In the past week I downloaded some reports that I knew were on the Glen Rose Medical Center web site. The reports that I was looking for were the Joint Commission Report and the Texas Department of Health and Human Services Report that were done on the Glen Rose Medical Center in December of 2014. I recall they were in a board packet. When I opened the board packet for January 2015 the pdf document that I opened on the Glen Rose Medical Center web site, I noticed the very last page contained a patient record. Here is a picture (redacted by me) of the patient record:
Needless to say I was kind of shocked that this patient record with SSN and all was there for me to see connected as any other user could with my browser.
My spouse Debbie contacted the family and notified them that Glen Rose Medical Center had posted their personal information on the Internet for anyone to see, which is how she was able to determine how to contact them. She even walked the family through downloading the document to their PC over the Internet so they had a copy themselves from the Glen Rose Medical Center web site.
The patient record posted online by the Glen Rose Medical Center contained the following information that was filled in, NOT encrypted, and freely available for anyone to download...clearly at least one HIPAA violation:
- Patient Full Name