The Oregon Health & Science University has notified 3,044 patients that their protected health information has been compromised after several residents and physicians-in-training inappropriately used Google cloud services to maintain a spreadsheet of patient data.
The Google cloud Internet-based service provider is not an OHSU business associate with a contractual agreement to use or store OHSU patient health information, according to officials.
This is OHSU’s fourth big HIPAA breach since 2009 and third big breach just in the past two years, according to data from the Department of Health and Human Services.
The data for the majority of the patients compromised included patient names, medical record numbers, ages, provider names, diagnoses and dates of service. For 731 of those patients, the data also included addresses.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
This past May, an OHSU official discovered residents and physicians-in-training within the Division of Plastic and Reconstructive Surgery were using cloud services to maintain a spreadsheet of patients. Their intent, according to an OHSU notice, was to provide each other accurate information about who was admitted to the hospital under the care of their division.
Date: July 29, 2013