Google’s Project Nightingale is an effort to collect medical information on 50 million Americans, and it has lead many — including the federal government — to question what exactly Google plans to do with the data.
Project Nightingale is partnering with the Catholic non-profit Ascension to integrate it’s health data into a unified cloud. Ascension, the second-largest health system in the country, currently houses its data in 40 data centers located across the country in more than a dozen states, according to the Wall Street Journal. The Office for Civil Rights in the Department of Health and Human Services opened an inquiry into the partnership in early November to verify that it is in compliance with HIPAA regulations.
“We are happy to cooperate with any questions about the project,” Google told WSJ. “We believe Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage.”
HIPAA regulations, short for the Health Insurance Portability and Accountability Act of 1996, govern how hospitals and other healthcare companies can share patient data. Companies can share information without the permission of patients so long as it is “only to help the covered entity carry out its health-care functions — not for the business associate’s independent use or purposes,” according to WSJ. (RELATED: Google’s Not-So-Secret Health Project Under Federal Inquiry)
Google released a blog post explaining its partnership with Ascension on Tuesday.
What is the work we’re doing with Ascension? Back in July, on our Q2 earnings call, we announced “Google Cloud’s AI and ML solutions are helping healthcare organizations like Ascension improve the healthcare experience and outcomes.” Our work with Ascension is exactly that—a business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers. These organizations, like Ascension, use Google to securely manage their patient data, under strict privacy and security standards. They are the stewards of the data, and we provide services on their behalf.
Both Google and Ascension argue their partnership complies with the law. Google has specifically stated that it “cannot and will not” combine Ascension’s medical data with its normal consumer data, but one “whistleblower” at Google disagrees, arguing there is still a substantial risk for affected Americans. (RELATED: Google Says It ‘Mistakenly Disapproved’ Conservative Think Tank’s Climate Change Video)
“With a deal as sensitive as the transfer of the personal data of more than 50 million Americans to Google the oversight should be extensive,” the person wrote in The Guardian. “Every aspect needed to be pored over to ensure that it complied with federal rules controlling the confidential handling of protected health information under the 1996 HIPAA legislation. Working with a team of 150 Google employees and 100 or so Ascension staff was eye-opening. But I kept being struck by how little context and information we were operating within.”
“Full HIPAA compliance must be enforced, and boundaries must be put in place to prevent third parties gaining access to the data without public consent,” the person continued. “In short, patients and the public have a right to know what’s happening to their personal health information at every step along the way.”
The HHS announced its probe into the deal after the whistleblower came forward, and a bipartisan group of Congresspeople expressed skepticism. (RELATED: The Latest Google Blacklist May Include The Daily Caller)
“Allowing already-dominant technology platforms to leverage their hold over consumer data to gain entrenched positions in the health sector is a worrying prospect,” Democratic Virginia Sen. Mark Warner wrote in a statement.
Warner also called for the partnership to be blocked while HHS conducted its investigation. Members of Congress joining him included Democratic Minnesota Sen. Amy Klobuchar, Republican Louisiana Sen. Bill Cassidy, Republican Alaska Sen. Lisa Murkowski, and Democratic Connecticut Sen. and Richard Blumenthal.
“It’s understandable that people want to ask questions about our work with Ascension,” Google wrote. “We’re proud of the important work we’re doing as a cloud technology partner for healthcare companies. Modernizing the healthcare industry is a critically important task, with the ultimate result not just digital transformation, but also improving patient outcomes and saving lives.”
This is not the first time Google’s data practices have come into question. In September, Google’s YouTube paid out $170 million to the Federal Trade Commission after an investigation found that the tech giant had violated the Children’s Online Privacy Protection Act by suggesting videos of scantily-clad children to users viewing videos of other prepubescent kids.