Google was allegedly collecting millions of Americans' healthcare data [Updated]

Google logo
Google logo (Image credit: Android Central)

What you need to know

  • Google has reportedly been siphoning data from Ascension since the last year.
  • The data shared includes lab results, diagnoses, hospitalization records, and personal information.
  • Patients were not informed of the data-sharing agreement, though Google claims the initiative is fully compliant with federal law.

Updated November 13:

Google has denied (via Bloomberg) it is using the data provided by Ascension to carry out artificial intelligence research, or performing additional processing on the data beyond basic storage and search functionality. The company's top cloud and health execs stated that the partnership with Ascension pertains only to building an internal search engine to aggregate the healthcare provider's disparate records. "That's all we're allowed to do and that's all we are doing," said David Feinberg, VP of Health at Google.

Google Cloud CEO Thomas Kurian also chimed in to clarify that the company's employees do not have access to raw patient records:

All data is logically siloed to Ascension and housed within a virtual private space encrypted with dedicated keys. Google does not sell, share or otherwise combine data from Ascension with any other data.

He also noted that while the company's collaboration with Ascension does not pertain to artificial intelligence research in the first place, when the company does create machine learning models with user data, it makes it a point to anonymize the records that are fed in:

We never actually have Google employees understand individual patients' data when it goes into the model. We have other technologies that de-identify it.

If Google's recent decision to acquire Fitbit has you in knots, your anxiety about the safety of your data may be justified. As The Wall Street Journal reports, the search giant has secretly been accumulating the health data of millions of Americans from 21 different states, in partnership with Ascension, all without patients' knowledge.

Ascension is the second-largest healthcare system in the U.S. and operates more than 2,600 care sites across 20 U.S. states and the District of Columbia, presumably the 21 locales the WSJ report refers to. The extent of the information sharing between the two was extensive, with the story noting:

"The data involved in Project Nightingale encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth."

Google claims its program, nicknamed 'Project Nightingale,' is entirely legal under federal law and wholly compliant with the Health Insurance Portability and Accountability Act (or HIPAA), the marquee legislation dealing with health care data. While the law does allow healthcare providers like Ascension to share data with other organizations without informing patients, the scope of this information sharing is ideally restricted "only to help the covered entity carry out its health care functions."

At least 150 Google employees are said to have sweeping access to millions of users' data, with these individuals employed across the spectrum of Alphabet companies and projects. The company aims to use its burgeoning cloud wing to apply AI processing on the collected data in order to identify possible changes to the care plans for individual patients. It also aims to serve as an aggregation service for healthcare data, which has historically been mostly decentralized.

The report paints Ascension's motives as partly altruistic and partly material, suggesting that while the program does enable it to provide better care to its patients, part of the reasoning behind its willingness to share patient data with Google may have been a desire to maximize profits per patient.

Ascension noted the following as part of a statement released after the publication of the story:

"All work related to Ascension's engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension's strict requirements for data handling."

Have you listened to this week's Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

  • Subscribe in Pocket Casts: Audio
  • Subscribe in Spotify: Audio
  • Subscribe in iTunes: Audio
Muhammad Jarir Kanji