It's not a random hospital - it's your hospital. There are many governmental bodies that are there only to watch Hipaa violations, and if your data is used wrongly you can sue for damages.
For things like this[0], the medical companies and google operating on the this data are being held to the same standard of protecting medical data as any other healthcare software. It would be the same is Google really made a "my health" app; although the article is talking about Google et al. getting medical data for research purposes, not a personal health app that would be gated behind Google's DC doors and multi-level access controls.
I'm no expert on these systems, but the data that's in the cloud isn't encrypted? I would've assumed that Google can not have access to the data but are giving access to server space to host it, making HIPAA violations from employees practicaly impossible? (Unless they try to get keys to unencrypt the data, but then again that's outside the scope of this discussion)
Google is a private company with no oversight.