theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Home Health organizations and workers help patients who need regular medical care live at home independently. They get health information from you/your family and your provider, and keep track of that medical data and any treatments they perform.

Examples

Faith Home Health, Inc. purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

A Caring Hand Home Health Care Services, Inc. had a data breach in 2012, in Virginia. A staffing manager collaborated with the owner of A Caring Hand Home Health Care Services, Inc. (A Caring Hand) to hide Medicaid fraud. Between January of 2008 and October of 2011 the owner of A Caring Hand submitted about 900 fraudulent Medicaid claims for payment for services provided to 30 Medicaid recipients. The Medicaid recipients never received those services and around $630,000 was fraudulently obtained by the owner of A Caring Hand. The staffing manager and other staff members falsified office records at A Caring Hand to cover up the fraud between September 2010 and October 6 of 2011. The staffing manager was sentenced and the owner of A Caring Hand will be sentenced in January of 2013. (30 records involved) [source].

  

Family Home Care purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Alere Home Monitoring, Inc. had a data breach in 2012, in California. The September 23 theft of an employees unencrypted laptop resulted in the exposure of information of over 100,000 patients. The laptop was stolen from the employees home. Names, Social Security numbers, addresses, and diagnosis information of patients taking drugs to prevent blood clots were exposed. Alere became aware of the breach on October 1. (100000 records involved) [source].

  

Home Care Services. Inc. purchases statewide personal hospital discharge data from at least NJ [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

American HomePatient Inc., LifeGas had a data breach in 2013, in Tennessee. A laptop was stolen or discovered stolen on October 11, 2012. The incident appeared on the HHS website in February of 2013. [source].

  

Northwest Healthcare purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Apex Laboratory had a data breach in 2012, in New York. Apex Laboratory learned from law enforcement investigators on July 30 that an unauthorized party or parties accessed their computer systems. Patients may have had their names, Social Security numbers, addresses, phone numbers, dates of birth, gender, and insurance identification numbers were exposed. [source].

  

Option Care purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

First Choice Home Health Care Services Inc., Reliance Home Care, LLC had a data breach in 2013, in Michigan. A group of co-conspirators used Medicaid information from Medicare beneficiaries in and near Detroit to defraud Medicaid and file for $24.7 million in fraudulent claims. The fraud took place between 2008 and May of 2012. Hundreds of patients had their information misused so that co-conspirators could bill Medicare for psychotherapy, home health services, and other medical services. [source].

  

Sutter Care At Home purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

HomeCall Inc. had a data breach in 2010, in Maryland. A portable point of care device was stolen from an employee. Client names, addresses, Social Security numbers, medical record numbers, diagnoses and treatment information were on the unencrypted device. [source].

  

Vitas Healthcare Corporation purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

King Drug & Home Care had a data breach in 2013, in Kentucky. An employee reported that a portable hard drive was missing on November 23, 2010. The device had last been seen sometime around November 19. The data on the device included information from before July 31, 2009. Client names, Social Security numbers, medical record numbers, account numbers, dates of service, race, insurance carriers and insurance numbers, addresses, phone numbers, sex, dates of birth, diagnosis information, allergies, initial referral forms, patient assessments/plans of care, physician orders and/or delivery ticket information may have been on the hard drive. (13,619 records involved) [source].

  

York Hospital Home Care purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

ManorCare Health Services had a data breach in 2010, in Maryland. Montgomery Countys Department of Health and Human Services is looking into how numerous Wheaton nursing home papers containing sensitive patient information have made their way into nearby neighbors yards over the past few months. The county sent a nursing home inspector to investigate complaints from residents in the Wheaton Regional Park Civic Association who said they have found internal documents from the nearby ManorCare Health Services that contain patient conditions, names and Social Security numbers. The inspector cited ManorCare for inappropriate conduct. [source].

  

Arcadia Home Care and Staffing had a data breach in 2014, in Michigan. Arcadia Home Care/Arcadia Health Services, Inc. notified employess of unauthorized access of their files by an independent contractor for Arcadia by the name of Charles E. Symes, II and his new business Alegre.  Mr. Symes was previously authorized to use Arcadia's database, which contained personal information, but only for authorized purposes and access. The company discovered Mr. Symes gaining unauthorized access to employee's personal information which included names, Social Security numbers, addresses, bank account information, California driver's license and other information. The company believes the information was breached on or around January 2014 through March 1, 2014. [source]

  

Diana S. Guth DBA Home Respiratory Care had a data breach in 2015, in California. Diana S. Guth DBA Home Respiratory Care notified individuals of a data breach when information was disclosed through email. No specific details on how the breach occurred or what specific information was compromised. [source]

  

Hand & Upper Extremity Centers dba Hand Rehabilitation Specialists had a data breach in 2017, in California. The information was breached via Network Server. [source]

  

Homebridge (formerly In-Home Supportive Services) had a data breach in 2015, in California. Homebridge, formerly the In-Home Supportive Services, notified current and former employees of a data breach on several computers when malware was installed potentially compromising individual information. The information accessed between January and March 2015 included first and last names, addresses, and Social Security numbers. The company has been informed that the information obtained may have been used to file fradulent tax returns. [source]

  

Indian Territory Home Health and Hospice had a data breach in 2015, in Oklahoma. The information was breached via Email. [source]

  

MedStar Good Samaritan Nursing Center, Mid America Health, Inc. (MAH) had a data breach in 2013, in Maryland. A paper file was stolen from the car of a dental assistant who was treating residents at the MedStar Good Samaritan Nursing Center. The file contained names, dates of birth, medical and dental evaluation information, medical and dental providers names and license numbers, andthe Social Security numbersof three residents. [source]

  

Milagros II Home Health had a data breach in 2010, in Texas. A man found files with names, Social Security numbers, addresses, and phone numbers on his way to the grocery store. Some were blowing in the wind and others were lying in the street. All appear to be from Milagros II Home Health in Weslaco. [source]

  

Northwestern Memorial Hospital Home Hospice had a data breach in 2012, in Illinois. A June 11 office burglary resulted in the theft of six laptops and a tablet. One or more of the computer devices included the personal health information of current and former Home Health patients. Information included names, Social Security numbers, addresses, dates of birth, demographics, patient medical treatment profiles, diagnoses, symptoms, medications, treatment notes, and health insurance information. The standard laptop security controls had been temporarily suspended on the devices since they were undergoing a software upgrade. [source]

  

Providence Health & Services had a data breach in 2016, in Oregon. Providence Health & Services in Oregon is notifying about 5,400 current and former patients that a former employee may have improperly accessed their patient records.Providence said in a statement Friday that it learned of the breach in May during an internal audit and had since fired the Portland-based employee.The audit found the worker had accessed health records between July 2012 and April 2016. It says the worker viewed demographic and medical treatment information, and may also have seen insurance information and Social Security numbers. [source]

  

Providence Home Services had a data breach in 2006, in Oregon. Backup tapes, laptops and disks containing Social Security numbers, clinical and demographic information were stolen from the car of an employee. In a small number of cases, patient financial data was stolen. UPDATE (9/26/06) providence Health System and the Oregon attorney General have filed a settlement agreement. Providence will provide affected patients with free credit monitoring, offer credit restoration to patients who are victims of identity fraud, and reimburse patients for direct losses that result from the data breach. The company must also enhance its security programs. uPDATE (7/15/08) Providence Health will pay $100,000 and adhere to a compliance plan under the first ever Resolution Agreement negotiated by cMS (Centers for Medicare and Medicaid Services of the U.S. Dept. of Health and Human Services) under the HIPAA Privacy and Security standards. the Corrective action Plan requires Providence to revamp its security policies to include physical protections for portable devices and off-site transport and storage of backup media. Further, it must implement technical safeguards, such as encryption and password protection. and it must conduct random compliance audits and submit compliance reports to HHS for the next three years. [source]

  

United HomeCare Services, Inc., United Home Care Services of Southwest Florida, LLC had a data breach in 2013, in Florida. The January 8 theft of a billing managers laptop resulted in the exposure of patient information. It was stolen from the managers car. It contained client names, Social Security numbers, health plan numbers, dates of birth, and addresses dating as far back as 2002. Some patients may have also had treatment service codes or diagnostic codes on the laptop. [source]

  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.