That is the famous motto of Google…”do no evil”.
Cloud storage is the current hot topic these days.
Many don’t realize that Gmail, Yahoo mail, AOL mail, etc are the precursor to cloud storage.
So, is there anything wrong with cloud storage?
Not if it is managed properly.
Today I was discussing with a client, and their IT person, an issue of transferring ePHI from one office to another.
Previously there was a VPN (virtual private network) setup that was just fine.
Unfortunately, one of the routers died and cut the VPN.
The IT person decided to start storing the ePHI within Google Docs.
Not only am I not a fan of this solution, I’m quite against it and will ensure if the practice stays with this solution, they will sign a release that states and clarifies my stance against this.
“But why?” says the IT guy, “it is 128 bit encryption.”
I don’t like it. I’m not comfortable with it. I will not OK it.
Beyond those statements, I was having trouble explaining my dislike of this solution.
Then Google helped me out.
This article in the UK’s Daily Mail really brings it home.
Essentially, as Google is out and about doing no evil, they are collecting tons of data on people. Not just your favorite coffee house, but ” sensitive information such as the bank details and medical records of residents…”
Let’s throw out the notion Google had any plans to actually do something with this data.
The real problem is what if Google “loses” your data?
Will you know it?
Will they tell you?
As a HIPAA consultant, I’m paid to be paranoid.
This does not always give my clients the answer they want to hear, but I do give answer they need to hear.
Understand this: HIPAA makes things more difficult, fixing things with your network or office are going to be a bit more challenging with HIPAA looking over your should.
But really, it is not that difficult to be compliant.
It does take effort, though.
Make sure you and your office put in the effort to be HIPAA compliant