Google has issued a statement acknowledging a partnership with Ascension, the largest non-profit health system in the United States, after Wall Street Journal reported that the technology company had secretly accessed and gathered million of patient records in over 21 states. Google denies secretly collecting patient data.
‘Project Nightingale’ as it was dubbed is now facing scrutiny and a federal inquiry from the Department of Health and Human Services’ Office, according to new reports. According to WSJ, neither the doctors nor patients were aware of the data collection, and it has raised serious privacy questions given the sensitive nature of medical information.
The program saw Google employees accessing data that included lab results, doctor diagnoses, records, and complete health history of patients, including names and birth dates. The report said that as many as 150 Google employees likely had access to the sensitive data, which was not anonymised to remove the personal identifiers.
Meanwhile, the Guardian has reported that a whistleblower who was part of Project Nightingale has put out a video highlighting the kind of data that Google was accessing. The report notes that the data of 50 million US citizens was accessed by Google. The whistleblower’s video was posted on Daily Motion, and includes a document dump of hundreds of images of confidential files relating to Project Nightingale, notes the report.
Google issued a blog statement announcing the partnership with the US health provider and said that they are piloting tools which could help “Ascension’s doctors and nurses more quickly and easily access relevant patient information, in a consolidated view.” It has also denied that its work with Ascension was a secret project, saying they had announced the deal in their second quarter earnings back in July.
Google also claims that Ascension informed “acute care administrative and clinical leaders across their organization on the work,” as well as “many front-line nurses and clinicians on the project.”
The company says this is a commercial deal with Ascension, though it did not reveal the financial details, adding that they have contracts with dozens of other healthcare providers. “These organisations use our technology to help them organise their healthcare data and make this crucial information useful and secure,” Google said.
Regarding privacy of patient data, Google said the “data is logically siloed to Ascension, housed within a virtual private space and encrypted with dedicated keys.” They also said that the patient data is not used for any other purpose other than “servicing the product on behalf of Ascension,” and that any data under this agreement will not be used to sell data.
But Google did say that some limited number of employees had access to the health data, and they had been approved by Ascension to potentially handle this. Google also denied that the data would be combined with their own consumer data.