Google’s “Project Nightingale” is accessing patient medical records across twenty one states. Yes, you read that correctly.
“Google is engaged with one of the country’s largest health-care systems to collect and crunch the detailed personal health information of millions of Americans across 21 states.
The initiative, code-named “Project Nightingale,” appears to be the biggest in a series of efforts by Silicon Valley giants to gain access to personal health data and establish a toehold in the massive health-care industry. Amazon.com Inc., AMZN -0.80% Apple Inc. AAPL 0.79% and Microsoft Corp. are also aggressively pushing into health care, though they haven’t yet struck deals of this scope.
Google began Project Nightingale in secret last year with St. Louis-based Ascension, the second-largest health system in the U.S., with the data sharing accelerating since summer, according to internal documents.
The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth.”
Let’s talk about this for a minute. Ascension Health, a non-profit Catholic healthcare system is working with Google to help build a new kind of AI data sharing system. This is a healthcare system that prides itself on its “dedication to personalized care for all – especially those in need.”
That’s all well and good. Except that Ascension and Google forgot something.
THEY DIDN’T GET PERMISSION FROM THE PATIENTS!!
That’s right. Not a single patient nor doctor throughout the system was notified that their medical records would be accessed by Google!!
But that’s supposedly ok. Why?
“According to the Health Insurance Portability and Accountability Act of 1996, hospitals may share patient data with business partners without notifying patients as long as that information is “used only to help the covered entity carry out its health-care functions.””
And it’s even more ok because …
Something you might not expect about Google's secret "Project Nightingale," hoovering up patient health data across 21 states.
Google is doing the work for free. https://t.co/J6jxsCJ8Eq pic.twitter.com/jTLpTrXdB1
— Rob Copeland (@realrobcopeland) November 11, 2019
Oh nice. Google is working for free on this. And Ascension is here to tell us all that it’s ok that patient data was ported into Google’s system because transforming healthcare is WAY more important than patient privacy.
We are supposed to believe that no one will do anything bad to the data they are playing with because super duper robust security protocols are in place. My eyes are rolling so hard at this.
First of all, I don’t care that the HIPPA act lets hospitals share the data with their business partners, you should STILL get permission from the patients.
Secondly, given the sheer number of major data hacks that have affected banks, retailers, and companies such as Equifax, don’t tell me that the data is secure.
Besides, Google and data security? They’ve had their own problems, a BIG one, in the past. So big that 52.5 million users birth dates and contact information was exposed. Tell me again about those robust security protocols?
Third, twenty one hospitals handed patient medical records over to 150 Google techs to use to build a new system. Data that includes EVERYTHING. Birth dates, addresses, diagnoses …everything. Do not tell me that one or more of those techs won’t get curious. Do not tell me that, if one of those patients happens to be someone famous, that information won’t show up on the internet somewhere.
People who work in the medical field are absolutely NOT allowed to access patient data without the express permission of the patient. If they are found to do so, they are fired. Yet Ascension happily hands over patient data to Google saying that it all “appears” to be within HIPPA ethics?
I’d say that this will give Lizzie more fuel for her ‘break big tech up’ fire.
Google and Ascension have a lot of questions to answer. Including figuring out who the right people are.
“Google co-founder Larry Page, in a 2014 interview, suggested that patients worried about the privacy of their medical records were too cautious. Mr. Page said: “We’re not really thinking about the tremendous good that can come from people sharing information with the right people in the right ways.””
Count me as one of the “right people” who are here to tell you that not getting permission from patients and keeping doctors in the dark on this was an incredibly BAD idea.
Feature Photo Credit: Pixabay, cropped and modified
MoodMD says: The uncomfortable fact is that every patient who is receiving treatment by a HIPAA covered entity, which includes any provider that submits information electronically, signed a form that gave permission for that entity to use the information for purposes of treatment, payment, and health care operations. As you point out, the concept of healthcare operations can be stretched pretty far and I doubt many patients have any idea how many people may ultimately have access to their information. We may not like that a patient did not give specific permission for that use but as long as Google has partnered with Ascension and is following the HiPAA guidelines it is legal. It would simply be impossible to obtain individual patient permission for release to each HIPAA partner. For example, if I use a transcriptionist to type my office notes. I would have to get a release from each patient to have that specific person do the work and if I changed to another transcriber I would have to do it all over again. I would have to do the same if a patient changed insurance companies. There are an amazing number of different entities that are involved in providing healthcare that must have access to various amounts of patient information.
Security of Protected Health Information (PHI) is a huge concern but the cat is already out of the bag. Every doctor, clinic, or hospital using an EHR has a database stored someplace. Any of them that are on-line are already vulnerable to being hacked. The data is just as vulnerable on Ascension’s servers as it is on Google’s. The bottom line on that is that PHI is out there in multiple locations and is only as secure as each company makes it. While I have concern about security, I do believe there potentially is great benefit in increased medical knowledge and improved patient care through intensive analysis of such large databases of clinical information.
If you want your health information to be as secure as possible, go to providers who don’t use an EHR. My family doctor does not use one and when I had a private practice I didn’t. It is getting harder to find such a provider because Medicare cuts payments to a provider if an EHR is not used.
“Count me as one of the “right people” who are here to tell you … this was an incredibly BAD idea.”
You misspelled a word… “incredibly SINISTER idea.”
Google works with China in developing the social credit system; China is a practice run for what some of the globalist political class hopes to impose on the world. If intimate personal details can be turned into accessible data, monitoring and control of individuals becomes relatively easy… especially in a “smart city” where everything — including energy use, food consumption, mobility — are connected to and dependent on the internet. Google is working on this.
The advance of technology without an accompanying advance of ethics is a dangerous thing. It’s advisable that people wake up to the importance of ethics, particularly respecting and protecting everyone’s rights.
2 Comments