FileHippo Privacy Policy (Updated May 2017)

- Google recently updated its privacy policy, which could have a positive effect on patient data security. As of last week, Google began removing private medical records from its search results.

The Google “Removal Policies” page now lists “confidential, personal medical records of private people” as types of information it may remove from its search.

“Google search results are a reflection of the content publicly available on the web,” Google states on a Privacy & Terms FAQ page. “Search engines can’t remove content directly from websites, so removing search results from Google wouldn’t remove the content from the web. If you want to remove something from the web, you should contact the webmaster of the site the content is posted on and ask him or her to make a change.”

>Dig Deeper

On its page discussing removal policies, Google maintains that it usually does not remove dates of birth, addresses, and telephone numbers from its search results. However, the following data may be removed:

  • National identification numbers (i.e. US Social Security number, Argentine Single Tax Identification Number) 
  • Bank account numbers
  • Credit card numbers
  • Images of signatures
  • Nude or sexually explicit images that were uploaded or shared without your consent

The company added that it tries to determine “if a piece of personal information creates significant risks of identity theft, financial fraud, or other specific harms” when it is debating whether to remove that data from search results.

“We apply this policy on a case-by-case basis,” the website states. “If we believe that a removal request is being used to try and remove other, non-personal information from search results, we will deny the request. We usually don’t remove information that can be found on official government websites because the information is publicly available.”

Patient data becoming available through public search engines can create issues for both individuals and the healthcare provider that was in charge of keeping that data secure.

In 2016, a class action lawsuit stemming from a 2012 incident with PHI made searchable via an internet search engine resulted in a $7.5 million settlement.

Along with the settlement, St. Joseph Health System (SJHS) also had to set $3 million aside for patients who may apply for up to $25,000 each if they suffered identity theft.

The incident in question reportedly occurred at SJHS between 2011 and 2012 when the PHI was discovered online. One of the class members, Danna Graewingholt, found her health information was available online.

A hospital investigation found that potentially breached information included patient names, medical data such as body mass index, smoking status, blood pressure, lab results, diagnoses, medication allergies, demographic information, and advance directive status.

“In or around February 13, 2012, St. Joseph Health System (“SJHS”) sent letters to approximately 31,802 of its patients, notifying them that it had inadvertently made their personal health information publicly accessible on the Internet, thus allowing outside search engines to have access to the information,” the court documents read.

“The information was allegedly accessible from approximately February 2011 to February 2012.”

Plaintiffs filed a total of four causes of action in the case:

  • Violation of the Confidentiality of Medical Information Act
  • Negligence
  • Money had and received
  • Violation of the California Unfair Competition Law (UCL), California Business and Professionals Code, Section 17200, et. Seq

Several SJHS facilities were impacted, including Mission Hospital Regional Medical Center, St. Jude Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital, Petaluma Valley Hospital Auxiliary, The Auxiliary of Mission Hospital Laguna Beach, The Auxiliary of Mission Hospital Mission Viejo, Saint Joseph Hospital of Orange, Saint Joseph Hospital of Eureka and Redwood Memorial Hospital of Fortuna.

Source : https://healthitsecurity.com/news/updated-google-policy-may-affect-patient-data-security

Updated Google Policy May Affect Patient Data Security
Here’s Why Your Privacy Policy Can Cost You a Lot of Business
Control Windows 10 Privacy with WPD
French Legal and Regulatory Update - May 2017
Stack Exchange, Inc. Official Privacy Policy
What is the future of privacy, surveillance and policing technologies under Trump?
Oregon’s amendment of the Unlawful Trade Practices Act makes privacy policies and consumer contracts required reading.
Why we need to get serious about data privacy
23 Jun 2017, 0024 hrs IST
Digital security and due process: A new legal framework for the cloud era