theDataMap Documenting all the places personal data goes. |
Legend: with your name, without your name. Click on a circle above for names of organizations and details of data shared.
Personal Transport companies transport patients and include helicopter (MedEvac),
ambulance, or Safe Ride. They also include non-patient specialized transportation
(i.e. taxis) when transporting patients for medical reasons.
Your
medical history is collected during emergency transportation, if possible,
as well as the procedures performed during transport,
while non-emergency transportation collects some medical information
from you,
your healthcare provider
or care facility
in case of emergency.
Examples E M T Associates
purchases statewide
personal hospital discharge data
from at least TN, CA
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Advanced Data Processing, Inc. (ADPI), Grady EMS
had a data breach in 2012,
in New Jersey.
Information from certain ambulance agencies was inappropriately accessed and disclosed. Patient account information such as names, Social Security numbers, dates of birth, and record identifiers were exposed by a dishonest ADPI employee. ADPI learned of the breach on October 1. The dishonest employee was fired and apprehended by authorities.UPDATE(12/04/2012): The former ADPI employee stole information associated with Grady EMS ambulance service. About 900 Grady EMS patients had their information exposed between June 15, 2012 and October 12, 2012.UPDATE(01/05/2013): A detailed list of the organizations and number of people who were affected is available on phiprivacy.net here:http://www.phiprivacy.net/?p=10825UPDATE(03/08/2013): Osceola County EMS released a notification in March of 2013 here: http://tinyurl.com/a335kakUPDATE(03/14/2013): The Yuma, Arizona Fire Department was also affected by the breach. ADP handles the billing for Yumas emergency medical services. Names, Social Security numbers, dates of birth, and record identifiers may have been accessed.
[source].
| | | | Miemss
purchases statewide
personal hospital discharge data
from at least MD
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Carolinas Medical Center, NorthEast
had a data breach in 2007,
in North Carolina.
A paramedic left a computer on the back bumper of an ambulance and then drove away. The laptop contains names, addresses, phone numbers and Social Security numbers of approximately 28,000 people who have been cared for by the Cabarrus County EMS over the last four years.
(28,000 records involved)
[source].
| | | | Nor-Cal Ems, Inc.
purchases statewide
personal hospital discharge data
from at least CA
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Life Flight (IHC Health Services Inc.)
had a data breach in 2013,
in Oregon.
An administrative error caused the information of patients flown by Life Flight helicopters to be available online. Patients flown during April, May, and June of 2004 may have had unspecified information exposed. It was confirmed that 107 patients had their Social Security numbers exposed. It is unclear how long the information was available and if patients flown during additional months may have been affected. The information was moved to a secure server to address the breach.UPDATE(05/17/2013): The sensitive information was available online as early as October 12, 2009.
(107 records involved)
[source].
| | | | Washington State Traffic Safety Commission
purchases statewide
personal hospital discharge data
from at least WA
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Randle Eastern Ambulance Service inc.
had a data breach in 2010,
in Florida.
A man and his wife who were previously charged with selling patient information in 2009, were charged with stealing personal information of individuals transported by Randle Eastern Ambulance Service Inc. (American Medical Response). The information was then sold to South Florida personal injury attorneys and clinics. The stolen information included names, telephone numbers, medical diagnoses, and addresses. They used the help of a former AMR employee.
[source].
| | | | Eastern Shore Rural Health, Inc. had a data breach in 2018, in Virginia. On February 2, 2018, Eastern Shore began to receive reports from several employees that unauthorized individuals attempted to file fraudulent tax returns in their name. At this point, there is no indication that employee data was accessed without authorization on Eastern Shore's systems. However, due to the timing of the reports of fraudulent tax returns being filed, Eastern Shore is notifying its employees of the potential incident so they can take steps to protect themselves. Eastern Shore will continue to investigate the incident and remediate any issues discovered. [source] | | Meigs County EMS had a data breach in 2016, in Ohio. The information was breached via Desktop Computer, Email, Network Server. [source] | | | | Morgan Stanley had a data breach in 2014, in New York. An employee of Morgan Stanley stole customer information on 350,000 clients including account numbers. Additional information on what other information was captured has not yet been released. Files for as many as 900 clients ended up on a website. The employee has since been fired and the bank is notifying all of the individuals affected. The FBI is currently investigating the incident. [source] | | Safe Ride Services, Inc. had a data breach in 2012, in Arizona. A former employee may have accessed computer systems without authorization and accessed service files. The incident or incidents occurred between August 31, 2011 and January 31, 2012. Employee personal information as well as patient demographic and insurance information were exposed. It is unclear if the former employee was currently employed at the time of the incidents. The incident was posted on the HHS website on June 8. [source] | | | | Southwest Ambulance had a data breach in 2011, in Arizona. The information was breached via Desktop Computer, and Laptop. [source] | | UPMC had a data breach in 2012, in Pennsylvania. An assistant police chief filed a complaint alleging that the chief of policed breached federal privacy law. The complaint alleges that the chief of police received information about ambulance dispatches that was primarily intended for paramedics and other active first responders. He also claims the chief of police forwarded the information to a third party. [source] | | | | | | |
(return to health DataMap) |