How Private is Private?

An exploration of data privacy in healthcare

Why does this matter?

We all know data gets passed around somehow. By some people. In some way. Surprisingly, though, breaches in health data are much more common than we might think, and the extent of impact is shockingly broad.

Happens way too often

A large breach in health data in America occurs on average more than once per day.

US Department of HHS 

Affects all of us

More than 8.9 billion health records have been breached in the past 14 years alone.

Download the Data 

Often easily avoidable

The US Secret Service estimates that 96% of breaches are avoidable through simple or intermidate controls.

Data Breach Investigations Report 

Maybe a story will bring light to the gravity of this issue...

Meet Nathan.

Nathan is a middle-aged man living in the United States. He has worked since graduating college and likes to dabble in pottery and d3.js blogs in his free time. Nathan recently found it he has liver cancer and has been going to the hospital frequently for treatment.

Your data travels. A lot.

Little does Nathan know, when he goes to the hospital or doctor's office the information collected about his health and personal identity is distributed very widely. Dozens of entities are involved in a complex web of interactions among insurance companies, physicians, and beyond. The additional connection to any node in this network expands the vulnerability of Nathan's sensitive health data...

Explore the Data

An unlikely threat.

One day, Nathan receives a letter from his health insurance company, Anthem, asking about his plan coverage with a "priority code" on the outside of the envelope. While seemingly harmless, the "code" is made up of Nathan's social security number plus two additional digits. This leaves Nathan's sensitive information associated with his Social Security number exposed to anyone aware of Anthem's mistake.

Breaches Reported Across the US

How to Use

Hover over boxes to see state-specific data. Click and drag your cursor over the timeline below to explore the distributions of breaches from 2005 to 2018. Filter by company category using the dropdown above.

This is reality.

While Nathan's misfortune seems like an odd story, this breach actually happened in April 2011. More than 78 million individuals were affected. Thousands of breaches just like this one occur throughout the United States.

Fortunately legislation is being passed at a state level that forces companies to disclose these breaches to the public. California has the strictest laws, but today all 50 states have passed legislation forcing companies to report breaches in their data causing more and more of these breaches to be exposed.

A purchase.

While Nathan attempts to remedy his situation, his personal information is collected by South Carolina (the state he resides in). South Carolina in turn can sell this data to interested buyers, including WebMD Health, Truven Health Analytics, and Milliman, for over $53,000.

How to Use

Hover over bars to see the discharge price for each state.

Figure 4: The discharge price for health data for states in the United States.

States are not helping. They're making money.

This story is common among many states, as 47 states sell discharge data for a price (ranging from $25 to over $93,000). In terms of the distribution of discharge prices, Colorado ($93,303) and South Carolina ($53,188) have much higher discharge prices than the next closest state, Tennessee ($10,000).

An attack on the homefront.

As Nathan worries about the dispersal of his private information on his cancer treatments, he moves to using his personal smartphone instead to keep track of medicine, procedures, and his daily fitness routines. From Apple Health on his iPhone to Fitbit on his wrist, Nathan feels secure that his health data is kept close to him (literally). Little does he know...

How to Use

Hover over nodes to see app-specific data. Hover over legend labels to see more information about categories. Click and drag nodes to move them around. Filter by type of domain using the dropdown above.

Figure 3: The number of distinct domains each app shares data with in one session.

It's so close. But travels so far.

We use our phones every day. Surprisingly, these apps that contain our daily fitness tracking and health records share data with many different domains (often times third-party ones) that are vulnerable to security risks. Relative to other app categories including business (6.5), photo/video (8.6), and navigation (9) apps, health (9.25) and medical (10.3) apps have a higher average number of distinct domains that receive data per app session. Those with sensitive health/personal data, including lifestyle (8) and social (10.45), also share with a relatively high number of domains.

Don't end up like Nathan.

The data on health care privacy is much more shocking than we might think. Sensitive health data is spread through a complex network involving insurance companies, educational institutions, physicians, and more. As a result of this broad network, breaches are happening at an astonishing rate, increasing over time and across the United States. The individual stories of how these breaches are simultaneously unbelievable and strongly representative of the truth. Nathan's story is similar to 652 others in the same category of company. The problem is rooted so deeply it even extends to within reach of us (literally) through our smartphones, with health and medical apps relying on hundreds of online connections to transmit data.

What can you do about it? can help you file a complaint if you believe your health information privacy has been violated. You can keep up to date on healthcare data privacy issues. Also, you can update privacy settings on apps provided by companies such as Facebook and Google.

How to Use

Hover over a category node to see where it shares data to.

a category node to see that category's companies details.

Hover over any company to see details.
any company to show the categories network again.

Return to Story