HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Privacy schmivacy! Obviously, if you don't want your personal medical information shared or stored on Google's servers...don't go to a hospital. Duh.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Privacy Concerns Over Patient Data Uploaded To Google Servers
- Thread starter HardOCP News
- Start date
temujin987
[H]ard|Gawd
- Joined
- Jun 24, 2008
- Messages
- 1,351
i wonder how much money it takes to overrule decision makers' common sense. probably not much anyway since it requires a lack of soul in the first place as we know from dilbert.
TechLarry
RIP [H] Brother - June 1, 2022
- Joined
- Aug 9, 2005
- Messages
- 30,481
When the government speaks of privacy, it is only lip-service. They really don't give a shit no matter what they say.
Shit like this is yet another indicator this is so.
Next thing you know, they'll want to lease excess Target Server space.
Shit like this is yet another indicator this is so.
Next thing you know, they'll want to lease excess Target Server space.
Twisted Kidney
Supreme [H]ardness
- Joined
- Mar 18, 2013
- Messages
- 4,103
I think Google® has proven they're utterly and completely trustworthy with your most intimate data. You can trust Google® to look after your best interests in any situation*.
*: Statement assumes that Google's profits are in your best interests.
*: Statement assumes that Google's profits are in your best interests.
Yakk
Supreme [H]ardness
- Joined
- Nov 5, 2010
- Messages
- 5,810
It's only a matter of time really, privacy is out of fashion now...
Kinda reminds me of the movie Gattaca.
Funny this came up because I work in the Texas Medical Center as a Sr. Bus. Sys Analyst and this has been an interesting year for us here as we onboard cloud storage.
Because of HIPAA, data handling standards are different (somewhat) in the U.S.
Any third party vendor must sign a Business Associates Agreement with the healthcare institution/provider which means, in essence, the vendor will treat the data to the same standard(s) as the healthcare institution.
All data must be encrypted in transit and at rest (AES 256) and the encryption keys must be held by the data owner institution, not the storage provider (Google, AWS, Box, Dropbox, et al).
All transactions must be logged and those logs themselves must be proven to be untamperable.
If Google (or any other vendor) were to release protected data, either deliberately or accidentally, they would find themselves on the wrong side of the Office of Civil Rights, and that is a bad place to be.
Because of HIPAA, data handling standards are different (somewhat) in the U.S.
Any third party vendor must sign a Business Associates Agreement with the healthcare institution/provider which means, in essence, the vendor will treat the data to the same standard(s) as the healthcare institution.
All data must be encrypted in transit and at rest (AES 256) and the encryption keys must be held by the data owner institution, not the storage provider (Google, AWS, Box, Dropbox, et al).
All transactions must be logged and those logs themselves must be proven to be untamperable.
If Google (or any other vendor) were to release protected data, either deliberately or accidentally, they would find themselves on the wrong side of the Office of Civil Rights, and that is a bad place to be.
How, exactly?
Regardless, this situation is in no way the fault of Google. A third party had patient data and dumped it onto a BigQuery analytics server space. But this is all overblown. From a source actually based in the UK, and isn't crappy Engadget:
"PA Consulting used a product called Google BigQuery to manipulate the datasets provided and the NHS IC [HSCIC] was aware of this. The NHS IC had written confirmation from PA Consulting prior to the agreement being signed that no Google staff would be able to access the data; access continued to be restricted to the individuals named in the data sharing agreement." http://www.v3.co.uk/v3-uk/news/2332066/concerns-over-nhs-google-bigquery-practices-as-patient-data-controversy-rumbles-on
All parties knew what was happening. Purportedly the agreement was covered by whatever the equivalent of HIPAA is in the UK. The only reason this is getting attention is because they used a "GOOGLE" service, vs some other no-name analytics service.
Clickbait
TechLarry
RIP [H] Brother - June 1, 2022
- Joined
- Aug 9, 2005
- Messages
- 30,481
Sure it is. Google is solely, 100% responsible for people not trusting them any more.
Nenu
[H]ardened
- Joined
- Apr 28, 2007
- Messages
- 20,315
I wasnt asked if my data could be put on Google.
Seems like they really give a damn.
Seems like they really give a damn.
How? Exactly? Seriously--a serious answer; what is it google did that fosters that attitude? What is distrusting about Google vs. any other online, free, public, cloud-based service? To be quite frank, I trust them far more than most other solutions. Google doesn't care who I am. All of their aggregate data is anonymized. There's no person at Google that reads my emails; it's all a bunch of algorithms that result in targeted advertisements and marketing. Google doesn't even sell user data to 3rd parties (outside of when a user explicitly allows it by some 3rd party app/service agreement). Best yet, when it comes to account security and integrity, Google is head and shoulders above the rest. I feel much safer with my data being in Google than most other places.
Semantics
2[H]4U
- Joined
- May 18, 2010
- Messages
- 2,811
It's TOS tend to always be worded so they gain the most legal power this includes to retaining the rights of any data uploaded to them. In stark contrast to competing services such as onedrive or dropbox, so people don't trust them as other companies don't do the same so people beg the question.
Funny this came up because I work in the Texas Medical Center as a Sr. Bus. Sys Analyst and this has been an interesting year for us here as we onboard cloud storage.
Because of HIPAA, data handling standards are different (somewhat) in the U.S.
Any third party vendor must sign a Business Associates Agreement with the healthcare institution/provider which means, in essence, the vendor will treat the data to the same standard(s) as the healthcare institution.
All data must be encrypted in transit and at rest (AES 256) and the encryption keys must be held by the data owner institution, not the storage provider (Google, AWS, Box, Dropbox, et al).
All transactions must be logged and those logs themselves must be proven to be untamperable.
If Google (or any other vendor) were to release protected data, either deliberately or accidentally, they would find themselves on the wrong side of the Office of Civil Rights, and that is a bad place to be.
This. Google has to follow all applicable laws for the storage of health related records. They just happen to be using Google as their storage provider or whatever. Just because your information isn't secure doesn't mean that your health information stored in a similar way is not secure. There are far larger consequences for leaky health records than for your leaky school reports on gdrive.
jojo69
[H]F Junkie
- Joined
- Sep 13, 2009
- Messages
- 11,267
what is all the fuss about
I am absolutely certain that Google did not hoover any of that data while it was on their servers.
I mean...such a thing is not even conceivable...
I am absolutely certain that Google did not hoover any of that data while it was on their servers.
I mean...such a thing is not even conceivable...
How does your unsubstantiated comment align with the following? And this is probably the tip of the iceberg.
https://duckduckgo.com/?q=google+engineer+stalked+girls
Kudos for trying. Really, nice try, but that is a story of someone abusing their position and illegally accessing user content. Explain to me what that has to do with goggle's policies. No company can prevent some crazy off their rocker person from abusing the access they are given. It has nothing to do with the company's policies. Plus, he was promptly fired. As a course of googles analytics and data, it's anonymized. I don't care about people who abuse their access.
Quoting your falsehood claims
Quoting your contradicting yourself
and that you
does not negate the OP "Privacy Concerns Over Patient Data Uploaded To Google Servers".
Quoting your contradicting yourself
and that you
does not negate the OP "Privacy Concerns Over Patient Data Uploaded To Google Servers".
Again, none of that is specific to google's policies. It's a person acting against company policy, improperly accessing info they are not authorized to, and getting fired because of it. It does not define a policy of improper access to user data. On the contrary, it shows that improper access to user data is AGAINST company policy the company is committed to enforcing that.
Are you trying to use a special case where someone got fired for improper and unauthorized access/use of account data to prove google has a policy to abuse user data and not protect it? it just proves the contrary. You haven't said anything of substance.