, and dates of birth, but not medical or prescription data. GUH suspended the trial program with instantDX. (23,000 records involved) [source].

QuadraMed is a Reston, Virginia-based software and services company whose products include electronic health records and billing and scheduling software for health care providers. QuadraMed purchases statewide personal hospital discharge data from at least 5 states: CA, FL, NY, TX, WA [source]. The purchased data does not contain the person's name, but it is possible to match some people by name [source].

Health Information Trust Alliance had a data breach in 2013, in Texas. A hacking incident resulted in the exposure of 111 records. Names, phone numbers, addresses, email addresses, and company names were exposed. [source].

HCL Technologies, LTD purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Lawrence Melrose Medical Electronic Record, Inc. had a data breach in 2013, in Massachusetts. An employee of Lawrence Melrose accessed patient information for reasons unrelated to their work. It is unclear what type of patient information was exposed and how many patients were affected. [source].

Net-Fast, Inc. purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

meridianEMR had a data breach in 2011, in New Jersey. On June 16, 2011, meridianEMR announced that it had filed a lawsuit against Intuitive Medical Software (UroChart). meridianEMRs Advanced Monitoring System detected copying activities on meridianEMRs server. meridianEMR immediately contacted Intuitive in response to the discovery. A second group called The Shappley Clinic was also accused of accessing meridianEMRs data and placing patients in meridianEMRs system at risk. The lawsuit contends that UroChart and another party have and have had unlawful access to patient information in violation of patient privacy rights. UroChart is accused of violating New Jerseys Computer Related Offenses Act and behaving willfully and intentionally with malice. [source].

Dynafios Llc purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

University of Florida, Health Sciences Center, ChartOne had a data breach in 2005, in Florida. A contractors laptop containing patient names, Social Security numbers, dates of birth, and medical record numbers was stolen. A letter was sent to the affected patients. (3,851 records involved) [source].