Home page logo
/

isn logo Information Security News mailing list archives

OHSU alerts patients of Google cloud security concerns
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 30 Jul 2013 08:05:14 +0000 (UTC)

http://healthitsecurity.com/2013/07/29/ohsu-alerts-patients-of-google-cloud-security-concerns/

By Patrick Ouellette
HealthITSecurity.com
July 29, 2013

In a rare data patient privacy issue involving patient data stored in the cloud, Oregon Health and Science University (OHSU) alerted 3,044 patients on July 26 that it had stored their data using a non-business associate (BA) in Internet-based service provider Google.

According OHSU, Google Drive and Google Mail have security features in place that include password protection and it doesn't appear as though any data has been inappropriately accessed. But since Google isn't a OHSU BA and there’s no contractual agreement in place to use or store OHSU patient health information, the organization isn't sure that Google has the proper privacy policies in place to handle protected health information (PHI). Google's terms of service apparently say that the data stored with its infrastructure can be used for the "purpose of operating, promoting, and improving [its] Services, and to develop new ones."

Since OHSU can't get Google's word (as of now) that its PHI hasn't been, and will not be in the future, used to develop Google's services, it removed all PHI from Google's services and sent out this letter to all affected patients:

[...]

--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/

  By Date           By Thread  

Current thread:
  • OHSU alerts patients of Google cloud security concerns InfoSec News (Jul 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault