Information Security News
mailing list archives
OHSU alerts patients of Google cloud security concerns
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 30 Jul 2013 08:05:14 +0000 (UTC)
By Patrick Ouellette
July 29, 2013
In a rare data patient privacy issue involving patient data stored in the
cloud, Oregon Health and Science University (OHSU) alerted 3,044 patients
on July 26 that it had stored their data using a non-business associate
(BA) in Internet-based service provider Google.
According OHSU, Google Drive and Google Mail have security features in
place that include password protection and it doesn't appear as though any
data has been inappropriately accessed. But since Google isn't a OHSU BA
and there’s no contractual agreement in place to use or store OHSU patient
health information, the organization isn't sure that Google has the proper
privacy policies in place to handle protected health information (PHI).
Google's terms of service apparently say that the data stored with its
infrastructure can be used for the "purpose of operating, promoting, and
improving [its] Services, and to develop new ones."
Since OHSU can't get Google's word (as of now) that its PHI hasn't been,
and will not be in the future, used to develop Google's services, it
removed all PHI from Google's services and sent out this letter to all
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
- OHSU alerts patients of Google cloud security concerns InfoSec News (Jul 30)