theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Care facilities include retirement homes, skilled nursing facilities, hospice, live-in rehabilitation and other non-hospital overnight healthcare facilities. These facilities need medical histories for you, if you are a client, to provide care and keep records of any medical issues and procedures that occur while you may be living there.

Examples

Covenant Health System purchases statewide personal hospital discharge data from at least TX [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Alliance Inc. had a data breach in 2010, in Maryland. A laptop containing client information was stolen from an employees car on May 3. Client names, addresses, Social Security numbers and diagnoses may have been exposed. The incident was reported on May 10. [source].

  

Kindred Healthcare purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Azure Acres had a data breach in 2011, in New York. The November 12 theft of a physicians laptop resulted in the exposure of client information. The information included full name and billing information, but did not include addresses or Social Security numbers. Azure Acres is a drug and alcohol abuse facility. [source].

  

Rehabcare purchases statewide personal hospital discharge data from at least MD [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hope Hospice had a data breach in 2013, in Texas. An employee used an unsecured email to send sensitive patient information. Two separate administrative violations occurred on December 27, 2012 and on February 22, 2013. The issue was discovered on February 25. The information was secured on February 28, 2013. Patient names, referral sources, Hospice admission and discharge dates, the names of insurance providers, and chart numbers may have been exposed. [source].

  

Signature Healthcare Consulting purchases statewide personal hospital discharge data from at least FL TN [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hospice of North Idaho (HONI) had a data breach in 2013, in Idaho. The June 2010 theft of an unencrypted laptop from an employees car resulted in the exposure of patient information. The HHS Office for Civil Rights investigated the breach and found that HONI had not conducted a risk analysis to safeguard electronic protected health information. It was also discovered that HONI did not meet a HIPAA Security Rule that required them to have policies or procedures in place to address mobile device security. HONI agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 regarding potential Health Insurance Portability and Accountability Act of 1996 Security Rule violations. HONI also began taking extensive steps to improve their HIPAA Privacy and Security compliance program since the June 2010 breach. [source].

  

Sutter Vna & Hospice purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Hospice Palliative Care of Alamance-Caswell, LifePath Home Health had a data breach in 2013, in North Carolina. The February 24 burglary of three laptops resulted in the exposure of patient information. The laptops were stolen from the hospital in addition to needles, syringes, and miscellaneous items. The unencrypted laptops contained emails that had sensitive patient information. [source].

  

United Medical Corporation purchases statewide personal hospital discharge data from at least FL [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Huntington Place Senior Community had a data breach in 2010, in Louisiana. Personal documents were found in the abandoned nursing home. The documents included names, Social Security numbers, medical records and dates of birth of patients. [source].

  

Liberty Resources, Inc. had a data breach in 2012, in Pennsylvania. An August 4th theft of a laptop resulted in the exposure of protected health information. [source]

  

Minneapolis Veterans Home had a data breach in 2008, in Minnesota. A backup computer server stolen from the Minneapolis Veterans Home contained telephone numbers, addresses, next-of-kin information, dates of birth, Social Security numbers and some medical information, including diagnoses for the homes 336 residents. [source]

  

Riderwood Village had a data breach in 2013, in Maryland. Five laptops were stolen during the weekend of November 17, 2012. They did not contain Social Security numbers and did contain unspecified personal information of patients. A notice about the incident was sent on January 18, 2013 and the breach appeared on the HHS website in February of 2013. [source]

  

SunBridge Healthcare Corporation had a data breach in 2010, in New Mexico. A BlackBerry mobile device was stolen from an employees desk. The device had unencrypted current and former resident and patient information from eight different nursing and rehabilitation facilities in Georgia. No Social Security numbers or financial information were stored on the device, but it did contain patient names, medical record numbers, medical information, dates of birth, and dates of service. [source]

  

SunBridge Healthcare had a data breach in 2010, in New Mexico. A laptop containing Social Security numbers, medical record numbers, dates of service, health insurance numbers and names was stolen in May. The laptop was password-protected. [source]

  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.