Although Internet services like Gmail, Yahoo! Mail, Hotmail and Google Calendar are familiar to patients and doctors, use of such services in health care environments creates a serious privacy risk. The U.S. Department of Health & Human Services took action earlier this year when it discovered that Phoenix Cardiac Surgery, a five-physician clinic in Arizona, was posting patient appointments on the web using Google Calendar. As a result, the appointments could be found by anyone searching the Internet. Make sure your doctors and health care providers are not using consumer Internet services such as the ones identified above to store protected health information.
Health care providers should only use cloud services that are designed to comply with HIPAA and offer a HIPAA Business Associate Agreement.
You can contact PPR if you have questions or concerns about the use of consumer Internet services by health care providers and the security of your health information.