Google is working with one of the largest healthcare systems in the U.S. to collect patient data on millions of Americans in 21 states and across 2,600 hospitals or clinics in order to analyze it and come up with advice for better patient care and cost cutting measures.
The project was reportedly revealed by a whistleblower who said the program, dubbed “Project Nightingale,” involved Ascension – the largest Catholic health system in the world – and up to 50 million private medical records from healthcare providers.
Google is planning to use its cloud data analytics to cull information from Ascension’s patient data during a Q2 earnings call in July, though “Project Nightingale” was never mentioned during that call. “We announced ‘Google Cloud’s AI and ML solutions are helping healthcare organizations like Ascension improve the healthcare experience and outcomes,'” Google Cloud President Tariq Shaukat said in a blog post.
“Our work with Ascension is exactly that – a business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers, Shaukat wrote. The list of care providers and healthcare records tech companies includes the Cleveland Clinic, the American Cancer Society, McKesson and Athena.
Shaukat said Google has a Business Associate Agreement (BAA) with Ascension, which governs access to Protected Health Information (PHI) for the purpose of helping providers support patient care.
“This is standard practice in healthcare, as patient data is frequently managed in electronic systems that nurses and doctors widely use to deliver patient care,” Shaukat said.
No matter how well intentioned the project’s overseers say it is, the collection of private medical data has raised the ire of patients and lawmakers who have called for a federal inquiry into the practice.
The Office for Civil Rights in the Department of Health and Human Services “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented,” the office’s director, Roger Severino, said in a statement.
Third parties compiling patient data is not only common among healthcare providers and analytics tech firms, it’s perfectly legal – as long as patients have given consent by signing a common HIPAA form. And, wittingly or not, most have done so, according to Cynthia Burghard, a research director at IDC.
“Databases of this size are not uncommon,” Burghard said. “On face value, I don’t see an issue. They [Google] signed the HIPAA compliant document for business associate arrangements. So, they complied with the law there. When you go to a healthcare provider’s office as a patient, you sign a HIPAA release form, which allows the institutions to use your data for medical research or improved care management; so there is patient consent there.
“That said, long term can you trust Google or any high-tech company … who’s used to monetizing assets to not do something bad?” Burghard said.
Many healthcare providers are storing patient data for analytics purposes in a cloud somewhere, whether it’s Amazon Web Services, Microsoft’s Azure or Google Cloud.
In September, controversy around patient privacy erupted when Google acquired the health division of London-based AI firm DeepMind, which built a healthcare app used to give clinicians at National Health Service [NHS] hospitals easy access to medical records. DeepMind’s Streams app was already controversial after a UK privacy watchdog found the NHS had illegally handed 1.6 million patient records to DeepMind as part of a trial.
Amazon, Apple, Microsoft and other tech giants are also entering the healthcare arena, either with applications that enable access to patient electronic healthcare records, or with their own in-house healthcare programs.
Earlier this year, pharmacy giant CVS and its healthcare insurance subsidiary, Aetna, released an app that lets members opt-in to sharing their EMRS with Apple’s health service; in turn, Apple will offer Apple Watch wearers personalized fitness and health goals.
This story, was partially taken from Computerworld.