Documenting all the places
personal data goes.
Others Can Learn Your Medical Details
For $50, we purchased the publicly available dataset from Washington State.
It contained virtually all hospitalizations occurring in the state in the year,
including patient demographics, diagnoses, procedures, attending physician, hospital,
a summary of charges, and how the bill was paid. It did not contain patient names
or addresses (only five-digit ZIPs, which are U.S. postal codes).
Could your family, friends, an employer, or bank find you in the data? These people would know facts about hospital visits belonging to you. As a proxy for the information they would know, we used a sample of newspaper stories that reported on public incidents, such as car accidents and fires. These short reports often included a patient’s name and residential information and explained why the person was hospitalized, such as a vehicle accident or assault.
A simple analysis uniquely and exactly matched medical records in the state database for 35 of the 81 sampled news stories found in 2011 (or 43 percent), thereby putting names to patient records.
As a result of this work on the HealthDataMap, Washington State changed its way of sharing these data to create three levels of access. Anyone can download tabular summaries. Anyone can pay $50 and complete a data-use agreement to receive a redacted version of the data. However, access to all the fields provided prior to this experiment are now limited to applicants who qualify through a review process.
Below is demonstration of the matchup of the state health information with a newspaper story. [source].
How Big is this Risk?
The Washington State data appears on HealthDataMap as discharge data.
This kind of personal health information is the biggest provider of health data documented on the HealthDataMap.
Because these
datasets follow state law, they are not covered by the Health Information
Portability and Accountability Act (HIPPA), which is the U.S. federal legislation
that protects patient information. Only 3 states share the information using
standards as tough as those prescribed by HIPAA. Most states (30) share data in a manner
that is not as tough as HIPAA prescribes. Below is a statewise comparison
of the datasets available through U.S. states.
[source].
| State | HIPAA Equivalence for Demographic Data | HIPAA Equivalence for for Admission and Discharge | HIPAA Equivalence or Better for Both |
|---|---|---|---|
| Alabama | |||
| Alaska | |||
| Arizona | No | No | No |
| Arkansas | Yes | No | No |
| California | Yes | No | No |
| Colorado | No | No | No |
| Connecticut | |||
| Delaware | |||
| District of Columbia | |||
| Florida | No | Yes | No |
| Georgia | |||
| Hawaii | No | No | No |
| Idaho | |||
| Illinois | Stricter | No | No |
| Indiana | |||
| Iowa | No | No | No |
| Kansas | |||
| Kentucky | No | No | No |
| Louisiana | |||
| Maine | Stricter | No | No |
| Maryland | Yes | No | No |
| Massachusetts | Yes | No | No |
| Michigan | |||
| Minnesota | |||
| Mississippi | |||
| Missouri | Yes | Yes | Yes |
| Montana | |||
| Nebraska | |||
| Nevada | Stricter | No | No |
| New Hampshire | No | Yes | No |
| New Jersey | No | No | No |
| New Mexico | Yes | No | No |
| New York | No | No | No |
| North Carolina | No | No | No |
| North Dakota | |||
| Ohio | |||
| Oklahoma | No | No | No |
| Oregon | Yes | Yes | Yes |
| Pennsylvania | No | Yes | No |
| Rhode Island | Stricter | No | No |
| South Carolina | Stricter | No | No |
| South Dakota | No | No | No |
| Tennessee | No | No | No |
| Texas | No | No | No |
| Utah | No | No | No |
| Vermont | No | Yes | No |
| Virginia | No | No | No |
| Washington | No | No | No |
| West Virginia | Stricter | Yes | Yes |
| Wisconsin | No | No | No |
| Wyoming |
What is the HIPAA Standard?
The Safe Harbor provision of the HIPAA Privacy Rule prescribes a way to share medical data publicly.
Dates may only include the year. HIPAA requires that ZIP codes contain only the first three digits
if the population in those ZIP codes is greater than 20,000. ZIP codes for populations less than 20,000
report a null ZIP of 00000. No explicit identifiers such as name, Social Security numbers, or addresses can appear.
Below are specific combinations of demographic fields available by each state.
| State | Gender | Address | Age |
|---|---|---|---|
| Alabama | |||
| Alaska | |||
| Arizona | Yes | 5 digit zip code | In Years |
| Arkansas | Yes | 3 digit zip code | In Years |
| California | Yes | 3 digit (or nothing if not unique) subject to masking | In Years (subject to masking) |
| Colorado | Yes | 3 digit zip code | Birth month and year |
| Connecticut | |||
| Delaware | |||
| District of Columbia | |||
| Florida | Yes | 5 digit zip code | In Years |
| Georgia | |||
| Hawaii | Yes | 5 digit zip code | Age Group (Birth Year in HCUP) |
| Idaho | |||
| Illinois | Yes | 3 digit zip code | Age Group |
| Indiana | |||
| Iowa | Yes | 5 digit zip code | In years |
| Kansas | |||
| Kentucky | Yes | 5 digit zip code | In years |
| Louisiana | |||
| Maine | Yes | County | In Years |
| Maryland | Yes | 3 digit zip code | In Years |
| Massachusetts | Yes | 3 digit zip code | In Years |
| Michigan | |||
| Minnesota | |||
| Mississippi | |||
| Missouri | Yes | First 3 digits if first 3 digits of ZIP has population >20,000 | Birth year |
| Montana | |||
| Nebraska | |||
| Nevada | Yes | State | In Years |
| New Hampshire | Yes | 5 digit zip code | In Years |
| New Jersey | Yes | 5 digit zip code | In Years |
| New Mexico | Yes | 3 digit zip code | In Years |
| New York | Yes | 5 digit zip code | Birth month and year |
| North Carolina | Yes | 5 digit zip code | In Years |
| North Dakota | |||
| Ohio | |||
| Oklahoma | Yes | 5 digit zip code | Age Group |
| Oregon | Yes | 3 digit zip code | In Years |
| Pennsylvania | Yes | 5 digit zip code | In Years |
| Rhode Island | Yes | Removed in 2007 | In Years |
| South Carolina | Yes | County | Age Group |
| South Dakota | Yes | 5 digit zip code | In Years |
| Tennessee | Yes | County, 5 digit zip code | In Years |
| Texas | Yes | 5 digit zip code (last two digits are blank if a ZIP code has fewer than 30 cases) | Age Group (expanded for HIV/drug/alcohol) |
| Utah | Yes | 5 digit zip code | Age Group |
| Vermont | Yes | 3 digit zip code (categories; 5-digit if pop>10k) | Age Group |
| Virginia | Yes | 5 digit zip code | In Years |
| Washington | Yes | 5 digit zip code | In months |
| West Virginia | Yes | State | In years |
| Wisconsin | Yes | 5 digit zip code | In years |
| Wyoming |
Below are specific combinations of other fields available by each state that are not necessarily compliant with HIPAA.
| State | Admission Date | Discharge Date | Discharge Status |
|---|---|---|---|
| Alabama | |||
| Alaska | |||
| Arizona | Year, Month, Hour | Year, Month, Hour, Length of Stay | Yes |
| Arkansas | Year, Month, Hour | Year, Month, Hour, Length of Stay | Yes |
| California | Year, Quarter | Year, Length of Stay | Yes |
| Colorado | Year, Month, Date, Hour | Year, Month, Day of Week, Length of Stay | Yes |
| Connecticut | |||
| Delaware | |||
| District of Columbia | |||
| Florida | Year, Hour | Year, Length of Stay | Yes |
| Georgia | |||
| Hawaii | Year, Month | Year, Month, Length of Stay | Yes |
| Idaho | |||
| Illinois | Year, Quarter | Year, Quarter | Yes |
| Indiana | |||
| Iowa | Year, Month, Date | Year, Month, Day of Week | Yes |
| Kansas | |||
| Kentucky | Year, Quarter, Length of Stay | Yes | |
| Louisiana | |||
| Maine | Date | Date | Yes |
| Maryland | Year, Month | Year, Length of Stay | Yes |
| Massachusetts | Year, Month | Year, Length of Stay | Yes |
| Michigan | |||
| Minnesota | |||
| Mississippi | |||
| Missouri | Year, Hour | Year, Hour, Length of Stay | Yes |
| Montana | |||
| Nebraska | |||
| Nevada | Year, Month, Hour | Year, Month, Hour, Length of Stay | Yes |
| New Hampshire | Year, Hour | Year, Hour | Yes |
| New Jersey | Year, Month, Hour | Year, Hour, Length of Stay | Yes |
| New Mexico | Year, Month, Hour | Year, Month, Hour, Length of Stay | Yes |
| New York | Year, Month | Date | Yes |
| North Carolina | Year, Month | Year, Month | Yes |
| North Dakota | |||
| Ohio | |||
| Oklahoma | Year, Month, Day of Week | Year, Month, Day of Week | Yes |
| Oregon | Year, Length of Stay | Yes | |
| Pennsylvania | Year, Day of Week, Hour | Year, Day of Week, Hour, Length of Stay | Yes |
| Rhode Island | Year, Month | Year, Month, Length of Stay | Yes |
| South Carolina | Year, Month, Day of Week | Year, Month, Day of Week, Length of Stay | Yes |
| South Dakota | Year, Month | Year, Length of Stay | Yes |
| Tennessee | Date, Hour | Date | Yes |
| Texas | Year, Day of Week | Year, Quarter, Length of Stay | Yes |
| Utah | Year, Quarter, Length of Stay | Yes | |
| Vermont | Year, Length of Stay | Yes | |
| Virginia | Year, Quarter | Year, Quarter, Length of Stay | Yes |
| Washington | Year, Hour | Month, Hour, Length of Stay | Yes |
| West Virginia | Year, Length of Stay | Yes | |
| Wisconsin | Year, Quarter, Length of Stay | Yes | |
| Wyoming |