Cloud storage debacle marks hospital’s third privacy incident in a year

Grazed from FierceHealthIT. Author: Dan Bowman.

Information for more than 3,000 patients at Oregon Health & Science University was put at risk when medical residents stored the data on a password protected cloud computing system, the institution announced this week. The potential data breach is the third such reported incident to occur at the university in less than a year, and the fifth since 2008.

In May, a faculty member at the university’s school of medicine found that residents in the Division of Plastic and Reconstructive Surgery were using Google Drive and Google Mail to maintain a spreadsheet of patients that was accessible among department members in real time. A subsequent investigation determined that similar practices had taken place in the hospital’s Department of Urology and in Kidney Transplant Services. Those patients impacted–3,044 in all–were admitted to the hospital between Jan. 1, 2011 and July 3 of this year…

Data posted to the various spreadsheets included patient names, medical record numbers, dates of service, age, provider name and diagnosis/prognosis; addresses were posted for 731 patients, as well. Social Security numbers, dates of birth and financial information such as bank account and credit card numbers were not among the stored information, according to the university…

Read more from the source @ http://www.fiercehealthit.com/story/cloud-storage-debacle-marks-hospitals-third-privacy-incident-year/2013-07-30