The Wall Street Journal dropped a "bombshell" story about Google partnering with a healthcare network to collect and analyze data. Except, it's not a bombshell because it's the standard operating procedure, and Google has decided to become part of it.
The details sound really juicy. Ascension patients across 21 states have had their healthcare records shared with Google, and none of them gave explicit consent. Except that they did even if they don't know that they did. Under HIPAA, laws that regulate how health data can be shared, a provider or care network can share data with partners, including personal details like a name or date of birth, as long as it assists patient care.
Almost all of them do, too. Your doctor probably doesn't use paper records or have physical copies of X-Rays in a folder, and even if he or she does, a digital copy is also in a cloud somewhere. Since most hospitals and doctor's offices aren't also cloud service providers, they have contracted with some other company to handle it all. When you signed a release form that told you of your rights under HIPAA, it told you this.
I find data collection, handling, and storage fascinating. I also spend a lot of time at a doctor's office and read everything before I sign it. That probably explains why I know that this happens every day, and nobody knows what is going on because they aren't in my bubble. But I understand the reactions because of the way the news was dropped on everyone.
Your doctor probably isn't a cloud services provider.
The difference this time is that it's Google. I've already written about how it can be difficult just to trust Google. The company has used some scary methods to make money even if (so far) it has kept to its word about keeping your data safe and not selling or sharing it. Like the Fitbit acquisition, seeing Google all up in your medical records can be worrisome.
Also, as Daniel Rubino points out, secret codenames for a project that nobody knew about doesn't help, either. Giving a phone a secret code name of a fish can be endearing. Calling data collection from healthcare providers Project Anything isn't.
Why Google is doing this (other names you recognize like Microsoft and Amazon do the same thing) is to "design new software, underpinned by advanced artificial intelligence and machine learning, that zeroes in on individual patients to suggest changes to their care" according to the WSJ.
That sounds like a thing Google would be good at doing, and once perfected, selling to other healthcare groups. It's also likely why Google is allowed access under HIPAA regulations because it would certainly help provide patient care. It's also something that didn't need to be done in secret, which is mostly the issue here.
I know that Google does a lot of, well, stupid things. Google knows it does a lot of stupid things. This isn't really one of them, but our deep mistrust of the company along with the unnecessary need for secrecy makes it look like one.