theDataMap Documenting all the places personal data goes. |
Legend: with your name, without your name. Click on a circle above for names of organizations and details of data shared.
Financial firms and consultants receive information
from you, the patient
and discharge data.
These companies may even be involved in personal lending involving mortgages or credit cards.
Examples Bank Of America Merrill Lynch/ Healthcare Finance
purchases statewide
personal hospital discharge data
from at least FL
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Dezonia Group
had a data breach in 2009,
in Illinois.
The city of Chicago bills people for ambulance rides -- $600 and up. It uses a third party, Dezonia group, for billing. An employees laptop, containing patient names, addresses and Social Security numbers, was stolen from the company. Reports differ as to whether or not the data was encrypted.
(63000 records involved)
[source].
| | | | Bradwish Financial Services, Inc.
purchases statewide
personal hospital discharge data
from at least FL
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Holyoke Medical Center, Caritas Carney Hospital, Milton Hospital, Milford Hospital
had a data breach in 2010,
in Massachusetts.
A large pile of medical records was found at Georgetown Transfer Station public dump. The reports contained names, addresses, diagnosis, Social Security numbers, and insurance information. A medical billing company known as Goldthwait Associates is believed to be responsible. The medical records are mostly from pathology patients served at the hospitals between 2007 and March of 2010.UPDATE (9/2/10): Holyoke reported that 24,750 patients were affected. The exact number of patients affected from other medical centers is still unknown. Between 8,000 and 12,000 patients of Milton Hospital were affected.UPDATE (10/11/10): Milton Pathology Associates, P.C. reported that a prior owner of Goldthwait Associates improperly disposed of patient information. Eleven thousand patients were affected. Milford Regional Medical Center reports that the incident affected 19,750 patients.UPDATE(01/07/2013): People associated with Goldthwait Associates, Chestnust Pathology Services, Milford Pathology Associates, Milton Pathology Associates, and Pioneer Valley Pathology Associates agreed to collectively pay $140,000 to settle allegations related to the breach.
(45,600 records involved)
[source].
| | | | Dixon Hughes, Pllc
purchases statewide
personal hospital discharge data
from at least MD TX
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Medassets Inc., Saint Barnabas Health Care System, Cook County Health and Hospitals (CCHHS)
had a data breach in 2011,
in Georgia.
An external computer hard drive was stolen from a MedAsset employees car on June 24. MedAsset provides administrative and business services to medical centers. The hard drive contained the personal information of patients who were being considered for governmental benefits at six Saint Barnabas acute care hospitals and patient information from Cook County Health and Hospitals System in Chicago. Patient names, medical center account numbers, medical record numbers, dates of birth, medical center charges, amount paid, health insurance information and discharge dates were exposed. Approximately seven percent of the Saint Barnabas System patients who were affected had their Social Security numbers exposed as well. The six Saint Barnabas Health Care System clinics are:Clara Maass Medical Center - 8,795Community Medical Center - 6,950Kimball Medical Center - 6,785Monmouth Medical Center - 6,443Newark Beth Israel Medical Center - 15,015Saint Barnabas Medical Center - 6,179Also, 32,008 CCHHS patients were affected.
(3,500 records involved)
[source].
| | | | Gerson, Preston, Robinson & Co.
purchases statewide
personal hospital discharge data
from at least FL
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Healthcare Financial Consultants
purchases statewide
personal hospital discharge data
from at least CA
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | | | Tax Matters
had a data breach in 2011,
in Texas.
Someone noticed that thousands of intact personal documents had been dumped in an unsealed dumpster. He called a local news crew and they came to recover and store the documents. The personal documents included applications, resumes, check books, federal income tax forms, and even patient diagnosis forms. The information covered a period between 2003 and 2007. A new employee of Tax Matters dumped the documents without shredding them.
[source].
| | Jersey City Medical Center - Barnabas Health had a data breach in 2014, in New Jersey. A business associate was not present. [source] | | | | G&S Medical Associates, LLC had a data breach in 2016, in New Jersey. G&S Medical Associates, LLC suffered a data breach when a desktop computer was hacked. The type of information hacked was not disclosed by HHS. [source] | | Medical Center Ophthalmology Associates had a data breach in 2018, in Texas. The information was breached via Email. [source] | | | | Ohio State University Medical Center, MTE Consulting had a data breach in 2005, in Ohio. A laptop containing patient information was stolen from a financial consultant. MTE Consulting notified OSU medical center a month after the laptop was stolen and OSU sent a brief letter to the affected clients. [source] | | Professional Counseling & Medical Associates had a data breach in 2017, in Tennessee. The information was breached via Electronic Medical Record. [source] | | | | Saint Francis Hospital and Medical Center had a data breach in 2014, in Connecticut. The information was breached via Paper/Films. [source] | | The MS Center of Saint Louis and Mercy Clinic Neurology - Town and Country had a data breach in 2017, in Missouri. A
business associate was not present. [source] | | | | | | |
(return to health DataMap) |