Legality of Using Google Docs with Regulated Data
After reading Google Docs terms of service as to what they do with your documents (Scan, read) and what they say they CAN do with your uploads, I'm still waiting for the HIPAA police to come on very stronly with users who put their patients information on Google. The same applies to law enforcement who put CJIS criminal data there or, what concerns me the most, is companies who put their customer's credit card information on the site. Especially knowing that Google has datacenters world-wide and that Google says that they are not resoinsible for your HIPAA certification and that no public cloud service is CJIS certified (of course, there is box.net and datamaxx and others...).
It is one thing to put your own data up on these sites. It's an entirely other matter to take your customers' personal and private data and put that in the cloud where sites like Google and Dropbox tell you, up front, what happens to your uploads in their terms of service. So far, I have not heard anything about the HIPAA police arresting any doctor's for doing this.
