When word got out late Monday that Google and nonprofit health care provider Ascension have been working on a program that was compiling the health information of millions of patients without their knowledge, it was just a matter of time before the federal government would step in. Time was up Tuesday night.
The Wall Street Journal reported that the Department of Health and Human Services' Office for Civil Rights was looking into the program known as "Project Nightingale." The Journal, quoting a statement from office director Roger Severino, reported the Office of Civil Rights “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented.”
HIPAA is the acronym for the Health Insurance Portability and Accountability Act, which was passed by Congress in 1996. Among the rights HIPAA protects is the confidential handling of health information. The U.S. Department of Health and Human Services offers HIPAA information on its website, including a breakdown of the "Security Rule," which may be the reason why Google and Ascension are claiming HIPPA compliance. The HHS website states: "A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Given that the health care marketplace is diverse, the Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies."
Google, according to the Journal, is utilizing the information to marry new software with artificial intelligence to suggest changes in a patient's care.
Legislators have tried to react to Silicon Valley and the tech industry's increasing development of health care-related tech products and projects. Sens. Amy Klobuchar, (D-Minn.) and Lisa Murkowski (R-Alaska) introduced legislation in June on closing privacy gaps in HIPAA, which does not currently cover health apps, direct-to-consumer genetic tests and other consumer-focused health technology. It is called the Protecting Personal Health Data Act and is designed to create regulation and standards for data usage not currently covered by HIPAA.