Google amassed private health data on millions of people

Neither doctors nor patients however have been notified or given their consent, WSJ reports

Google has tapped a partnership with one of the US’ largest health care systems to advance its healthcare software services offerings. To achieve that, however, it has collected and analysed the personal health information of millions of Americans across 21 states, without informing them in advance or asking for their consent, The Wall Street Journal reports.

The joint effort with the St. Louis-based company Ascension reportedly began last year, but increased dramatically over the summer and fall of 2019. Code-named “Project Nightingale,” the project collects data regarding patients’ lab results, diagnoses from their doctors, and hospitalisation records to create a complete health history for a patient - including that patient’s name and data of birth - all without the consent of the patients or their doctors.

The data collection process is part of a bigger plan by Google to create new software using artificial intelligence (AI) technology to analyse patient information for Ascension and give people recommendations to improve their health, according to WSJ and Forbes.

“As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers,” Ascension Executive Vice President of Strategy and Innovations Eduardo Conrado said in a statement Monday after news was released.

“Doing that will require the programmatic integration of new care models delivered through the digital platforms, applications and services that are part of the everyday experience of those we serve,” Conrado continued.

Neither doctors nor patients however have been notified about the data-collection process, despite the fact that more than 150 Google employees and staffers at Google’s parent company, Alphabet, already have access to the health information of tens of millions of patients, WSJ reported citing one person familiar with the project and internal documents. A Google spokesperson, however, told WSJ that the project is compliant with federal health law. Ascension similarly said the project is compliant with US law and is “underpinned by a robust data security and protection effort,” according to Forbes.

“All work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling,” it insisted.

Still, the Journal report raises concerns about whether the data handling is indeed as secure as both companies appear to think it is. And Google hasn’t exactly proven itself to be infallible when it comes to protecting user data. Remember when Google+ users had their data exposed and Google did nothing to alert those affected? Or when a Google contractor leaked more than a thousand Assistant recordings, and the company defended itself by claiming that most of its audio snippets aren’t reviewed by humans?

This time it once again seems another massive ethical oversight on the part of Google and Ascension, considering most people who visit the doctor expect what happens there to remain between them and their practicing physician. At worst, it has the potential to be a massive privacy risk for any number of individuals whose data is accessible to dozens of employees at the company.

Similar articles