https://www.wsj.com/articles/google-s-se...da02eb90b4

Google has apparently partnered with Ascension Health (the 2nd largest health system in the U.S.) to collect and crunch the detailed personal health information of millions of Americans across 21 states. The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth.

Neither patients nor doctors have been notified. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter and the documents.

Some Ascension employees have raised questions about the way the data is being collected and shared, both from a technological and ethical perspective, according to the people familiar with the project. But privacy experts said it appeared to be permissible under federal law. That law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), generally allows hospitals to share data with business partners without telling patients, as long as the information is used “only to help the covered entity carry out its health care functions.”

Google in this case is using the data, in part, to design new software, underpinned by advanced artificial intelligence and machine learning, that zeroes in on individual patients to suggest changes to their care.

(my edited respose) - 'Yeah, right.' The sooner the government breaks up Google, Amazon and other tech giants, the better.

(11-11-2019 05:47 PM)Fort Bend Owl Wrote:  https://www.wsj.com/articles/google-s-se...da02eb90b4

Google has apparently partnered with Ascension Health (the 2nd largest health system in the U.S.) to collect and crunch the detailed personal health information of millions of Americans across 21 states. The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth.

Neither patients nor doctors have been notified. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter and the documents.

Some Ascension employees have raised questions about the way the data is being collected and shared, both from a technological and ethical perspective, according to the people familiar with the project. But privacy experts said it appeared to be permissible under federal law. That law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), generally allows hospitals to share data with business partners without telling patients, as long as the information is used “only to help the covered entity carry out its health care functions.”

Google in this case is using the data, in part, to design new software, underpinned by advanced artificial intelligence and machine learning, that zeroes in on individual patients to suggest changes to their care.

(my edited respose) - 'Yeah, right.' The sooner the government breaks up Google, Amazon and other tech giants, the better.

I think the hospitals lose this case under the law. Patients have to specifically give up their data for research studies which is what this appears to be.

Call up the class action lawyers.

Yeah!! Targeted health ads coming to a browser near you, but it will just be a coincidence.

I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

By using your credit card you are authorizing transportation of the data. Health care data is just supposed to be in the hospital and your insurance companies.

(11-11-2019 06:58 PM)banker Wrote:  Yeah!! Targeted health ads coming to a browser near you, but it will just be a coincidence.

the boomers, health care funding, planned retirement communes, fda relaxing, etc....guaranteed that bs long ago....

my crew saw that coming decades ago....

there's a reason commercials dominate the boob tube and ad banners dominate the internutz vs. substance....

RUNNING JOKE

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

(11-12-2019 11:11 AM)bobdizole Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

if I wanted to hack you, I could....it simply isn't the route I choose daily...

be glad for that...there's aplenty that don't think that way....

@cashIsKing

(11-12-2019 10:44 AM)bullet Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

By using your credit card you are authorizing transportation of the data. Health care data is just supposed to be in the hospital and your insurance companies.

Again, I'm only speaking from an IT security perspective.

I don't like the idea of my medical records being available to whoever wants them while I'm not able to see my own daughter's records even though she's on my insurance.

I'm simply saying that I don't think google punks are sitting around looking at our medical data. They may be, but they'd be in violation of audit controls.

(11-12-2019 10:44 AM)bullet Wrote:  Health care data is just supposed to be in the hospital and your insurance companies.

Not really.... Mostly of course, but not totally.

It can't (under current interpretations) be used for targeting ads, but there are some people who would see this data used to violate people's rights, like gun licensing. Of course I'm being political here... but my point is that there are some legitimate reasons to need this data, mostly for academic purposes related to population health and access.

(11-12-2019 11:11 AM)bobdizole Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

We're looking at tokenization apps that will minimize our PCI scope. Frankly, I don't want anybody's credit card data.

(11-12-2019 01:10 PM)umbluegray Wrote:  

(11-12-2019 11:11 AM)bobdizole Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

We're looking at tokenization apps that will minimize our PCI scope. Frankly, I don't want anybody's credit card data.

which allows tracking data to continue....

(11-12-2019 01:10 PM)umbluegray Wrote:  

(11-12-2019 11:11 AM)bobdizole Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

We're looking at tokenization apps that will minimize our PCI scope. Frankly, I don't want anybody's credit card data.

We are rolling that out to anyone that wants it now. It is an investment for the customer, but p2p encryption is where it is at.

(11-11-2019 05:47 PM)Fort Bend Owl Wrote:  (my edited respose) - 'Yeah, right.' The sooner the government breaks up Google, Amazon and other tech giants, the better.

Finally, something besides Owls we agree on.

(11-12-2019 01:37 PM)stinkfist Wrote:  

(11-12-2019 01:10 PM)umbluegray Wrote:  

(11-12-2019 11:11 AM)bobdizole Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

We're looking at tokenization apps that will minimize our PCI scope. Frankly, I don't want anybody's credit card data.

which allows tracking data to continue....

But it takes me out of PCI In-Scope to the point that I don't have to undergo audits anymore.

(11-12-2019 02:11 PM)umbluegray Wrote:  

(11-12-2019 01:37 PM)stinkfist Wrote:  

(11-12-2019 01:10 PM)umbluegray Wrote:  

(11-12-2019 11:11 AM)bobdizole Wrote:  

(11-12-2019 10:21 AM)umbluegray Wrote:  I work in IT. One of the apps I work with transports credit card data. Because of that, the application is considered PCI In-Scope where PCI means Payment Card Industry.

We are required to undergo annual audits to ensure credit card data is protected during transit and not accessible via logs, database query, etc. PCI In-Scope systems must be secured as to who can access those servers.

SOX and HIPPA requires audits as well. Since I don't work on any apps that are HIPPA In-Scope I can't speak to the controls being audited, but I can assume they are similar in content.

Hooray for PCI compliance! I work in restaurant point of sale systems, so most of my time is spent dealing with some sort of PCI issue

We're looking at tokenization apps that will minimize our PCI scope. Frankly, I don't want anybody's credit card data.

which allows tracking data to continue....

But it takes me out of PCI In-Scope to the point that I don't have to undergo audits anymore.

touche....

now you fully understand why I don't miss corpshite 'murica....

in my version, developing engineering standards in a custom mfg. environment was something that was both challenging and endless to the uppermost percentile across all lines of management...