Google Collecting Millions Of Americans’ ePHI

The Wall Street Journal is reporting that Google is launching “Project Nightingale”, a new initiative to collect and analyze the health data of millions of Americans. Their recently signed deal with the second-largest US healthcare system, Ascension, will provide them with access to data collected from 150 hospitals across the country.

Despite this considerable development in the handling of their personal data, as of the time that the wall Street Journal article was published, the 50 million affected patients had not yet been informed.

What Is Project Nightingale?

The aim of this project initiative is to feed as much medical data into Google’s artificial intelligence (AI) systems as possible. In theory, by uploading massive data sets (like those managed by Ascension) to Google’s cloud computing systems, their AI can then scan and analyze the data, using it to identify trends in healthcare.

The larger the data set, the more the AI has to work with, developing more accurate models and providing more useful insight into patterns in healthcare, such as rates of diagnoses of specific illnesses, the effectivity of specific treatments, and other important information.

Who Is Ascension?

Ascension is a faith-based healthcare organization that, according to their website, is “dedicated to transformation through innovation across the continuum of care”. Their network of healthcare services includes over 150 hospitals in 21 states, comprised of 150,000 associates and 40,000 aligned providers.

Ascension’s many services include clinical and networking services, venture capital investing, investment management, biomedical engineering, facilities management, and risk management. In a nutshell, Ascension is intimately integrated into the US healthcare system, which gives them access to approximately 50 million patients’ records – all of which they’ve given Google access to as well.

What Other Healthcare Initiatives Is Google Working On?

This isn’t Google’s only healthcare play. Last year they took on DeepMind’s healthcare unit in order to begin developing an AI assistant for medical professionals. This move drew criticism similar to the current deal with Ascension, due to DeepMind’s controversial dealings with the UK’s National Health Service (NHS). A 2017 deal made between the two parties came under fire for failing to inform affected individuals about the use of their personal medical data.

What Should Patients & Healthcare Professionals Be Concerned About?

As mentioned above, when this deal was signed and executed, patients whose data was included in the transfer were not notified. Even worse is that their records were not deidentified – that is, their name and other direct personal info was not expunged from the medical data that Google was after.

For these reasons, less than two days after the deal was disclosed, federal regulators announced they were investigating the partnership. Both parties are confident that their actions are fully HIPAA compliant.

Under the terms of the deal, the data accessed cannot be used for any other purpose, and of course, is subject to HIPAA compliance. However, that doesn’t mean that patients and healthcare professionals across the country aren’t worried about the precedent this action sets for other tech giants hoping to make a play in the lucrative healthcare sector.

Many of Google’s competitors – Amazon, Uber, and Apple, to name a few – are all trying to enter the healthcare field as well. AI and other modern technologies have the potential to be very profitable under the right application in the medical field. It’s just a matter of the right company gaining as much access to patient data as possible. Google’s deal with Ascension gives them a big leg up on the competition.

Like this article? Check out the following blogs to learn more:

The Need for Cybersecurity Expertise at the Board Level for Banking

The new Health Industry Cybersecurity Practices (HICP)

NIST’s Small Business Cybersecurity Corner

CISA Cyber Essentials Toolkits: Yourself, The Leader – Part One

Business Leadership Is First On CISA Cyber Essentials Toolkits Following their Cyber Essentials resource, CISA has rolled out an additional…

Learn more

Why Are You Not Defending Your Business From Ransomware?

Ransomware Is A Threat To Your Business - Why Aren’t You Defending Against It? Is your head in the sand…

Learn more

New Louisiana Legislation Launches MSP Registration

Louisiana Legislation Signs Louisiana Act 117 - Senate Bill 273, Requiring MSP Registration Louisiana Act 117 – Senate Bill 273…

Learn more