NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2008-05

[Dataloss] Brownsville TX clinic posts medical data on line for 2 years

From: Henry Brown (hbrownknology.net)
Date: Sat May 03 2008 - 19:10:22 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.themonitor.com/articles/brownsville_11572___article.html/posts_accidently.html

BROWNSVILLE — All it took was a quick Internet search to yield private
medical information on more than two dozen Rio Grande Valley children.

Until Thursday, the Web site of a children's rehabilitation clinic here
had a link to spreadsheets containing the full names, phone numbers and
insurance status of about 25 patients.

The information was in a backup folder linked to the Web site, not on
the site's main page. But a link to the data pops up in a Google search.

An employee at a federal health agency discovered the information during
a routine Internet search, and tried to alert the clinic, as well as a
reporter.

Posting medical information online, unless patients have consented, is
likely a violation of federal privacy protections in the Health
Insurance Portability and Accountability Act of 1996, according to experts.

[...]
The clinic, New Beginnings Children's Therapy, removed the spreadsheets
from its Web server Thursday. Office manager Claudia Flores said she
didn't realize the information was posted to the site or accessible to
the public. The clinic had hired a company to back up some of its files
back in 2005, Flores said.

"We need to fix that - we don't want to violate any (laws)," Flores said
Thursday.

According to a time stamp on the site, the data was posted in December
2005, meaning the data might have been accessible for more than two years.

[...]

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]