Ivanova/Willens: Medical Data Breaches

A proposed title or headline

Who’s losing your data?

A story slug — up to three words that capture the essence of your story

Data breaches

Key elements

– Since 2009, more than 2.5 million medical records have been lost or stolen in New York State. That means one in ten New Yorkers has had their data compromised.

– Institutions reporting breaches of medical data run the gamut from insurance providers to public hospitals to prestigious university-affiliated medical centers.

– The overwhelming majority of these breaches occur with electronic (not paper) records.

A news hook, or explanation of why this story matters now

In brief, medical data means big money–both for its legitimate users and to people selling it on the black market.

The New York State Department of Health is on the verge of rolling out the State Health Information Network of New York (SHIN-NY), a network that allows patients’ medical information to travel more easily between providers. While medical providers stand to gain “bonuses” in the form of federal money for converting to medical records, patient advocates have raised concerns with the project, including lack of transparency and patient consent.

We want to show the extent to which data breaches exist in the current system, and the overlap between institutions that can’t secure their data now with those who will be part of the SHIN-NY (spoiler: there’s a lot of them.)

Links to data

Data breaches in New York state since 2009: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

A cleaned-up file is here (that we’re trying to geocode):


We’re also thinking about ways to map overlaps in patients of the various entities on teh “breach list.” In other words, how likely is it that someone who’s a patient at Doctor X’s also has a health plan with carrier y? Possibility here for an intelligent guess about how many people have had their medical records compromised more than once.


Dr. Latanya Sweeney, Harvard/FTC — technologist & privacy expert. latanya@fas.harvard.edu

Dr. Deborah Peel, founder, Patients’ Privacy Rights. dpeelmd@patientprivacyrights.org

Corinne Carey, New York Civil Liberties Union; advisor to SHIN-NY. ccarey@nyclu.org.

Eric Fader, health care lawyer, Day Pitney.  efader@daypitney.com // (212) 297 2413