Google and its parent company Alphabet are being targeting to release details regarding how the protected health information (PHI) of patients of Ascension will be shared, and the processes that will be used to see to it that PHI is secured and unauthorized access cannot take place.
The partnership formed between Google and Ascension was first revealed on November 11, 2019 after the Wall Street Journal published a news article on it. A whistleblower at Google had contacted the WSJ to advise them that there is a possibility that millions of healthcare records had been disclosed to Google without first receiving consent from patients. It was also claimed that Google employees could freely obtain PHI.
Google released a statement saying that the Project Nightingale collaboration involved moving Ascension’s infrastructure to the cloud and that it was assisting Ascension to use G Suite tools to enhance productivity and efficiency. Patient data was also being given to Google to help create AI and machine learning technologies to better patient safety and clinical quality. When the migration of data has been completed, Google will be able to view the health data of around 50 million patients.
Google has revealed that it is a business associate of Ascension and has signed a business associate agreement and fully adheres with HIPAA regulations, but many privacy advocates are worried about the partnership. Many members of Congress have also said they are worried and would like some reassurance in relation to the security measures that have been put in place to secure patient data and what will be done with patient data. The HHS’ Office for Civil Rights has also confirmed it is examining Google and Ascension to make sure HIPAA Rules have been respected.
In early December Rep. Pramila Jayapal (D-Washington), a member of the House Judiciary Subcommittee on Antitrust, Commercial, and Administrative Law, made contact with Google and Alphabet in relation to the partnership. She has requested some reassurances in relation to how protected health information has been obtained, the measures put in place to protect patient data, and how Google will be using the PHI.
She said: “As Google and parent company Alphabet have engaged in an ever-widening acquisition of the highly personal health-related information of millions of people, Americans now face the prospect of having their sensitive health information handled by corporations who may misuse it. I am especially concerned that your company has not provided sufficient assurances that this sensitive data will be kept safe, and that patients’ data is being acquired by your companies without their consent and without any opt-out provision.
“The fact that Google makes the vast majority of its revenue through behavioral online advertising—creating an incentive to commoditize all user information—renders the company’s expansion into health services all the more troubling.”
Rep. Jayapal has asked Google and Alphabet to respond to her queries by January 5, 2020.