Documenting all the places
personal data goes.


Legend: with your name, without your name.
Click on a circle above for names of organizations and details of data shared.

Registries are organizations that track and compile lists of people with particular medical conditions and who are part of donor registries. This includes government bodies that collect this information, non-profit registries and companies that may assist in the collection and sharing of this information. State law may require the collection of certain medical conditions to be tracked by a registry while anyone who signs up as a potential donor may need to provide some medical information such as blood type and disease history.


Maine Cancer Registry purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.


Electronic Registry Systems had a data breach in 2006, in Georgia. On Nov. 23, 2006, two computers (one desktop, one laptop) were stolen from Electronic registry Systems, a business contractor in suburban Springdale, oH, that provides cancer patient registry data processing services. it contained the personal information (name, date of birth, Social security number, address, medical record number, medical data and treatment information) of cancer patients from hospitals in Pennsylvania, Tennessee, Ohio and Georgia, dating back to 1977 at some hospitals. hospitals include Emory Hospital, Emory Crawford Long hospital, Grady Memorial Hospital, as well as Geisinger Health System (PA) and williamson Medical Center (TN). UPDATE(1/14/07): the number of affected patients was increased from 25,000 to over 63,000. (63000 records involved) [source].


Escambia County Alabama Community Hospitals, Inc. D/B/A Atmore Community Hospital had a data breach in 2017, in Alabama. The information was breached via Electronic Medical Record . [source]


Florida Medical Clinic, PA had a data breach in 2016, in Florida. The information was breached via Electronic Medical Record . [source]


Oklahoma State Department of Health had a data breach in 2011, in Oklahoma. An agency laptop and 50 pages of medical information were stolen from an employees car on April 6. A database with information from the Oklahoma Birth Defects Registry was on the laptop. Data from hospital medical records were recorded on the laptop. The Oklahoma Birth Defects Registry uses the information to track and reduce the prevalence of birth defects. Notifications of the breach state that parent and child names, Social Security numbers, addresses, birth dates, medical records and medical test results may have been exposed. Notifications also warn that any phone calls or mail sent to home addresses that request Social Security numbers should be thoroughly investigated. [source]


The National Registry of Emergency Medical Technicians had a data breach in 2017, in Ohio. [source]


(return to health DataMap)

Copyright © 2012-2016 President and Fellows Harvard University.