theDataMap

Documenting all the places
personal data goes.

healthDataMap


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.


Clearing Houses work on behalf of physicians, hospitals, pharmacies, and other healthcare providers to assist with processing billing claims with payers (e.g., health insurance companies).

A clearinghouse offers billing support to health care providers (physicians, hospitals) and to labs and pharmacies. To appreciate the role of a clearinghouse, consider the dynamics of medical billing. About 3 million licensed provider facilities [1] use different assortments of software to submit claims to any of 1300 different licensed insurance companies [2] in any of fifty different states. Each state has its own insurance regulatory nuances. Each insurance company has it's own internal software infrastructure for receiving claims. After submission, any errors found in a claim usually require phone calls and re-submittals until reimbursement issues are resolved and the bill is paid. Clearly, the administrative overhead to process an insurance claim for payment can be onerous for a provider. A clearinghouse removes much of this burden by acting as a middleman between the provider and insurance companies. The provider gains a single point of contact, the clearinghouse, and a single way to process generic claims, through the clearinghouse, regardless of the insurance company. The clearinghouse then acts on the provider's behalf, handling idiosyncrasies and complexities with the various insurance companies.

[1] Centers for Medicare and Medicaid Services. National Plan and Provider Enumeration System (NPPES). Database as of June 9, 2009.

[2] U.S. General Accounting Office. Private Health Insurance: Number and Market Share of Carriers in the Small Group Health Insurance Market. Presented to the Committee on Small Business and Entrepreneurship, United States Senate on March 25, 2002.

Examples

Health Data Insights purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Georgia Department of Community Health, Affiliated Computer Services (ACS) had a data breach in 2007, in Georgia. A computer disk containing personal information including addresses, birthdates, dates of eligibility, full names, Medicaid or childrens health care recipient identification numbers, and Social Security numbers went missing from a private vendor, affiliated Computer Services (ACS), contracted to handle health care claims for the state. (2900000 records involved) [source].

  

Information Management Systems, Inc. purchases statewide personal hospital discharge data from at least WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

  

Millennium Medical Management Resources had a data breach in 2010, in Illinois. Health records belonging to patients were stolen in a break-in. The records were on a portable hard drive and stolen from the Westmont office of Millennium Medical Management Resources. Millenium believes the hard drive contained personally identifiable information about EHP patients including name, address, phone, date of birth, and Social Security number. In some cases other information such as diagnosis, procedure (and/or codes), medical record number, account number, drivers license number and health insurance info. It was NOT encrypted. (180,111 records involved) [source].

  

Fresenius Medical Care had a data breach in 2014, in Maryland. [source]

  

One Love Organics, Inc. had a data breach in 2014, in Georgia. Customer account info, name, email address, billing and shipping address, phone number and credit card info was breached via Website. [source]

  

TotalBank had a data breach in 2014, in Maryland. Name, address, account number, account balance, and personal identification number (SSN, DLN, passport number, alien registration number) were breached via Network Server. [source]

  

Farmers and Merchants Trust Company of Chambersburg had a data breach in 2014, in Pennsylvania. Name, address, phone number, account number, account value, dob, and investment products were breached via Desktop Computer. [source]

  

BolderImage Company had a data breach in 2014, in Maryland. Name, address, phone number, credit card info, email address were breached via Website. [source]

  

La Jolla Group, Inc. had a data breach in 2014, in Maryland. Name, address, phone number, email address, credit card info were breached via Website. [source]

  

USAA had a data breach in 2014, in Texas. Name, address, ssn, checking and savings account number, loan balance, insurance policy info were breached via Network Server. [source]

  

American Residuals and Talent, Inc. had a data breach in 2014, in Maryland. Name, address, ssn, dob, bank account info, email address, phone number were breached via Website. [source]

  

Deltek GovWin IQ had a data breach in 2014, in Virginia. Name, billing address, phone number, email address, credit card info, and userName were breached via Website. [source]

  

Polyone Designed Structures and Solutions had a data breach in 2014, in Maryland. Name, contact info, tax info, ssn, bank info were breached via Network Server. [source]

  

Pacific Biosciences of California, Inc. had a data breach in 2014, in Maryland. Name, dob, contact information, ssn, banking info, compensation info, insurance info were breached via Laptop. [source]

  

Penn Highlands Brookville had a data breach in 2014, in Maryland. Name, dob, ssn insurance info, medical info, gender were breached via Network Server. [source]

  

SourceMedia, Inc. had a data breach in 2014, in Maryland. Name, encrypted password, email address, phone number, credit card info were breached via Website. [source]

  

Apple Leisure Group and AMResorts had a data breach in 2014, in Maryland. Name, payment card info, dob, address, phone number, email address were breached via Payment card system. [source]

  

Oak Assosiates Funds had a data breach in 2014, in Ohio. Names, address, email address, phone number, ssn, certain financial info were breached via Portable device. [source]

  

Holiday Motel had a data breach in 2014, in Maryland. Names, address, phone number, email address, payment card info were breached via Website. [source]

  

PharMerica Corporation had a data breach in 2017, in Maine. On April 9, 2012, Phoebe Putney Home Health Care (PPMH) learned from law enforcement officials that a former employee had improperly accessed patient information with the intent to file fraudulent tax returns. The dishonest employee may have accessed the names, Social Security numbers, and dates of birth of patients some time between June 2010 and April 2012. Patients who were treated through PPMH between July 2005 and April 2012 may have been affected. [source]

  

Viator had a data breach in 2014, in Maryland. Payment card info, email address, and Viator account info was breached. [source]

  
  

(return to health DataMap)



Copyright © 2012-2016 President and Fellows Harvard University.