According to an investigation by the Wall Street Journal, Google has been collecting personal data of millions of patients in a partnership with Ascension – one of the country’s largest healthcare companies.
Who is Ascension?
Ascension Health is a faith-based, non-profit healthcare organization with over 2,600 clinics. This includes 150 hospitals, 50 senior living facilities and 50 million patients in 21 states. Ascension’s website says they provide services such as clinical and network services, venture capital investing, investment management, biomedical engineering, facilities management, risk management, and contracting through Ascension’s own group purchasing organization.
The secret transfer called ‘Project Nightingale’ between Ascension and Google is raising questions as it was done without patient knowledge or expressed consent. Data collected includes whole health history such as lab and test results, hospitalization records, medications, diagnoses and treatment records. Ascension said that the project is covered by what’s known as a ‘business associate agreement’ clause in HIPAA.
What does Google want to do with this data?
Healthcare companies are increasingly moving their patient records off of their premises and into the cloud. Google saw a business opportunity and partnered with Ascension for free. Google claims it wants to improve patient care and believes artificial intelligence tools will help the healthcare industry get there. With Google’s computing power on medical data, applications will be faster, data will be more accessible to doctors in real-time and illnesses could (potentially) be predicted leading to new treatments or cures.
Google is not the only tech giant interested in entering the healthcare industry. Amazon, Apple, and Microsoft are all aggressively trying to get into the healthcare business. While Google insists their goal is to provide better care to patients, there are some concerns about what else Google might want to do with the data.
According to a Google employee whistleblower working on the Nightingale project, data held by Ascension of more than 50 million Americans were transferred to Google with full personal details. The identifiable information included patient names, medical history and were accessible by 150 Google employees. Patients and Doctors were not informed about the transfer of their data to Google and therefore, could not opt-in or out.
The whistleblower raised security and privacy concerns about placing vast amounts of medical data in the digital cloud. What happens if this information is hacked or leaked? What happens if there is a glitch? Could it have implications for the patient? What are Google’s intentions with this data in the future? Where do we draw the line with sharing personal data with a big tech company? The whistleblower also warns that Google may sell this data to third parties without public consent. In this scenario, patients could be targeted with ads based on their medical history. The Tech Giant promises it will not use patient data for its own advertising or research. However, Google does not exactly have the best track record:
- Google and its YouTube subsidiary pay $170 million in fines for illegally collecting personal data on children to sell ads.
- Google being sued for leaving sensitive and identifiable information in health data for a research project with the University of Chicago.
The Department of Health and Human Services (HHS) has opened a federal inquiry to ensure HIPAA protections were fully implemented during the transfer of data. Some lawmakers are expressing concern over the Nightingale project and are calling for more oversight. So far Google is cooperating with federal investigators.
Empower Brokerage wants to help you understand what coverage your clients need and how to save them money. We offer webinar training, one-on-one calls, seminars, and marketing plans, all geared toward your success. Give us a call if you have any questions 1-888-539-1633.