Google has access to detailed health records on tens of millions of Americans

[Karlston]

Google has access to detailed health records on tens of millions of Americans

"Project Nightingale" is an attempt to squeeze more money from patients.

Enlarge / Mountain View, Calif. - May 21, 2018: Exterior view of a Googleplex building, the corporate headquarters complex of Google and its parent company Alphabet Inc.

Getty Images / zphotos

Google quietly partnered last year with Ascension—the country's second-largest health system—and has since gained access to detailed medical records on tens of millions of Americans, according to a November 11 report by The Wall Street Journal.

 

The endeavor, code-named "Project Nightingale," has enabled at least 150 Google employees to see patient health information, which includes diagnoses, laboratory test results, hospitalization records, and other data, according to internal documents and the newspaper's sources. In all, the data amounts to complete medical records, WSJ notes, and contains patient names and birth dates.

 

The move is the latest by Google to get a grip on the sprawling health industry. At the start of the month, Google announced a deal to buy Fitbit, prompting concerns over what it will do with all the sensitive health data amassed from the popular wearables. Today's news will likely spur more concern over health privacy issues.

 

Neither Google or Ascension has notified patients or doctors about the data sharing. Ascension—a Catholic, non-profit health system—includes 34,000 providers who see patients at more than 2,600 hospitals, doctor offices, and other facilities across 21 states and the District of Columbia.

 

The massive data-sharing project with Google has multiple objectives. For Google's part, the company is developing new software that employs artificial intelligence and machine learning to make care suggestions for individual patients. Google's ultimate goal is to develop a searchable, cloud-based tool to host and examine massive amounts of patient data—which it could then market to other health systems.

 

Ascension aims, in part, to improve patient care with the project. Internal documents seen by WSJ indicate that Ascension also hopes that the Google-mining will help identify additional ways to generate revenue from patients, such as ordering more medical tests.

Transforming care

In a statement, Ascension's Executive Vice President of Strategy and Innovations, Eduardo Conrado, said:

As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers. Doing that will require the programmatic integration of new care models delivered through the digital platforms, applications, and services that are part of the everyday experience of those we serve.

Tariq Shaukat, president of Google Cloud, added in the statement that, by working in partnerships, Google hopes "to transform the delivery of healthcare through the power of the cloud, data analytics, machine learning, and modern productivity tools—ultimately improving outcomes, reducing costs, and saving lives."

 

Both Google and Ascension said that the project is compliant with federal health information privacy protections and is "underpinned by a robust data security and protection effort."

 

Health privacy experts told WSJ that the project appears to be legal under the federal Health Insurance Portability and Accountability Act of 1996 (HIPPA). As the newspaper notes, the law "generally allows hospitals to share data with business partners without telling patients, as long as the information is used 'only to help the covered entity carry out its health care functions.'"

 

 

Source: Google has access to detailed health records on tens of millions of Americans (Ars Technica)  

[Sylence]

This is scary..

[flash48]

52 minutes ago, Sylence said:

This is scary..

 

Yes indeed.  Last year, around May 2018,  Google quietly removed the 'Don't Be Evil' clause from Its Code of Conduct.

[Karlston]

Google: You can trust us with the medical data you didn’t know we already had

Google has 50M people's medical records but won't merge them with other Google data.

Enlarge

Getty Images | Leon Neal

Google now has access to detailed medical records on tens of millions of Americans, but the company promises it won't mix that medical data with any of the other data Google collects on consumers who use its services.

 

Google provided this statement yesterday shortly after The Wall Street Journal reported that Google is partnering with Ascension, the country's second-largest health care system, "on a project to collect and crunch the detailed personal-health information of millions of people across 21 states."

 

"To be clear: under this arrangement, Ascension's data cannot be used for any other purpose than for providing these services we're offering under the agreement, and patient data cannot and will not be combined with any Google consumer data," Google said in a blog post. That would mean Google won't use the medical data to target advertisements at users of Google services.

 

Google also said that its work with Ascension "adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage."

 

"We have a Business Associate Agreement (BAA) with Ascension, which governs access to Protected Health Information (PHI) for the purpose of helping providers support patient care," Google said. "This is standard practice in health care, as patient data is frequently managed in electronic systems that nurses and doctors widely use to deliver patient care."

What can Google see? Pretty much everything

Patient data shared with Google includes names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, "and some billing claims and other clinical records," according to a followup article in the Journal. The partnership "covers the personal health records of around 50 million patients of Ascension," the Journal wrote.

 

The Journal said that "Neither doctors nor patients have been formally notified of the arrangement" and that Google and Ascension began the project "in secret last year."

 

Google seems to be correct that the partnership doesn't violate HIPAA (the Health Insurance Portability and Accountability Act). As the Journal noted, that law "generally allows hospitals to share data with business partners without telling patients, as long as the information is used 'only to help the covered entity carry out its health care functions.'" An expert quoted by the Journal noted that Google would be at risk of violating the law "if it uses the health data to perform independent research outside the direct scope of patient care."

 

Ascension is not paying Google for these services, the Journal wrote, but Google's work with Ascension could lead to profitable ventures. Google is using Ascension's patient data "in part to design new software, underpinned by advanced artificial intelligence and machine learning, that zeroes in on individual patients to suggest changes to their care," the Journal wrote. Google could sell this software to other health care institutions. As part of the project, "Staffers across Alphabet Inc., Google's parent, have access to the patient information, internal documents show," the Journal wrote.

 

The news about Google's work with Ascension comes as Google is trying to buy Fitbit for $2.1 billion, in a deal that is pending regulatory approval. Fitbit devices are used for health tracking, among other things, and Google wants to use Fitbit to bolster its existing Wear OS platform.

 

But Google's privacy promise should mean that it won't combine any patient data from Ascension with the data it gathers from Fitbit, Wear OS, Google search, Gmail, Google Docs, Chrome, or any of the other consumer services it provides.

 

Update: The Google/Ascension project is now being investigated by the Office for Civil Rights in the Department of Health and Human Services, the Wall Street Journal reported in another story published at 7:02pm ET. The office said it "will seek to learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented."

Google’s services for Ascension

Google said it is providing its standard G Suite productivity tools to Ascension and that it's doing custom work for the company. This includes moving Ascension's "on-premise data warehouse and analytics environments to their own private and secure Google Cloud environment." The arrangement also includes "provid[ing] tools that Ascension could use to support improvements in clinical quality and patient safety," Google said.

 

Google said its work with Ascension is similar to what it was already doing with "dozens of other health care providers."

 

"These organizations, like Ascension, use Google to securely manage their patient data, under strict privacy and security standards. They are the stewards of the data, and we provide services on their behalf," Google said.

 

Ascension also released a statement on its work with Google yesterday. Ascension said it aims to improve the tools used by both patients and caregivers as well as "explor[e] artificial intelligence/machine learning applications that will have the potential to support improvements in clinical quality and effectiveness."

 

Source: Google: You can trust us with the medical data you didn’t know we already had

[Karlston]

The problem with Google’s health care ambitions is that no one knows where they end

Building search tools is just the start

 

Yesterday, The Wall Street Journal accused Google of stealthily collecting sensitive patient data from millions of Americans without their consent. The New York Times soon followed with its own report, offering more detail on “Project Nightingale” and noting how it was likely to rile up privacy advocates. Forbes then published its own story, followed by another article from Business Insider, each drip-feeding more details about this initiative.

 

When, you might ask, will it all end?

 

The problem is not the reporting; it’s that Google’s own ambitions in health care have no clear limits, which is something that Project Nightingale illustrates.

 

At its core, this is a data deal. Google is centralizing patient information for Ascension, a nonprofit health care provider with thousands of facilities in 23 states. With the help of its cloud tools and G Suite, Google is collating Ascension patient data, including medication history, lab tests, and biographical information. This should improve treatment. In return, Google learns how to build its own medical tools, which it hopes to sell far and wide. As a creepy little extra spin, neither Google nor Ascension informed patients that their information was being used in this way — but this is completely legal, as Wired explains.

 

Where things get murky is asking: what will Google do next? What does it do with this data, and what are its long-term ambitions with Ascension? According to the stories and press releases from yesterday, Google is doing the following:

• “Testing a service that would use its search and artificial intelligence technology to analyze patient records” (Forbes)
• Creating “an omnibus search tool to aggregate disparate patient data and host it all in one place” (The Wall Street Journal)
• “Testing software that allows medical providers to search a patient’s electronic health record by specific data categories and create graphs of the information, like blood test results over time” (The New York Times)
• “[Providing] tools that Ascension could use to support improvements in clinical quality and patient safety” (Google’s own blog)
• “Exploring artificial intelligence/machine learning applications that will have the potential to support improvements in clinical quality and effectiveness” (Ascension’s statement)

You could summarize most of this by saying Google is building a search engine for health care providers, aka following its long-held corporate mission “to organize the world’s information and make it universally accessible and useful.” But it seems the Ascension deal also includes some far-reaching research, particularly using AI and machine learning. This is where we get to the second part of Google’s mission statement — making information useful — and it’s here that the company’s ambitions seem limitless.

 

 

So far in health care, Google has designed tools to assess heart disease risk from eye scans, detect breast cancer in biopsies, and predict a patient’s overall risk of premature death. It’s built “augmented reality” microscopes, assistant apps for nurses and doctors, and partnered with dozens of health care providers. It’s even throwing money at anti-aging research. In short, it’s doing a bit of everything, which is why when the company says it’s covertly collected data from millions of patients, it’s not surprising that people are suspicious.

 

It doesn’t help that the company’s past health care initiatives have had a problem with boundaries. An early deal between the UK’s National Health Service and Google’s London AI subsidiary, DeepMind, broke local data-sharing laws, and Google is currently being sued for work with the University of Chicago Medical Center allegedly involving inappropriate access to medical records. Some reports about the Ascension deal say that this, too, could be breaching federal law, though the facts on this are not at all clear.

 

Speaking to The Guardian, a purported whistleblower involved in Project Nightingale said: “Most Americans would feel uncomfortable if they knew their data was being haphazardly transferred to Google without proper safeguards and security in place. This is a totally new way of doing things. Do you want your most personal information transferred to Google? I think a lot of people would say no.”

 

Ultimately, health care is just too big for Google to ignore. The market is worth $3.5 trillion in the US alone, which is why tech companies like Microsoft, Amazon, and Apple are all piling in, hoping to become leaders in a new era of digital health care. As a company that specializes in search, Google seems particularly well-positioned to profit from this gold rush, which is going to rely primarily on organizing and analyzing information.

 

Google has already shown that, with a simple search box, it can move the world. That’s what it’s currently building for Ascension, but who knows what it will do next?

 

 

Source: The problem with Google’s health care ambitions is that no one knows where they end (The Verge)