Google & Ascension’s Data Project Sparks Privacy Concerns

The collaboration covers hospital records and identifying information such as full names and birthdates from tens of millions of patients as well as any of their diagnoses and lab results. The release from Ascension says that the project is complying with HIPAA as it moves to transition its legacy health IT infrastructure over to Google’s cloud platform and includes the adoption of new artificial intelligence and machine deep learning tools designed to help improve clinical quality and patient safety. 

“As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers,” Ascension’s executive vice president for strategy and innovations, Eduardo Conrado, said in the statement. “Doing that will require the programmatic integration of new care models delivered through the digital platforms, applications and services that are part of the everyday experience of those we serve.”

Despite the assuring release members of Congress as well as the Department of Health and Human Services have expressed doubts and criticism about the impact and scope of the project, namely how it has been carried out without informing doctors or patients. 

HHS’ Office for Civil Rights “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented,” Director Roger Severino said in a follow-up WSJ report.

Ascension maintains ownership of its data, but the company has formed a business associate agreement with Google that allows the company to access protected patient records and health information under HIPAA.

“That a health care provider could be furnishing sensitive health data, directly tied to patient names and dates of birth and without the knowledge or consent of doctors or patients, to Google should be deeply unsettling,” Sen. Mark Warner (D-Va.) said in a statement to The Hill.

Tariq Shaukat, president of Google’s cloud based industry products and solutions writes in a blog posting that the project is following federal regulation and strict guidance on data privacy, security and usage, and that Google will cooperate with any federal inquiries. Some of the joint efforts are “not yet in active clinical deployment, but rather are in early testing”  and are the basis of pilot projects such as tools that will allow Ascension clinicians to access and view their patients’ relevant medical history. 

It does make one wonder, if the project is on the up and up following compliance then why not announce it right away rather than keeping it all hush hush, why was it only announced after the WSJ report further adding to significant doubt and concerns to a company which has already had some notable privacy issues going about secretly gaining access to personal data without patient knowledge.

According to the WSJ report at least 150 Google employees have access to some or all of the data, and some Ascension employees have expressed concerns “about the way the data is being collected and shared, both from a technological and ethical perspective.” 

“Leaks of private medical information are enormously common,” Pam Dixon of the World Privacy Forum told CBS News, calling for oversight of Google’s health initiative. “So it’s a significant concern.”

It looks as if Google is looking to further its dominance elsewhere as well and they are getting ready to expand into banking with the giant set to offer checking accounts next year. This project is code named Cache will be run in conjunction with Citigroup and the Stanford Federal Credit Union; the company has plans to brand the checking accounts with financial institutions names rather than its own.

Banks have been worried about competition from little fintech startups, but it appears as if they have been looking in the wrong direction as this competition will come from giants. Google now joins Amazon which is reportedly talking with J.P. Morgan Chase over checking accounts, Apple which has launched a credit card with Goldman Sachs, Facebook which has just announced a new system to facilitate payment across its systems, and Uber, which has announced it is pushing into financial services. 

Sen. Mark Warner, D-Va., a leading voice on regulating tech companies on Capitol Hill, told CNBC , “I’m concerned when we got, whether it’s libra or the Google proposal, ... these giant tech platforms entering into new fields before there are some regulatory rules of the road.”

“Because once they get in, the ability to extract them out is going to be virtually impossible,” said Warner, who was a tech entrepreneur before he got into politics.