HIPAA Helper
Who is Revealing Your Private Medical Information?
For the first time, you can easily search whether your hospital, clinic, pharmacy or health insurer has been named in patient privacy complaints, breaches or violations. This tool includes data from the U.S. Department of Health and Human Services Office for Civil Rights (which enforces HIPAA), the California Department of Public Health (which enforces California’s medical privacy laws) and the U.S. Department of Veterans Affairs (which tracks privacy violations at its vast network of veterans hospitals and clinics). Related Story: Few Consequences For Health Privacy Law’s Repeat Offenders
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Search Privacy Violations, Breaches and Complaints
Where HIPAA Violations Happen
Health providers with the most privacy complaints that resulted in corrective-action plans or “technical assistance” provided by the U.S. Department of Health and Human Services Office for Civil Rights from 2011 to 2014:
Notable Incidents
Culled from California Department of Public Health deficiencies and U.S. Department of Veterans Affairs privacy reports:
Do you believe your privacy has been violated? Here’s what you can do:
- File a complaint with the HHS Office for Civil Rights
- If you are a veteran, file a complaint with the VA
- If you are being treated at a California facility, contact the state Department of Public Health
- Tell ProPublica about it
Related Stories
Another VA Headache: Privacy Violations Rising at Veterans’ Medical Facilities
Deceased vets’ data has been sent to the wrong widows. Employees have snooped on the records of patients who’ve committed suicide. And whistleblowers say their own medical privacy has been violated. In response, the VA says patient privacy is a priority.
Few Consequences For Health Privacy Law’s Repeat Offenders
Regulators have logged dozens, even hundreds, of complaints against some health providers for violating federal patient privacy law. Warnings are doled out privately, but sanctions are imposed only rarely. Companies say they take privacy seriously.
Nursing Home Workers Share Explicit Photos of Residents on Snapchat
A ProPublica review found 35 cases since 2012 in which nursing home or assisted living workers surreptitiously shared photos or videos of residents on social media. At least 16 cases involved Snapchat.
Methodology: How We Analyzed Privacy Violation Data
ProPublica followed the paper trail to find out the health care facilities that repeatedly violated patient privacy laws. Find out how we did it.
Sources
Deficiencies cited by California Department of Public Health (January 1, 2012 to September 11, 2015, though some violations occurred earlier); Large privacy breaches reported to U.S. Department of Health and Human Services, Office for Civil Rights (January 1, 2011 to November 6, 2015); Complaints resolved by HHS Office for Civil Rights (January 1, 2011 to July 31, 2014); privacy incident reports within the U.S. Department of Veterans Affairs (January 1, 2011 to June 29, 2015).
Top 10 by Agency
California Department of Public Health
California hospitals with the most deficiencies cited:
HHS Office for Civil Rights
Organizations with the most complaints and large breach reports:
| Name | Reports |
|---|---|
| U.S. Department of Veterans Affairs | 337 |
| CVS Health | 227 |
| Walgreens | 200 |
| Kaiser Permanente | 186 |
| Walmart | 78 |
| Lab Corp | 63 |
| Rite Aid | 60 |
| Quest Diagnostics | 59 |
| Express Scripts | 55 |
| United Healthcare | 52 |
U.S. Department of Veterans Affairs
VA facilities with the most privacy incidents: