What you need to know
- Google has reportedly been siphoning data from Ascension since the last year.
- The data shared includes lab results, diagnoses, hospitalization records, and personal information.
- Patients were not informed of the data-sharing agreement, though Google claims the initiative is fully compliant with federal law.
If Google's recent decision to acquire Fitbit has you in knots, your anxiety about the safety of your data may be justified. As The Wall Street Journal reports, the search giant has secretly been accumulating the health data of millions of Americans from 21 different states, in partnership with Ascension, all without patients' knowledge.
Ascension is the second-largest healthcare system in the U.S. and operates more than 2,600 care sites across 20 U.S. states and the District of Columbia, presumably the 21 locales the WSJ report refers to. The extent of the information sharing between the two was extensive, with the story noting:
"The data involved in Project Nightingale encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth."
Google claims its program, nicknamed 'Project Nightingale,' is entirely legal under federal law and wholly compliant with the Health Insurance Portability and Accountability Act (or HIPAA), the marquee legislation dealing with health care data. While the law does allow healthcare providers like Ascension to share data with other organizations without informing patients, the scope of this information sharing is ideally restricted "only to help the covered entity carry out its health care functions."
At least 150 Google employees are said to have sweeping access to millions of users' data, with these individuals employed across the spectrum of Alphabet companies and projects. The company aims to use its burgeoning cloud wing to apply AI processing on the collected data in order to identify possible changes to the care plans for individual patients. It also aims to serve as an aggregation service for healthcare data, which has historically been mostly decentralized.
The report paints Ascension's motives as partly altruistic and partly material, suggesting that while the program does enable it to provide better care to its patients, part of the reasoning behind its willingness to share patient data with Google may have been a desire to maximize profits per patient.
Ascension noted the following as part of a statement released after the publication of the story:
"All work related to Ascension's engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension's strict requirements for data handling."