Google's Project Nightingale Raises Health Data Privacy Concerns

Samara Rosenfeld
NOVEMBER 13, 2019
data
Photo/Thumb have been modified. Courtesy of greenbutterfly - stock.adobe.com.

An ongoing collaboration between Google and Ascension, dubbed Project Nightingale and formally announced this week, has allowed the tech giant to access tens of millions of patients’ health records, raising privacy concerns.

Although Project Nightingale began quietly last year when Google and the St. Louis-based, 2,600-hospital health system formed a relationship to share patient data, the organizations officially announced the partnership on Monday.

The project grants Google employees access to patients’ protected health information, including lab results, doctor diagnoses and hospitalization records — essentially a complete health history, including patient names and dates of birth.

Google will use the data to design new artificial intelligence and machine-learning software to zero in on individual patients to suggest changes to their care, while providing its cloud services and G Suite tools to Ascension, according to Tariq Shaukat, M.S., president of industry products and solutions at Google Cloud.

“By working in partnership with leading healthcare systems like Ascension, we hope to transform the delivery of healthcare through the power of the cloud, data analytics, machine learning and modern productivity tools — ultimately improving outcomes, reducing costs and saving lives,” said Shaukat.

As part of the collaboration, Ascension will transition to Google’s Cloud platform and Google’s G Suite productivity and collaboration tools. Leveraging Google Cloud, Ascension aims to focus on data integration, privacy and security, compliance and network and system connectivity. G Suite will be used to improve secure, real-time communication and collaboration.

“As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers,” said Eduardo Conrado, MBA, executive vice president of strategy and innovations at Ascension. “Doing that will require programmatic integration of new care models that are part of the everyday experience of those we serve.”
 

Ethical Concerns with Google Having Access to More Health Data

The Wall Street Journal reported that some Ascension employees have raised ethical and privacy concerns over the data sharing because physicians and patients were not made aware of the exchange. But, according to privacy and health IT experts, Project Nightingale is permissible under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 because the law allows hospitals to share data with business partners without telling patients if the data are used to help the covered entity carry out its healthcare functions.

Still, industry experts expressed concerns over Google having access to even more patient health data and what the company is going to do with the information.

“The real question is what happens with the data after they are shared with Google,” John Lynn, founder of HealthcareScene.com, said in a written statement to Inside Digital Health™. “If they are just used for the health system that shared the data with Google, then that is a very appropriate use of the data. The problem is that most people suspect, though there hasn’t been proof, that Google is going to use (the data) beyond just Ascension.”

Ascension said that the collaboration is HIPAA-compliant and underpinned by data security and protection.

“How can Ascension ensure that people employed by a third party that is built on personal data will adhere to Ascension’s data policies?” Colin Bastable, CEO of Lucy Security, said in a written statement to Inside Digital Health™.

The estimated 50 million records can be viewed by employees of Alphabet, Google’s parent company, including some employees of Google Brain, a research science division.
 
“At the end of the day, most patients have said that they’re fine with hospitals and health systems sharing their data when (the information) is going to benefit them or even benefit society as a whole,” Lynn said. “What patients don’t like is when their data are shared in secret. Then there’s fear that (the data) are being used for nefarious things such as insurance companies discriminating against us based on our health history.”

The collaboration has led to an investigation by the Office for Civil Rights to "seek to learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented," said the agency's director, Roger Severino, J.D., according to a report from The Wall Street Journal.

Get the best insights inside digital health. Register for our newsletter.

Related
Mayo Clinic and Google Cloud Partner for Digital Health 'Revolution'
Google Cloud and NTT Data Services to Develop Digital Cloud and AI Tools
Can Google's Cloud API Solve Healthcare's Disparate Data Problem?

SHARE THIS SHARE THIS
25
Become a contributor