Google can harvest my data as it makes Google Now very powerful, which in rurn helps make my life easier to manage. It automatically informs and directs me with hotel and car rental reservations, that I should leave to an appointment by a certain time so I arrive on schedule, parcel deliveries tracking, TV shows it thinks I might like to watch, sports events and so on.
Hardware has now plateued in smart phones, its now all about the software and web services, this is where google is awesome.
Did you actually read the documents you've linked to? In order to stop Google from tracking your data, you have to sign a BAA- Business Associates Agreement. In other words, you have to pay Google to use their 'free' services if you want them to stop tracking your data. Even if you sign a BAA, Google determines which data to stop tracking. And those 'standards bodies' that Google lists are not the de-facto HIPPA gateways- the HHS secretary and Congress are. You have to appeal to them to verify HIPPA compliance- that's what every healthcare system in this country has to do on an annual basis.
'Hardware has plateaued'? Apple just sold over 10 million hardware devices in the first weekend of introduction. I'd take that plateau any day!
Google's business model will soon come around to bite Google pretty badly. There's increasing competition in this space, and the only thing that companies like Google and Facebook can to in order to keep things 'free' is to dig deeper and deeper into our lives in an attempt to remain viable. No thanks. I'm Google-free, and I'll remain Google-free.
RTA..... Google got on board with signing BAA's- meaning any company wishing to utilize Google's 'free' services will have to pay them. AND, any HIPPA compliance issues which may arise are the liability of the Business Associate, NOT Google. Meaning, if (and when) Google starts tracking de-identified (we hope) healthcare data on their cloud servers, they won't be liable for any privacy complaints brought about by some unlucky healthcare patrons.
If you read a bit further down in the article, you'll see that lawyers and the referenced admins aren't pleased at all with this announcement. Our hospital is staying as far away from Google as possible. But they were happy enough to buy shiny new iPads for all of their providers- that's got to say something about Healthcare IT departments and what they view as 'secure', doesn't it?
Did you actually read the documents you've linked to? In order to stop Google from tracking your data, you have to sign a BAA- Business Associates Agreement.
"The elephant in the room for Apple in healthcare is HIPAA and while the IBM alliance will undoubtedly help with enterprise IT security needs, how exactly the HealthKit data is stored and transferred remains a hot topic of discussion. HIPAA comes into play once this patient-entered data is transmitted into the hands of a covered entity such as a provider or business associate (BA) such as a contractor.
Former chief privacy officer for the Office of the National Coordinator for Healthcare IT (ONC) Joy Pritts, according to the report, said HIPAA becomes a factor only if a covered entity is involved in some form. “It is really difficult for consumers to know if their health information is protected by HIPAA because it’s so dependent on the specific facts,” Pritts said.
The Reuters piece adds that Apple has hired attorneys who have met with regulators in Washington, D.C. and will see to it that the pressure will be on providers, and not Apple, to comply with HIPAA. However, based on HIPAA language, providers have always had the main responsibility to keep patient data private and secure. But now with the HIPAA Omnibus Rule in effect, BAs must also have a significant role in HIPAA compliance.
The question is whether Apple would (1) become the provider’s BA and (2) if it will sign a business associate agreement (BAA). The discussions mentioned above with Mount Sinai, the Cleveland Clinic and Johns Hopkins all likely involve these compliance questions. But as we learned with Google Apps and Microsoft 365 with cloud data, providers will likely want answers and data protection assurances at some point."
Apple Cloud services are not HIPAA-compliant, tho that will probably change soon with the emphasis on health-related features and services.. Encryption was one of the keys needed for the cloud.
Did you actually read the documents you've linked to? In order to stop Google from tracking your data, you have to sign a BAA- Business Associates Agreement. In other words, you have to pay Google to use their 'free' services if you want them to stop tracking your data.
Since when were Google Apps "free" in the traditional sense? The last I checked, pricing starts $5/user/month, payable via credit or debit card.
Yes, actually I do. I'm chair of our Health Information Services committee at our hospital system. We scoured many of these 'agreements', and they're not worth the paper they're written on. Again, Google knows this, which is why they can purvey deceptive tag-lines like 'we're ISO compliant' on their websites in an effort to 'prove' compliance. We won't even touch one of these agreements unless it's been signed off by someone in the HHS business pyramid. To date, there are very few (Lumeris comes to mind, but for RIE purposes only) companies who have the certification for HIPAA compliance- neither Google nor Apple are on the list. Apple was smart- they went the cloud-opposite route with their Apple Pay and HealthKit initiatives. Google's got no such platform.
As the article that Relic so kindly linked to states:
“There is no such thing as being “HIPAA Certified” in cloud computing. Many hosting providers claim “HIPAA Compliance,” but they put the burden of any audits and assessments directly on their clients. The only hard evidence of best practices around security and privacy is a third party audit that is based on HHS’ Office of Civil Rights (OCR) Audit Protocol ? the same audit criteria that OCR uses for their audits. For us, this is more than just adherence to legislation, it’s a part of our company culture around protecting what we know to be our customers most valuable assets ? patient information.”Mike Klein ? Co?CEO of Online Tech, Inc.
And...
“Although business associates are now required to comply with the HIPAA Security Rule, my experience is that they have been really slow to respond. Many business associates are confused about whether or not they fall within the definition of a business associate and even more confused about their compliance requirements. There is a general understanding that they are required to sign a business associate agreement, but the notion that signing a business associate agreement makes you “HIPAA compliant” is naive and risky for everyone ? including covered entities and patients. When OCR begins enforcing HIPAA and levies hefty fines and penalties against business associates, they will wake up quickly. In the meantime, patients’ health information is at risk and I have seen a dramatic increase in breaches caused by business associates which have not implemented measures to comply with HIPAA’s Security Rule.” Linn Freedman, Partner ? Leader, Privacy & Data Protection Group ? Nixon Peabody, LLP
So YES, I'm well aware of what it means to be HIPAA compliant, and NO, Google and it's services are NOT HIPAA compliant (although Eric Schmidt will try to convince you otherwise)
If Google is "secure" why are Google's business apps and cloud NOT HIPPA Compliant for maintaining security and privacy of patient data???
That is because Google is not secure.
What do you use as a search engine if you don't mind me asking. I honestly don't understand what you guys do online that you need to be so worried about. Even if you do not use Google the second your online you are being tracked, governments, the sites you visit, everyone. I don't store any personal information about myself on the net except for my name and a public email address that contains nothing private. Personal email is from my one domain and a server connected to a dedicated line. I use cloud storage sure but there is nothing in there except for videos, pictures, code, programs and a few odds and ends, though none of it I would consider private. All private information is stored locally on my servers. I have a special credit card specifically for buying things online, which is actually rarity as I prefer going to shops and paying in cash. Billing address is a P.O. Box, I also use that address for online services that need one and a pre-paid phone number for sites that use it for security like Google. I don't trust anyone including Apple, you don't have to live in fear though as there are ways to protect yourself. I like Google's services and I'm not going to stop using them because their tracking or storing irrelevant information about me but I'm also a very benign person, I don't look at pornography, bomb making schematics, just tech, news, educational materials and forums. The other stuff is for the Tor Browser.
Yes, actually I do. I'm chair of our Health Information Services committee at our hospital system. We scoured many of these 'agreements', and they're not worth the paper they're written on.
So YES, I'm well aware of what it means to be HIPAA compliant, and NO, Google and it's services are NOT HIPAA compliant (although Eric Schmidt will try to convince you otherwise)
So in your opinion why has Apple always refused to sign a BAA if they're "not worth the paper they're printed on"?
A question too: Your hospital is using Apple Cloud services for storing and accessing HIPAA-protected patient data without a Business Associate Agreement with them?
In any event Google Apps/Cloud HIPAA-compliance is hardly something to bash them with with when Apple's unwilling to even sign a BAA in the first place. Whoever raised it here first as a privacy issue for Google didn't bother with much research beforehand. They would have been better off not mentioning it.
I'm so glad I left camp Android. They obviously track your data and pass it on to seemingly everyone who asks and then try and call it something else. Android users always criticise Apple for its "walled garden" but at least with Apples' walled garden only Apple has your data and they don't like passing it on.
There's a heap of reasons I prefer iOS and this is just one of them.
So in your opinion why has Apple always refused to sign a BAA if they're "not worth the paper they're printed on"? They're one of the very few (Dropbox is another) that refuses to accept any responsibility for HIPAA provisions.
Exactly- they know that cloud services aren't as secure as they need to be (yet). They don't want the liability, and they certainly don't want to pass the liability to their clients, like Google does. But Apple just secured a huge presence in the healthcare space with HealthKit. The customer now has the responsibility and option to relay healthcare information between them and their providers/healthsystems. What's more is, Apple collects NONE of this data. Their partnership with Epic EHR demonstrates this capability, specifically through Epic's 'MyChart' module. Information isn't saved on Apples servers- it's saved on Epic's servers (which ARE HIPAA compliant), and placed there by either the patient or his/her provider. Apple NEVER has access to this data.
This is an example of what Tim Cook means when he says the customer isn't the product at Apple. Apple introduced HealthKit with the sole intention of making our lives easier, not in an attempt to sell us. (we have yet to see if HealthKit will take off)
Exactly- they know that cloud services aren't as secure as they need to be (yet). They don't want the liability, and they certainly don't want to pass the liability to their clients, like Google does. But Apple just secured a huge presence in the healthcare space with HealthKit. The customer now has the responsibility and option to relay healthcare information between them and their providers/healthsystems. What's more is, Apple collects NONE of this data. Their partnership with Epic EHR demonstrates this capability, specifically through Epic's 'MyChart' module. Information isn't saved on Apples servers- it's saved on Epic's servers (which ARE HIPAA compliant), and placed there by either the patient or his/her provider. Apple NEVER has access to this data.
This is an example of what Tim Cook means when he says the customer isn't the product at Apple. Apple introduced HealthKit with the sole intention of making our lives easier, not in an attempt to sell us. (we have yet to see if HealthKit will take off)
I see you tossing around a lot of insinuations that Google Apps/Cloud are not made HIPAA-compliant when Google and the heath care provider enter into a BAA, or that Google won't accept any responsibility. Any evidence that they aren't? What about Apple services, HIPAA-compliant?
So in your opinion why has Apple always refused to sign a BAA if they're "not worth the paper they're printed on"?
A question too: Your hospital is using Apple Cloud services for storing and accessing HIPAA-protected patient data without a Business Associate Agreement with them?
In any event Google Apps/Cloud HIPAA-compliance is hardly something to bash them with with when Apple's unwilling to even sign a BAA in the first place. Whoever raised it here first as a privacy issue for Google didn't bother with much research beforehand. They would have been better off not mentioning it.
So, to be clear here, and I am neither agreeing nor disagreeing with you on this specific issue but obviously ... You do post on AI specifically and for the sole purpose of being an advocate for Google.
I really wonder why? I cannot imagine wanting to spend more than a few seconds on an Android web site, let alone years of painstakingly written double speak constantly defending Apple at every turn.
Comments
From February: Google cloud gets on board with HIPAA
http://www.healthcareitnews.com/news/google-cloud-gets-board-hipaa
The Tick.
Google Apps support HIPPA compliance: https://support.google.com/a/answer/3407054?hl=en
Google can harvest my data as it makes Google Now very powerful, which in rurn helps make my life easier to manage. It automatically informs and directs me with hotel and car rental reservations, that I should leave to an appointment by a certain time so I arrive on schedule, parcel deliveries tracking, TV shows it thinks I might like to watch, sports events and so on.
Hardware has now plateued in smart phones, its now all about the software and web services, this is where google is awesome.
Did you actually read the documents you've linked to? In order to stop Google from tracking your data, you have to sign a BAA- Business Associates Agreement. In other words, you have to pay Google to use their 'free' services if you want them to stop tracking your data. Even if you sign a BAA, Google determines which data to stop tracking. And those 'standards bodies' that Google lists are not the de-facto HIPPA gateways- the HHS secretary and Congress are. You have to appeal to them to verify HIPPA compliance- that's what every healthcare system in this country has to do on an annual basis.
'Hardware has plateaued'? Apple just sold over 10 million hardware devices in the first weekend of introduction. I'd take that plateau any day!
Google's business model will soon come around to bite Google pretty badly. There's increasing competition in this space, and the only thing that companies like Google and Facebook can to in order to keep things 'free' is to dig deeper and deeper into our lives in an attempt to remain viable. No thanks. I'm Google-free, and I'll remain Google-free.
From February: Google cloud gets on board with HIPAA
http://www.healthcareitnews.com/news/google-cloud-gets-board-hipaa
RTA..... Google got on board with signing BAA's- meaning any company wishing to utilize Google's 'free' services will have to pay them. AND, any HIPPA compliance issues which may arise are the liability of the Business Associate, NOT Google. Meaning, if (and when) Google starts tracking de-identified (we hope) healthcare data on their cloud servers, they won't be liable for any privacy complaints brought about by some unlucky healthcare patrons.
If you read a bit further down in the article, you'll see that lawyers and the referenced admins aren't pleased at all with this announcement. Our hospital is staying as far away from Google as possible. But they were happy enough to buy shiny new iPads for all of their providers- that's got to say something about Healthcare IT departments and what they view as 'secure', doesn't it?
[QUOTE url="/t/182652/eric-schmidt-says-google-far-more-secure-than-apple-denies-allegations-of-harvesting-data#post_2612044"]
[B]eskatt2[/B] [URL=/t/182652/eric-schmidt-says-google-far-more-secure-than-apple-denies-allegations-of-harvesting-data#post_2612044][IMG]/img/forum/go_quote.gif[/IMG][/URL]
If Google is "secure" why are Google's business apps and cloud NOT HIPPA Compliant for maintaining security and privacy of patient data???
That is because Google is not secure.[/QUOTE]
The acronym is HIPAA, not HIPPA, it stands for Health Insurance Portability and Accountability Act. Can entities like Google or Apple be truly HIPAA compliment, I don't think so or at least not yet. There is an interesting article in Forbes about it . [URL=http://www.forbes.com/sites/danmunro/2014/09/28/is-anyone-really-hipaa-compliant-in-healthcare/]http://www.forbes.com/sites/danmunro/2014/09/28/is-anyone-really-hipaa-compliant-in-healthcare/[/URL]
Do you actually know what a HIPAA Business Associate Agreement is? Apparently not so here's the explanation. FWIW Google Business customers do not pay extra for that agreement from what I understand about it. Microsoft does not charge for a BAA either.
http://searchhealthit.techtarget.com/definition/HIPAA-business-associate-agreement-BAA
AFAIK Apple still will not sign one accepting responsibility for the protection of patient data.
http://healthitsecurity.com/2014/08/13/apple-healthkit-collaboration-talks-hipaa-implications/
"The elephant in the room for Apple in healthcare is HIPAA and while the IBM alliance will undoubtedly help with enterprise IT security needs, how exactly the HealthKit data is stored and transferred remains a hot topic of discussion. HIPAA comes into play once this patient-entered data is transmitted into the hands of a covered entity such as a provider or business associate (BA) such as a contractor.
Former chief privacy officer for the Office of the National Coordinator for Healthcare IT (ONC) Joy Pritts, according to the report, said HIPAA becomes a factor only if a covered entity is involved in some form. “It is really difficult for consumers to know if their health information is protected by HIPAA because it’s so dependent on the specific facts,” Pritts said.
The Reuters piece adds that Apple has hired attorneys who have met with regulators in Washington, D.C. and will see to it that the pressure will be on providers, and not Apple, to comply with HIPAA. However, based on HIPAA language, providers have always had the main responsibility to keep patient data private and secure. But now with the HIPAA Omnibus Rule in effect, BAs must also have a significant role in HIPAA compliance.
The question is whether Apple would (1) become the provider’s BA and (2) if it will sign a business associate agreement (BAA). The discussions mentioned above with Mount Sinai, the Cleveland Clinic and Johns Hopkins all likely involve these compliance questions. But as we learned with Google Apps and Microsoft 365 with cloud data, providers will likely want answers and data protection assurances at some point."
Apple Cloud services are not HIPAA-compliant, tho that will probably change soon with the emphasis on health-related features and services.. Encryption was one of the keys needed for the cloud.
Did you actually read the documents you've linked to? In order to stop Google from tracking your data, you have to sign a BAA- Business Associates Agreement. In other words, you have to pay Google to use their 'free' services if you want them to stop tracking your data.
Since when were Google Apps "free" in the traditional sense? The last I checked, pricing starts $5/user/month, payable via credit or debit card.
[/quote]
Do you actually know what a HIPAA Business Associate Agreement is? Apparently not so here's the explanation.
http://searchhealthit.techtarget.com/definition/HIPAA-business-associate-agreement-BAA
AFAIK Apple still will not sign one accepting responsibility for the protection of patient data.
http://healthitsecurity.com/2014/08/13/apple-healthkit-collaboration-talks-hipaa-implications/
Yes, actually I do. I'm chair of our Health Information Services committee at our hospital system. We scoured many of these 'agreements', and they're not worth the paper they're written on. Again, Google knows this, which is why they can purvey deceptive tag-lines like 'we're ISO compliant' on their websites in an effort to 'prove' compliance. We won't even touch one of these agreements unless it's been signed off by someone in the HHS business pyramid. To date, there are very few (Lumeris comes to mind, but for RIE purposes only) companies who have the certification for HIPAA compliance- neither Google nor Apple are on the list. Apple was smart- they went the cloud-opposite route with their Apple Pay and HealthKit initiatives. Google's got no such platform.
As the article that Relic so kindly linked to states:
“There is no such thing as being “HIPAA Certified” in cloud computing. Many hosting providers claim “HIPAA Compliance,” but they put the burden of any audits and assessments directly on their clients. The only hard evidence of best practices around security and privacy is a third party audit that is based on HHS’ Office of Civil Rights (OCR) Audit Protocol ? the same audit criteria that OCR uses for their audits. For us, this is more than just adherence to legislation, it’s a part of our company culture around protecting what we know to be our customers most valuable assets ? patient information.” Mike Klein ? Co?CEO of Online Tech, Inc.
And...
“Although business associates are now required to comply with the HIPAA Security Rule, my experience is that they have been really slow to respond. Many business associates are confused about whether or not they fall within the definition of a business associate and even more confused about their compliance requirements. There is a general understanding that they are required to sign a business associate agreement, but the notion that signing a business associate agreement makes you “HIPAA compliant” is naive and risky for everyone ? including covered entities and patients. When OCR begins enforcing HIPAA and levies hefty fines and penalties against business associates, they will wake up quickly. In the meantime, patients’ health information is at risk and I have seen a dramatic increase in breaches caused by business associates which have not implemented measures to comply with HIPAA’s Security Rule.” Linn Freedman, Partner ? Leader, Privacy & Data Protection Group ? Nixon Peabody, LLP
So YES, I'm well aware of what it means to be HIPAA compliant, and NO, Google and it's services are NOT HIPAA compliant (although Eric Schmidt will try to convince you otherwise)
What do you use as a search engine if you don't mind me asking. I honestly don't understand what you guys do online that you need to be so worried about. Even if you do not use Google the second your online you are being tracked, governments, the sites you visit, everyone. I don't store any personal information about myself on the net except for my name and a public email address that contains nothing private. Personal email is from my one domain and a server connected to a dedicated line. I use cloud storage sure but there is nothing in there except for videos, pictures, code, programs and a few odds and ends, though none of it I would consider private. All private information is stored locally on my servers. I have a special credit card specifically for buying things online, which is actually rarity as I prefer going to shops and paying in cash. Billing address is a P.O. Box, I also use that address for online services that need one and a pre-paid phone number for sites that use it for security like Google. I don't trust anyone including Apple, you don't have to live in fear though as there are ways to protect yourself. I like Google's services and I'm not going to stop using them because their tracking or storing irrelevant information about me but I'm also a very benign person, I don't look at pornography, bomb making schematics, just tech, news, educational materials and forums. The other stuff is for the Tor Browser.
So in your opinion why has Apple always refused to sign a BAA if they're "not worth the paper they're printed on"?
A question too: Your hospital is using Apple Cloud services for storing and accessing HIPAA-protected patient data without a Business Associate Agreement with them?
In any event Google Apps/Cloud HIPAA-compliance is hardly something to bash them with with when Apple's unwilling to even sign a BAA in the first place. Whoever raised it here first as a privacy issue for Google didn't bother with much research beforehand. They would have been better off not mentioning it.
There's a heap of reasons I prefer iOS and this is just one of them.
So in your opinion why has Apple always refused to sign a BAA if they're "not worth the paper they're printed on"? They're one of the very few (Dropbox is another) that refuses to accept any responsibility for HIPAA provisions.
Exactly- they know that cloud services aren't as secure as they need to be (yet). They don't want the liability, and they certainly don't want to pass the liability to their clients, like Google does. But Apple just secured a huge presence in the healthcare space with HealthKit. The customer now has the responsibility and option to relay healthcare information between them and their providers/healthsystems. What's more is, Apple collects NONE of this data. Their partnership with Epic EHR demonstrates this capability, specifically through Epic's 'MyChart' module. Information isn't saved on Apples servers- it's saved on Epic's servers (which ARE HIPAA compliant), and placed there by either the patient or his/her provider. Apple NEVER has access to this data.
This is an example of what Tim Cook means when he says the customer isn't the product at Apple. Apple introduced HealthKit with the sole intention of making our lives easier, not in an attempt to sell us. (we have yet to see if HealthKit will take off)
Their shop window is a Search Engine...
I trust Google least out of all the tech giants.
I could be one of their greatest assets but I would not work for them if Eric called me personally.
I see you tossing around a lot of insinuations that Google Apps/Cloud are not made HIPAA-compliant when Google and the heath care provider enter into a BAA, or that Google won't accept any responsibility. Any evidence that they aren't? What about Apple services, HIPAA-compliant?
I am not taking one side or the other but ... 'AI Readers' ... really? Way to generalize.
No, there are no Russian troops in Crimea, or Ukraine for that matter!
So, to be clear here, and I am neither agreeing nor disagreeing with you on this specific issue but obviously ... You do post on AI specifically and for the sole purpose of being an advocate for Google.
I really wonder why? I cannot imagine wanting to spend more than a few seconds on an Android web site, let alone years of painstakingly written double speak constantly defending Apple at every turn.