HIPAA Blog

[ Tuesday, July 30, 2013 ]

Oregon Health & Sciences University Reports Cloud-Based Breach: An OHSU resident put medical information about 3000 patients on a spreadsheet and stored it on Google Drive, Google's cloud-based storage platform. I have to say it's not clear that this is a data breach -- it depends on the safeguards to prevent access by unauthorized users. According to OHSU's press release, Google Drive is password-protected; but OHSU doesn't have a BAA with them, and Google states that it may access information of Google Drive for Google's own purposes, such as improving services. That was apparently sufficient for OHSU to report the use as a breach. OHSU's other 3 big breaches involved stolen laptops or flash drives.

Jeff [11:34 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template