Glen Rose Medical Center posted a patient record online and it stayed there for nearly 2 yearsSomervell County Salon-Glen Rose, Rainbow, Nemo, Glass....Texas

Glen Rose Medical Center posted a patient record on their web site!!

Glen Rose Medical Center posted a patient record online and it stayed there for nearly 2 years

27 March 2017 at 9:55:45 PM

In the past week I downloaded some reports that I knew were on the Glen Rose Medical Center web site. The reports that I was looking for were the Joint Commission Report and the Texas Department of Health and Human Services Report that were done on the Glen Rose Medical Center in December of 2014. I recall they were in a board packet. When I opened the board packet for January 2015 the pdf document that I opened on the Glen Rose Medical Center web site, I noticed the very last page contained a patient record. Here is a picture (redacted by me) of the patient record:

Needless to say I was kind of shocked that this patient record with SSN and all was there for me to see connected as any other user could with my browser.

My spouse Debbie contacted the family and notified them that Glen Rose Medical Center had posted their personal information on the Internet for anyone to see, which is how she was able to determine how to contact them. She even walked the family through downloading the document to their PC over the Internet so they had a copy themselves from the Glen Rose Medical Center web site.

The patient record posted online by the Glen Rose Medical Center contained the following information that was filled in, NOT encrypted, and freely available for anyone to download...clearly at least one HIPAA violation:

  1. Patient Full Name
  2. Patient Address
  3. Patient Age
  4. Patient Date of Birth (DoB)
  5. Patient Sex
  6. Patient Birthplace
  7. Patient Social Security Number (SSN)
  8. Patient Religion
  9. Patient Telephone
  10. Patient Emergency Contact information (Relationship/Address/Phone number)
  11. Patient Employer
  12. Patient Insurance Information
  13. Patient Medicare/Medicaid Information
  14. Attending Physician
  15. Patient Diagnosis
  16. Patient Alergies

The original pdf document, that has since been pulled finally TODAY I assume by request of the family, was included in a board packet for January 2015. The properties of the document indicate it was created at 10:59:01am on 8/20/2015 using a Canon iR-ADV 6055 PDF application. I can only assume file last modified indicates the time they finished scanning in all the data at 11:57:46am and the patient record was the last page (in a hurry to go to lunch?):

Assuming it was posted that same day, the patient record containing personal information was online for 585 days.

 Which brings up at least a few questions...

  1. Why was a patient record sitting in the CEO office, where the board packets are scanned in, at the time it was 'accidentally' scanned into the board packet by either the CEO or his assistant? This is giving them the benefit of the doubt that it was a mistake, what was the document doing in there to start with?
  2. Why didn't the CEO or his assistant check the PDF before OR after posting it? Where's the quality assurance in the CEO office at Glen Rose Medical Center?
  3. Who is going to be held accountable? Isn't the CEO responsible for this since it came from his office? Will he resign?
  4. Will the CEO Ray Reynolds report the HIPAA violation or will he try to avoid taking responsibility by not reporting?
  5. Will the board even bother to call a meeting to discuss or take any action to address the self-induced problem by the CEO for the Glen Rose Medical Center and now putting the Somervell County Hospital District at risk because of possible fines that may be forthcoming?
  6. Do you trust Glen Rose Medical Center with your data knowing this has happened to at least one person in the community?

I would suggest actually reading the Joint Commission Report but you are now warned that you may not feel so safe going to GRMC after doing so because there is a lot of the 'Insufficient Compliance' in there that may bother you.

Permalink Tags:          
     Views: 2531 
Latest Blog Post by pharper -County Attorney email implies the County Commissioners violated the Texas Open Meetings Act in closed session
More Posts You Might Enjoy
Part of your RAISED Somervell County Hospital District taxes going for Pecan Clinic in Hood County
Should Somervell County Hospital District Keep Records Past 90 days? They voted to delete video
On Texas Hospital Districts and Non-District Clinics and Whether The Ends Justify the Means
Video from Texas House & Senate Committees re: Rural Hospitals 2019

 You! Leave a Comment! You Know you Want To!
You must be a registered member to comment on the blog.
Your first post is held pending approval to make sure you're not a spammer bot

 Not registered? Or you can login!

LOGON - Name:Password:

New poster comments are moderated, meaning they won't show up until approved... or not.  Be patient-we have lives outside this blog, so it might take awhile You want to be rude? totally stupid? inappropriate? Racist? Bigoted? Flame war baiter? Your post may be deleted. Spammers or people posting pretend interest comments but really wanting to hawk their latest book or sell stuff or govt propaganda flacks won't see their posts published. Comments do not necessarily reflect the viewpoint of the site owner(salon).
If you have a problem with logging in or registering, please speak up right away. Love your comments. Oh, except spammers
More on commenting


Click Here for Main Page

Today Is  
Monday, December 16, 2019

Latest Posts

County Attorney email implies the County Commissioners violated the Texas Open Meetings Act in closed session
pharper 12/15/2019 Views 181

Somervell County Clerk Michelle Reynolds office posted inaccurate minutes for County Commissioners November 18, 2019 meeting
pharper 12/14/2019 Views 248

Should Govt Be able to exercise pardons for horrible people (Matt Bevins-KY)
salon 12/13/2019 Views 57

How Specific Does TOMA Notice Need to be (City of Austin v Lake Austin Collective, Inc)
salon 12/13/2019 Views 55

House Judiciary Committee Votes to Send Articles of Impeachment to the Full House for a Vote
salon 12/13/2019 Views 216

Video re: Danny Chambers Drag Racing Around the Square In Youth (Glen Rose)
salon 12/11/2019 Views 112

More Blog Headlines


salon > Quick update on this, via Pacer-Click on pic to see larger (Turk Case Update- Telephone Conference Hearing Set for March 8 2019 )

salon > Lance Been awhile. Send me an email at with the names of who you're talking about, above. Also, the newspaper editor is no longer local, ie officed here, but the paper is run.... (What Happened to Jerry Jacene? )

LanceHall > I'd love to see the Hotel Guest books and see if Jacene's name shows up long before he officially *found* the tracks.  I'd like to know if the Visitor's Bureau has emails wit.... (What Happened to Jerry Jacene? )

LanceHall > I see the land or that part of it is now in the hands of Glen Rose's own Corky Underwood. Is Jacene still involved?   I had already informed the Visitor Bureau manager (who's.... (What Happened to Jerry Jacene? )

Home | Blog Home | About | News | Piazza | Calendar | Audio/Video/Open Rec | Search
Write!  |profile | quotes |
top Daily | top Weekly |top Month | top Year | Top All! | archives | subscribe RSS