Documenting all the places
personal data goes.
Legend: 
with your name,
without your name.
Click on a circle above for names of organizations and details of data shared.
Blood and Tissue companies (for or non-profit) are involved in collecting and/or distributing blood and tissue such as blood banks, the American Red Cross, and groups affiliated with organ transplant programs. These groups gather medical and personal histories about you, as a donor when you perform organ compatibility tests or collect the sample.
Examples
Bloodsource purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard. | American Red Cross, Farmers Branch had a data breach in 2006, in Texas. Sometime in May, three laptops were stolen, one of them containing encrypted personal information including names, SSNs, dates of birth, and medical information of all regional donors. They also report losing a laptop with encrypted donor information in June 2005. [source]. | |
Cord Blood Bank purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard. | American Red Cross, St. Louis Chapter had a data breach in 2006, in Missouri. A dishonest employee had access to Social Security numbers of donors. The database was used to call previous donors and urge them to give blood again. The employee misused the personal information of at least three people to perpetrate identity theft and had access to the personal information of one million donors. (1,000,000 records involved) [source]. | |
The United Network For The Recrtmnt Of Trans Prof. purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard. | Cord Blood Registry had a data breach in 2011, in California. Backup tapes were stolen from an employees car in San Francisco on December 13, 2010. Names and Social Security, drivers license and credit card numbers were on the tapes. The tapes were not encrypted. Customers began receiving notification on February 14 of 2011. A computer and other personal property were stolen during the burglary. (300000 records involved) [source]. | |