How vulnerable is data stored on cloud services like iCloud, SkyDrive, and Google Drive?

Joseph Videtto February 3, 2013
Ads by Google

Hi – I work in a school, and am contemplating collaborating with some teachers and therapists across the country and over the internet on some research projects.

Now – some of this research involves protected HIPAA protected data, for example, health information about particular students (looking to compare apples with apples – e.g. students with dyslexia and/or ADHD to other students with dyslexia and/or ADHD) and despite how common and obvious the signs of these formal DSM disabilities are, sharing details about such students over the internet MUST adhere to HIPAA laws.

How can I use the simplicity and wonderful features of either iCloud, SkyDrive or Google Drive while still adhering and duing diligence to the privacy of preserving and protecting the personal health information mandated by HiPAA ?

  1. dragonmouth
    February 14, 2013 at 9:23 pm

    I have worked supporting Health Department software systems for over 20 years. Most of the projects were subject to HIPAA regulations.

    My most important advice to you would be to consult a lawyer familiar with HIPAA requirements and regulations, rather than looking for help on public forums. From my experience, HIPAA requirements are very particular and stringent when it comes to protecting the privacy of medical data. It may not be enough to put a password and/or some encryption scheme on the medical records. You may not be legally allowed to store those records in the cloud. The HIPAA penalties for breaching the security of medical records are quite severe. With all due respect to MUO posters, unless they are very familiar with HIPAA requirements, their advice is worse than worthless, it could be dangerous to you. If you run afoul of HIPAA law based on their advice, it will be you that is facing the consequences, not the helpful posters. HIPAA Law and its enforcement by the government is not something to be trifled with.

    Just to give you an idea of how stringent HIPAA requirements are. When the software I was testing generated paper reports, at the end of the day I was required to either lock those reports up in a secure safe or to shred them. No piece of paper was ever to be left on my desk when I was not there. If that sounds to you like the inside of the CIA, you're getting the idea how tough HIPAA is.

  2. Imesh Chandrasiri
    February 5, 2013 at 3:52 am

    bad idea to put confidential data on cloud! it's a third party who offers you storage! that's all! even though, they have privacy policies and stuff, you still cannot rely on them! for an example, take what happened to mega upload. the users lost their valuable data. please reconsider using cloud storage for confidential data!

  3. Ron Lister
    February 5, 2013 at 1:17 am

    I wouldn't send any personal medical information protected by HIPPA one without concent and two over anything less then a private and encripted network. There are colaboration solutions out there, but one Cloud based encrypted real time meeting solution you might check out is Webex by Cisco. Im sure there is cost involved but im sure you could divide up the cost or budget for it.

  4. Claire Curtis
    February 4, 2013 at 10:13 pm

    It is normal is such research projects to strip the data of identifying data, and assign the case a number by which it can be referenced and discussed. Any paper accepted for publication would have to have this done anyway. Removing irrelevant personal data will also help the analysis or discussion to be impartial.
    An encrypted container should still be used, but it will be much less of an issue once identifying information is removed.

  5. M Trevino
    February 4, 2013 at 9:09 pm

    Have a look at ITWIN. You plug one half of device into PC, and the other half into your laptop or in this case the person you are sharing with. I seem to remember they recently added the ability to link/share between more than 2 devices.

  6. Lisa Santika Onggrid
    February 4, 2013 at 3:12 pm

    The others have already told you about the legal rules adhered by each sites, so I'm answering for your other question. How vulnerable the data is depends on the strength of your password, your network's security, and several other factors. Basically you need to make sure your network is free of spyware/keylogger.

  7. Switchblade Rebirth
    February 4, 2013 at 9:52 am

    I have to agree with Jake. Use truecrypt. For added security you might wanna add those files in a zip file, password protect it, and encrypt it with true crypt.

  8. ha14
    February 4, 2013 at 9:45 am

    i doubt they will read your stored information and use for their own purposes, if something happen then will be during the road when you collaborate with others, to be sure of device is HIPAA compliant then contact them support team. If the files you are sharing need to be confidential (HIPPA ...), use SharePoint or Office365 to store the files.

    Comparing Skydrive and Google Drive's privacy policy

    SkyDrive: Everything on SkyDrive that you upload is private until you tell us otherwise.

  9. susendeep dutta
    February 4, 2013 at 7:16 am

    If you do want to protect your data while still continue using the collaboration features offered by some cloud storage service providers,then BoxCryptor,SpiderOakand Wuala are good services which do encrypt your files on your machine(i.e. on client side)so that they even don't know how to decypt it and the data stored in it,hence adhring to HIPPA's rules.


  10. Jake Thompson
    February 4, 2013 at 3:29 am

    If you have highly classified information that you need to share, I would look more into a private network server with advanced encryption abilities.I agree with the first comment, Jan, in recommending TrueCrypt.

  11. Jan Fritsch
    February 3, 2013 at 11:47 pm

    Well, iCloud isn't really designed for collaboration. It is merely meant to connect your iOS device to your computer without relying on a "physical" connection like a cable or being on the same network.

    I don't think any of these services suits your needs on their own because they are only as secure as the password you chose, the computer you are using, the anti-virus installed, the services system, etc.

    As for the privacy and laws you always have to remember that you are giving those files out of your hand to an unknown third party connected to the entire internet. So at minimum you should put any and all of those files into an well encrypted container e.g. using TrueCrypt. before sending them off anywhere on the internet.

Ads by Google