News for Public Officials - Thursday, March 2, 2006
For years, Fort Bend County Clerk Dianne Wilson has boasted of her ability to provide the world with sensitive information about county citizens via her website. She claimed the information was public and that she was required by open records law to provide access. This, in spite of the fact that no Texas law requires county clerks to provide access over the Internet. As it turns out, the information Wilson provided may not have been public according to federal law.
Two local newspapers recently made Freedom of Information Act requests for access to a study that may indicate Wilson violated federal privacy statutes, in particular the Health Insurance Portability and Accountability Act. HIPAA protects the security and privacy of health data. County officials have refused both requests citing conflicting reasons.
What health data was breached?
Fort Bend Herald reporter B.J. Pollack asked the County Clerk about the medical information available through the Clerk's Website in an interview last December . Wilson said medical data is not made public through her office, and when told about medical information of a family member of hers obtained through the county clerk's Web site, she had no response. Wilson filed the medical documents as guardian of a family member. She published the documents over the Internet in her official
capacity of guardian of all records filed with the County Clerk's office.
In The Lives of Three Citizens , News for Public Officials examined the financial and medical information the Fort Bend County Clerk publishes on her Website. Looking at the medical records Wilson published on just one former county employee revealed huge amounts of medical information. Although we only looked at documents of three citizens, there were thousands of similar medical reports contained in digital images published on Wilson's site. Sugar Land consultant HIPAA Solutions would have found the same records.
Can the breach be corrected?
After The Lives of Three Citizens was published Wilson purged all probate record images from the county website claiming her vendor was developing software to "redact" the Social Security numbers. Social Security numbers are protected under several state and federal statutes. Purging the probate files only removes the documents from her Website. Copies she previously displayed or sold in bulk are currently offered all over the world. She will not be able to recover them. We documented this in Courthouse for Sale - Cheap.
Will redaction software protect Fort Bend County citizens?
The answer to this question can be found in another News for Public Officials report. In The Truth About Redaction Software we document the fallacy of attempts to retroactively redact anything once it has been published over the Internet. Redaction software has been proven to be only partially successful at removing some Social Security numbers from some official documents. These programs do nothing to remove medical or other sensitive information.
Whose selling this information?
In a 568 word, one paragraph rant to Fort Bend Now, Wilson claims the attorney who provided the HIPAA compliance audit "was really a software salesman attempting to peddle his HIPAA software". Wilson is not an attorney although she claims to be a doctor with a PhD. We documented Wilson's problems with the bogus PhD claim in When Government Officials Aren't What They Seem .
It is ironic that Wilson would call anyone a software peddler. She is well known for promoting the software developed by her own vendors. As late as April of last year Hart Intercivic issued a press release calling Wilson a " pioneer in electronic government". The press release goes on to say, "The Fort Bend County Clerk’s Office has long been on the forefront of implementing technology solutions . . .", evidently touting her ability to sell the programs to county government. The press release offers some examples of Wilson's sales pitches.
Who or what are some Fort Bend County Officials trying to protect? Why is a county so willing to publish the sensitive records of its citizens so reluctant to release a report the citizens paid for? HIPAA is a federal statute and violations are investigated by federal agents.
Concerned citizens we spoke with late Thursday night were considering asking the FBI to investigate.