theDataMap Documenting all the places personal data goes. |
Legend: with your name, without your name. Click on a circle above for names of organizations and details of data shared.
Dental and Vision are dentist and optometrist practices,
differentiated from other healthcare providers, such as
physicians
because they are usually not covered by
health insurance.
Dentists and optometrists need to know medications
you,
as their patient, are on as well as basic medical conditions.
Examples Maine Oral Health Program
purchases statewide
personal hospital discharge data
from at least ME
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Abbott Medical Optics, Baylor College of Medicine Department of Ophthalmology
had a data breach in 2011,
in California.
Backup tapes with information from Ophthalmology department equipment were stolen from Abbotts office after being collected from Baylor. The information on the tapes included the eye contour measurement charts, names and physician names of patients who were preparing for Lasik surgery.
[source].
| | | | St. Lukes Cataract & Laser Institute
purchases statewide
personal hospital discharge data
from at least FL
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Beauty Dental, Inc.
had a data breach in 2010,
in Illinois.
The paper records of some individuals were lost or stolen on June 5.
[source].
| | | | Valley Vision
purchases statewide
personal hospital discharge data
from at least CA
[source].
See more information about the
fields of data shared,
an example of matching real names to the records
in statewide discharge data, and
which states use standards less than the HIPAA standard.
| | Cigna Dental
had a data breach in 2012,
in Connecticut.
On March 23, 2012, an employee sent an unencrypted document to the personal emails of herself and her son. The document contained the first names of customers and their Social security numbers. Cigna became aware of the incident on March 27 and took immediate action. The employee claimed that she had sent the document to obtain help with work from her son. She confirmed that both she and her son had deleted the email and was fired.
[source].
| | | | Absolute Dental Hygiene, LLC had a data breach in 2017, in Oregon. The information was breached via Desktop Computer, Electronic Medical Record, Network Server
. [source] | | Advantage Dental had a data breach in 2015, in Washington. Advantage Dental notified 151,626 patients of data breach when their database of patient information was hacked between February 23rd and February 26th. The hackers had access to patient names, dates of birth, phone numbers, Social Security numbers and home addresses. Advantage is offering credit monitoring and call center support through Experian. [source] | | | | American Dental Association had a data breach in 2014, in Illinois. There was an error during website upgrade. [source] | | Arch City Dental, LLC - Drs. Baloy and Donatelli had a data breach in 2017, in Ohio. The information was breached via Email. [source] | | | | Brodhead Dental Center had a data breach in 2016, in Pennsylvania. The information was breached via Desktop Computer
. [source] | | Cambridge Dental Consulting Group had a data breach in 2018, in Nevada. A business associate was present. [source] | | | | Cathrine Steinborn, Dentist had a data breach in 2015, in California. The office of Cathrine Steinborn, DDS was broken into and a server containing patient and other personal information in it. The information compromised included names, addresses, dates of birth, telephone numbers, Social Security numbers, dental and/or medical insurance information, health information, treatment information, and billing information. [source] | | Coastal Cape Fear Eye Associates, P.A. had a data breach in 2018, in North Carolina. The information was breached via Desktop Computer, Network Server. [source] | | | | Comfort Dental Offices had a data breach in 2011, in Indiana. [source] | | Cottonwood Comfort Dental had a data breach in 2015, in New Mexico. Thousands of dental records from Cottonwood Comfort Dental were found scattered all over a New Mexico freeway. The paperwork contained addresses, insurance information and Social Security numbers. The dental company said they have their paperwork shredded and is now investigating the incident. [source] | | | | Delta Dental, The Smile Center had a data breach in 2011, in Texas. [source] | | DentaQuest had a data breach in 2010, in Illinois. In a statement datelined out of Nashville, DentaQuest reported the laptop theft occurred March 20 in Chicago and was informed of the incident April. DentaQuest reported the laptop contained a database which held the personal information of approximately 76,000 clients. The contractor advised most of the data is not considered sensitive, but the device did contain the first names, last names and Social Security Numbers of about 21,000 individuals. Some 10,500 are Tennessee residents. [source] | | | | Eye Care Associates of the San Ramon Valley had a data breach in 2011, in Texas. A laptop with a lock to prevent theft was stolen from the ophthalmology office on the night of May 8. It contained eye photos and names of 611 patients. The laptop was not recovered. [source] | | Eye Care Surgery Center, Inc. had a data breach in 2018, in Louisiana. The information was breached via Laptop. [source] | | | | Eye Surgery Education Council had a data breach in 2014, in Virginia. Reportedly, the Eye Surgery Education Councils system was hacked and user accounts with partial email addresses, user names and clear text passwords were dumped onto the Internet. [source] | | Gulf Breeze Family Eyecare (Sight and Sun Eyeworks Gulf Breeze) had a data breach in 2013, in Florida. [source] | | | | Heartland Dental, LLC had a data breach in 2015, in Illinois. The information was breached via Network Server. [source] | | Holland Eye Surgery and Laser Center had a data breach in 2018, in Michigan. The information was breached via Desktop Computer. [source] | | | | Larsen Dental Care had a data breach in 2014, in Maryland. [source] | | Loma Linda University School of Dentistry had a data breach in 2010, in California. [source] | | | | LTC Dental, P.C. had a data breach in 2015, in Alabama. The information was breached via Laptop. [source] | | Massachusetts Eye and Ear Infirmary had a data breach in 2010, in Massachusetts. On February 19, 2010, a laptop belonging to a physician affiliated with the Massachusetts Eye and Ear Infirmary was stolen while the physician was lecturing in South Korea. The laptop belonged to a neurologist with a particular focus on ringing in the ears, or tinnitus. The following types of information about affected individuals associated with Mass. Eye and Ear may have been present on laptop, names, addresses, telephone numbers, emails, date of birth and age, sex, medical record numbers, dates of service, medical information, including diagnoses, symptoms, test results, and prescriptions, name and contact information for patient pharmacies, and research participant status. In addition, four individualsí£ information also included their pharmacy insurance account number.UPDATE(09/17/2012): Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. An HHS Office for Civil Rights investigation indicated that Mass. Eye and Ear failed to take necessary steps to comply with certain requirements of the Security Rule. These steps include conducting a thorough analysis of the risk to the confidentiality of electronic protected health information (ePHI) maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that Mass. [source] | | | | Massachusetts Eye and Ear Infirmary had a data breach in 2012, in Massachusetts. A dishonest employee was arrested and fired in March after stealing patient information from Massachusetts Eye and Ear Infirmary. The former employee opened fake accounts to avoid paying for electricity. The investigation began in January when one of the victims noticed that her Social Security number had been used to open an account. Names and dates of birth were also compromised. [source] | | Massachusetts Eye and Ear had a data breach in 2012, in Massachusetts. An employee was fired after police informed Massachusetts Eye and Ear that the employee was being investigated for identity theft. The employee had taken and misused patient names, Social Security numbers, and dates of birth. At least four of the employees victims came from Massachusetts Eye and Ear, but she had access to the information of approximately 3,600 patients. [source] | | | | McNair Eye Center had a data breach in 2010, in Arkansas. A computer server with patient personal information was stolen. [source] | | Napa Valley Dentistry had a data breach in 2016, in California. Someone broke into our locked storage unit, which was within a gated storage facility, and stole a password-protected server. Upon discovery of the theft, we promptly notified the Napa Police Department and will provide whatever cooperation is necessary to identify the perpetrator(s) and hold them accountable. On September 8, 2016, we confirmed that your personal information may have been on the server. In December 2012, Dr. Justin Newberry, DDS, purchased Napa Valley Dentistry, including this server, from Dr. C. Michael Quinn, DDS. The server may therefore contain personal information of Dr. Quinn's former patients who may not currently have a relationship with Napa Valley Dentistry. While there is no indication that your personal information was, in fact, accessed without authorization, we are notifying you out of an abundance of caution and offering you identity protection services.The information compromised included names, addresses, dates of birth, Social Security numbers and dental insurance information. [source] | | | | Neeley-Nemeth, LLP d/b/a Barton Oaks Dental Group had a data breach in 2017, in Texas. The information was breached via Desktop Computer, Network Server. [source] | | North Point Dental Care had a data breach in 2012, in North Carolina. [source] | | | | Office of Dr. James M. McGee had a data breach in 2012, in Georgia. The September 19 theft of paper records may have resulted in the exposure of dental patient information. [source] | | Office of Dr. Sandra Bujanda-Wagner had a data breach in 2013, in Colorado. Employees accidentally threw out hundreds of patient records. The dental records were found by someone looking through a dumpster and the incident was reported to a local news team. Names, Social Security numbers, dates of birth and addresses were exposed. Employees from Bujanda-Wagners office came to recover the documents. [source] | | | | Pacific Retina Specialists had a data breach in 2011, in Washington. At least 60 patients had their records stolen by a billing technician during late 2010. The information included names, Social Security numbers, dates of birth, addresses and health insurance policy numbers. Many patients who used Medicare Advantage plans at the clinic were affected. The former employee and an accomplice also forged the names of three doctors on prescription forms. The patient prescription information was then used to obtain narcotic prescription drugs worth thousands of dollars. The former employee was sentenced to five years in prison. [source] | | Patterson Dental, River Arch Dental, Hamner Square Dental had a data breach in 2012, in California. An unencrypted USB memory chip was shipped against company policy. The envelope that contained it arrived at its destination on May 14 with a tear and missing the USB memory chip. Names, home addresses, telephone numbers, email addresses, ID numbers, dates of birth, drivers license numbers, Social Security numbers, dental information, and dental insurance information of patients was exposed.UPDATE(08/03/2012): A total of 1,112 Hamner Square Dental patients and 2,533 River Arch Dental patients were affected. [source] | | | | Perry Dental had a data breach in 2012, in California. Computer equipment that contained patient insurance information was taken during an office burglary. [source] | | Private Dental Practice in Medical Commons One had a data breach in 2010, in Pennsylvania. A laptop containing patient information was stolen. [source] | | | | Private Dental Practice had a data breach in 2010, in California. An anonymous tipster called the Sheriffs Department and reported unattended boxes of personal records outside the dental office. The boxes contained patient records from the early 1990s to the present. These records numbered in the hundreds and had personal information such as Social Security numbers, names, birth dates, credit card numbers, and addresses. The Sheriffs Department destroyed the records and warned patients of dentists Lee, Sang H. Yoon and Patricia Patterson. [source] | | Private Dental Practice had a data breach in 2010, in California. Dishonest employees who worked at an unnamed dental office and an unnamed law office in the Bay Area were part of an identity theft ring. A total of seven people are facing charges for their involvement in the ring. The charges include identity theft, conspiracy, possession of stolen property, and grand theft. Over $170,000 in cash and fraudulent purchases was taken through the use of sensitive patient and client information from the dental office and law office. UPDATE(9/06/2011): The former employee of the dental office was sentenced. He will serve four years in prison for supplying patient information between June and December of 2009. The information was then used to create false drivers licenses and to file illegal change-of address forms. [source] | | | | Private Dental Practice had a data breach in 2010, in Washington. Around July 16, an office break in resulted in the loss of a computer with patient names, addresses, internal account numbers, telephone numbers, Social Security numbers and dates of birth. [source] | | Private Dental Practice had a data breach in 2011, in Colorado. On April 10, a man looking for scrap metal found a stack of patient records from a dental office. The man reported the incident to local news because of the sensitive nature of the information on the documents. The old records were meant to be shredded, but a new office assistant may have accidentally placed them in the trash instead. Names, Social Security numbers and other information were exposed. The dentist immediately responded to the breach after being notified of the mistake. The trash bin where the documents were dumped was brought into the office to prevent further access and remove the documents. [source] | | | | Rape and Brooks Orthodontics, P.C. had a data breach in 2011, in Ohio. An office burglary was discovered on the morning of February 4. A server with patient personal and health information was among the stolen items. Patients who were seen by the dentists during the past 30 years were affected. The names of patients and patient guardians, home addresses and dates of birth for patients under 18 were on the server. Account holders who provided insurance information may have had their Social Security numbers and dates of birth on the server. Patients who used AllKids with Blue Cross & Blue Shield of Alabama may have had their Social Security number included in the exposed insurance information. An unspecified amount of customer credit card numbers were also stored on the server. [source] | | Reeve-Wood Eye Center had a data breach in 2014, in California. The Reeve-Wood Eye Center reported a data breach to the California Attorney General's office. No specific details were provided as to the scope of the breach, type of breach or individuals affected. [source] | | | | Robbins Eye Center had a data breach in 2012, in Connecticut. The information was breached via Network Server. [source] | | Silicon Valley Eyecare Optometry and Contact Lenses had a data breach in 2010, in California. A computer and a plasma TV were stolen from the office on Friday April 2nd, 2010. The computer server contained patient names, addresses, phone numbers, email addresses, birth dates, family member names, medical insurance information, medical records, and in some cases, Social Security numbers. The data were password protected. [source] | | | | Soundental Associates P.C. had a data breach in 2012, in Connecticut. A bag of personal items and back-up media cartridges from Soundental was stolen from an employees car on September 24. The back-up cartridges had patient names, addresses, treatment records, and dates of birth. Social Security numbers were also exposed in some cases. The cartridges had been scrambled to prevent easy access. [source] | | Southeast Eye Institute, P.A. dba-Eye associates of Pinellas had a data breach in 2016, in Florida. A data security firm discovered that SCMLC data was available online. The names and Social Security numbers of around 300,000 people who applied for California workers compensation benefits may have been accessed by unauthorized parties. [source] | | | | Specialized Eye Care had a data breach in 2014, in Maryland. An employee improperly accessed and retained info
rmation. [source] | | Specialty Dental Partners of Philadelphia, PLLC.- DBA Rich Orthodontics had a data breach in 2017, in Pennsylvania. The information was breached via Desktop Computer, Laptop. [source] | | | | Steven Yang, D.D.S., Inc. had a data breach in 2018, in California. [source] | | The Eye Institute of Corpus Christi had a data breach in 2016, in Texas. The Eye Institute of Corpus Christi, a full service eye care,
diagnosis, and treatment clinic in Texas, has discovered that
individuals gained access to the records of all of its patients,
downloaded their protected health information from the EHR, copied those data, and provided them to two physicians formerly employed by the eye clinic.The disclosed data include the names of patients, their addresses, contact telephone numbers, Social Security numbers, dates of birth, medical diagnoses, details of treatment, and health insurance details. [source] | | | | University of Florida College of Dentistry had a data breach in 2008, in Florida. [source] | | University of Houston College of Optometry Clinic, La Nueva Casa de Amigos Eye Clinic had a data breach in 2012, in Texas. The University of Houston College of Optometry became aware that one of their computers was infected with a virus on February 23, 2012. The person responsible for the breach may have been able to access the information for 24 hours. Patient records dating between January 2006 and February 13, 2012 could be accessed from the computer. Patient names, phone numbers, addresses, dates of birth, insurance information, future appointments, current medications, diagnoses, treatment information, vision test results, vision history information, letters from referring doctors, costs of medical services or goods, method of payment, occupation/job, gender, and languages spoken were in the patient records. [source] | | | | University of Medicine and Dentistry of New Jersey had a data breach in 2006, in New Jersey. Hackers accessed Social security numbers, loan information, and other confidential financial information of students and alumni. [source] | | Waco Otolaryngology Associates d/b/a Waco Ear, Nose, & Throat had a data breach in 2017, in Texas. The information was breached via Network Server. [source] | | | | Willow Bend Dental had a data breach in 2016, in Texas. A
business associate was not present. [source] | | Yanez Dental Corporation had a data breach in 2011, in California. A May 22 office burglary resulted in the loss of three computers with patient information. Patient names, Social Security numbers, dates of birth, addresses, telephone numbers, and other personal information were exposed. A notification dated June 15 was posted on Yanezs website. [source] | | | | Zocdoc, Inc. had a data breach in 2016, in New York. [source] | | | |
(return to health DataMap) |