Privacy concerns raised over Google’s access to health records of millions of Americans
November 12, 2019 (LifeSiteNews) – Fears over privacy rights and Big Tech intensified yet again Monday with a new report detailing internet giant Google’s accessing the personal health data of millions of people across the United States without their knowledge.
The Wall Street Journal reported Monday that Google is working with the prominent hospital network Ascension on “Project Nightingale,” an initiative to migrate the network’s patient records to Google Cloud and compile them into a comprehensive patient-search tool for doctors and other healthcare workers. The “complete health history” covers test results, medications, known issues, diagnoses, hospitalizations, and more.
The project is also connected to another tool, via which Google hopes to be able to use artificial intelligence and machine learning to make treatment recommendations to doctors.
One hundred fifty Google employees have been able to access “much of the data on tens of millions of patients” across 21 states, according to the report, without patients or doctors aware of it.
Following the report, Google published an explanation of the project, framing it as a normal data-management contract bound by “strict privacy and security standards,” including a Business Associate Agreement (BAA) that forbid any broader use of the data.
The patient data was “logically siloed to Ascension, housed within a virtual private space and encrypted with dedicated keys,” inaccessible without the proper access logs, the company added. “Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads.”
Google’s access to the information is not forbidden by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), which does not require patient notification if information is used “only to help the covered entity carry out its health-care functions,” but concerns linger, including from Ascension employees themselves who felt Google’s import/export tools weren’t HIPAA-compliant, and found Google’s reassurances on this point lacking.
The details are concerning enough that the U.S. Department of Health and Human Services' Office for Civil Rights subsequently launched its own inquiry into the matter, seeking to “learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented.”
Google’s access to private citizens’ personal information is a source of ongoing controversy, particularly in light of ongoing concerns over its political bias and interest in using its vast influence to align users with its personal values.