[Dataloss] Brownsville TX clinic posts medical data on line for 2 years

[Henry Brown]

http://www.themonitor.com/articles/brownsville_11572___article.html/posts_accidently.html

BROWNSVILLE — All it took was a quick Internet search to yield private 
medical information on more than two dozen Rio Grande Valley children.

Until Thursday, the Web site of a children's rehabilitation clinic here 
had a link to spreadsheets containing the full names, phone numbers and 
insurance status of about 25 patients.

The information was in a backup folder linked to the Web site, not on 
the site's main page. But a link to the data pops up in a Google search.

An employee at a federal health agency discovered the information during 
a routine Internet search, and tried to alert the clinic, as well as a 
reporter.

Posting medical information online, unless patients have consented, is 
likely a violation of federal privacy protections in the Health 
Insurance Portability and Accountability Act of 1996, according to experts.

[...]
The clinic, New Beginnings Children's Therapy, removed the spreadsheets 
from its Web server Thursday. Office manager Claudia Flores said she 
didn't realize the information was posted to the site or accessible to 
the public. The clinic had hired a company to back up some of its files 
back in 2005, Flores said.

"We need to fix that - we don't want to violate any (laws)," Flores said 
Thursday.

According to a time stamp on the site, the data was posted in December 
2005, meaning the data might have been accessible for more than two years.

[...]