Google is now proactively removing protected health information (PHI) from search results provided to the public, helping to protect patients during HIPAA breaches.
Google recently made changes to its personal information policy regarding some of the information provided in search results. Google is now removing “confidential, personal medical records of private people.” Normally, Google requires the public to submit a request for removal of certain information. This is the first time that the company is removing information without that written request.
Google also specifies how decisions to remove personal information are made. If the information “creates significant risks of identity theft, financial fraud, or other specific harms,” they will investigate further to see if the information is a government-issued identification number, if it can be used for a financial transaction, or if it can be used to obtain more information that would lead to financial harm or identity theft.
Google notes that they won’t remove information that can be found on official government websites.
There have been many cases in the past where PHI was discovered after a Google search. A perfect example is when a Business Associate exposed Children’s National Health System PHI. A file site was misconfigured and patient information was searchable on the web. This affected more than 4,000 patients.
This will help protect patients who might be at risk during HIPAA breaches. It, however, will not help Covered Entities or Business Associates. There are many other search engines that might be able to pull up patient information. Also, if the information is publicly accessible, the number of affected individuals doesn’t change by the fact that you can’t find in a Google search.
To learn more about what you can do to protect your information and combat HIPAA breaches, join HIPAAgps today! If you want to see what vulnerabilities you might have on your network, contact our Partners at MainNerve and purchase a vulnerability scan for as low as $140.