Unbeknownst to millions of patients and thousands of doctors, Google for months has been collecting the personal health data for a top-secret project.
The Wall Street Journal reports that "Project Nightingale" has Google working with Ascension, the second-largest health system in the U.S., headquartered in St. Louis, to share data ranging from lab results to doctor diagnoses to hospitalization records.
After the Journal published its story online, Tariq Shaukat, president of Google Cloud, said of the project: “By working in partnership with leading healthcare systems like Ascension, we hope to transform the delivery of healthcare through the power of the cloud, data analytics, machine learning, and modern productivity tools—ultimately improving outcomes, reducing costs, and saving lives.”
“By working in partnership with leading healthcare systems like Ascension, we hope to transform the delivery of healthcare through the power of the cloud, data analytics, machine learning, and modern productivity tools—ultimately improving outcomes, reducing costs, and saving lives.”
Eduardo Conrado, executive vice president of strategy and innovations for Ascension, added: “As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers."
The announcement noted that "Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling."
HIPAA is the acronym for the Health Insurance Portability and Accountability Act, which was passed by Congress in 1996. Among the rights HIPAA protects is the confidential handling of health information. The U.S. Department of Health and Human Services offers HIPAA information on its website, including a breakdown of the "Security Rule," which may be the reason why Google and Ascension are claiming HIPPA compliance. The HHS website states: "A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Given that the health care marketplace is diverse, the Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies."
Google, according to the Journal, is utilizing the information to marry new software with artificial intelligence to suggest changes in a patient's care.
These developments are sure to raise the hackles of privacy advocates and health care professionals alike. Just 10 days ago when Google parent Alphabet announced it would purchase Fitbit, which tracks users' health and fitness data, critics were concerned. "All that data that Fitbit collected over the years that users may or may not have been aware was being collected about them now is going over to Google," said Consumer Reports health privacy expert Dena Mendelsohn.
Health care is seen as a golden -- and profitable -- opportunity for Silicon Valley's tech giants. Amazon has several projects underway, including the marketing of the online pharmacy PillPack, which it bought for $1 billion, and it filed for a patent for Alexa, its virtual assistant, which would detect when a user is sick and the device would recommend and sell medications. Microsoft has several health programs underway, including Microsoft Genomics, which provides accelerated genome sequencing and analysis and the "Microsoft Healthcare Bot Service," which works for health care organizations to deploy compliant AI-powered virtual health assistants and chatbots, including a built-in symptom checker.
Legislators have tried to react to fast-changing technology. Sens. Amy Klobuchar, (D-Minn.) and Lisa Murkowski (R-Alaska) introduced legislation in June on closing privacy gaps in HIPAA, which does not currently cover health apps, direct-to-consumer genetic tests and other consumer-focused health technology. It is called the Protecting Personal Health Data Act and is designed to create regulation and standards for data usage not currently covered by HIPAA.
The Associated Press contributed to this story.