Documenting all the places
personal data goes.


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.

Copy & Transport companies include specialized medical document transportation, copying, digitizing firms as well as traditional delivery services like FedEx or USPS when they are transporting medical documents. These documents primarily come from providers and payers or insurers but could be any organization that ahs your medical records.


Hewlett, Packard, California Department of Social Services had a data breach in 2012, in California. Around 700,000 caregivers and care recipients had their information lost or stolen during transit between Hewlett Packard and the State Compensation Insurance Fund in Riverside, California. A package that originally contained microfiche with payroll data entries and possibly other sensitive information arrived via U.S. Postal Service damaged and missing thousands of payroll data entries. Names, wages, Social Security numbers, and state identification numbers were exposed. A total of 375,000 In-Home Supportive Services workers were affected and 326,000 recipients of In-Home Supportive Services care were affected.UPDATE(05/30/2013): A total of 748,902 elderly home care recipients and their caretakers were affected. (701,000 records involved) [source].


Minnesota Department of Revenue had a data breach in 2006, in Minnesota. On May 16, a package containing a data tape used to back up the regional offices computers went missing during delivery. The tape contained personal information including individuals names, addresses, and Social Security numbers. UPDATE (7/20/06): the package was reported delivered 2 months later, but apparently had been temporarily lost by the U.S. Postal Service. (50,400 records involved) [source].


NewTech Imaging had a data breach in 2006, in Hawaii. Records containing the names, Social Security numbers and birth dates of more than 40,000 members of Voluntary Employees Benefit Association of Hawaii were illegally reproduced at a copying business before they were to be put onto a compact disc for the State. Police later found the data on a computer that had been confiscated as part of a drug investigation. Those who were on the list and Hawaii Government Employees Association and United Public Workers members who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 were warned. Investigators were only able to speculate that the theft may have occurred in February of 2005. (40,000 records involved) [source].


Private Legal Practice, Baker Moving and Storage had a data breach in 2011, in California. Twenty boxes of documents with sensitive medical and financial information were lost during transportation sometime around Saturday, April 30. The information was mostly from the office of a family lawyer, but other sensitive documents may have been lost on Highway 101 during the incident. The boxes were being transported to a new Baker storage facility. Baker did not inform the lawyer that the documents had been lost and the incident was discovered when the lawyers son saw a news report about the incident. The documents appear to be from the 1980s and early 1990s. An unknown amount of Social Security numbers were also exposed. [source].


University of Missouri Health Care had a data breach in 2011, in Missouri. On June 14, University of Missouri Health Care officials failed to receive an expected delivery of copies of patient billing information and immediately notified the University of Missouri Police Department. The package had been sent via private courier to University of Missouri Health Care from a Kansas City bank that serves as the clearinghouse for the University of Missouri Health Cares billing. The package included copies of payments received by the bank between June 6 and June 13 and would have exposed bank account numbers, partial credit card numbers, names and addresses. Notification letters were sent on June 21. University of Missouri Health Care has terminated its contract with the courier responsible for delivering the missing package. Affected parties are advised to contact their banks or credit card companies and change their account or card numbers.UPDATE(1/26/2012): Privacy Rights Clearinghouse received documentation that revealed people in Columbia were affected by the breach. (1,288 records involved) [source].


(return to health DataMap)

Copyright © 2012-2016 President and Fellows Harvard University.