Google has been gathering millions of Americans' health records without their knowledge

midian182

TechSpot Editor
Staff member

First reported by the Wall Street Journal, Google’s “Project Nightingale” program gathered data that included “lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, complete with patient names and dates of birth.”

The publication adds that as many as 150 Google employees may have had access to the data and that some could have downloaded it.

Google attained the information through last year’s partnership with Ascension, the country’s second-largest healthcare system. The Catholic, non-profit has more than 34,000 providers across 21 states and the District of Columbia.

Google is using the data to create software that utilizes artificial intelligence and machine learning that can make care suggestions for patients. Forbes writes that as part of the project, Ascension moved patient records to Google’s cloud servers, and a search product allowed healthcare providers to see an “overview page” about their patients.

While Google’s actions certainly appear shady, the federal Health Insurance Portability and Accountability Act of 1996 (HIPPA) "generally allows hospitals to share data with business partners without telling patients, as long as the information is used 'only to help the covered entity carry out its health care functions.'"

In a statement, Ascension wrote: “All work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling.”

In Google’s related post, Cloud president Tariq Shaukat explained: “To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data.”

Google recently acquired health wearables company Fitbit for $2.1 billion, which led to concerns among some users about how it would use their data. Project Nightingale might be legal, but that’s unlikely to alleviate privacy advocates' fears.

Permalink to story.

 

ZedRM

TS Enthusiast
It's very greatly doubtful this is lawful. That kind of information requires a knowledgeable consent by the individual before possession is lawful. I suspect Google is about to be sued.
 

toooooot

TS Evangelist
It is ok Peps, their AI is working on treating all our diseases as I type this. Take it! take them all! *Throws his medical records at google dramatically*
 

Uncle Al

TS Evangelist
If ever there was a reason to update the HIPPA laws, this is as good a reason as you can get. And what prevents them from selling/sharing it with insurance companies so they can selectively jack up rates for those with pre-existing conditions? Perhaps it's time for Google to face their first Trillion Dollar Fine ......
 
  • Like
Reactions: 0dium

OortCloud

TS Maniac
It seems there's no depth they wont stoop to to scrape a little more data about us in order to make a few more dollars and cents.
 

Markoni35

TS Maniac
The more info they have about health, the more ways they find out to screw us up. Then extort money from us by offering us a "solution". Of course, the solution only works for 1 month and then you have to pay again. No permanent fix is ever offered. If a cheap and effective solution exists, they'll bribe their way to banning it.

Yes, I hear you, that's exactly what big pharma was doing for decades. I know. The bastards are guilty as charged. But Google is something else. They are a lot smarter than big pharma. They're gonna screw us up in ways that are very hard to detect.
 

PEnnn

TS Addict
I have to give ANY doctor / hospital, etc my written consent and permission if they want to share my medical data with my wife. But Google?? No problemo, and no permission required it seems!

The HIPAA law is not worth the paper it's written on...when it comes to imbecilic Google.

"The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared."
 

scavengerspc

TS Booster
I must Vent. I have had ENOUGH.
I switched over to Firefox last spring. I use a combo of search engines, and not one of them is Google.

But now I am really tempted to take on the huge task of dumping Gmail. Man, that will take some time because I have had Gmail since 2005. Remember Google back then? "Do no evil". Makes me laugh now.

Also. Maybe its time for my first iphone. Or a flip phone?
 

Evernessince

地獄らしい人間動物園
I have to give ANY doctor / hospital, etc my written consent and permission if they want to share my medical data with my wife. But Google?? No problemo, and no permission required it seems!

The HIPAA law is not worth the paper it's written on...when it comes to imbecilic Google.

"The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared."
I think HIPAA's ineffectiveness in this case is due to it's age. It was written in 1996. It's about time data protection and privacy laws get a booster.
 

Markoni35

TS Maniac
Remember Google back then? "Do no evil". Makes me laugh now.
I knew they were evil when Gmail started their campaign. You could only get Gmail if a friend recommended it to you. I knew that was the initial, and very fast, way to find out who knows whom. It was clear to me from the year one that Google is a big spying operation.

AFAIK it was actually financed with money from a few spying organizations.

The "Do not evil" campaign was a message to their competitors. Don't be evil to Google. But they never said Google won't be evil to them.
 

Yynxs

TS Addict
In case you're feeling 'safe' because this was announced as occurring with Ascension, next time you visit healthcare, ask to see what software is being used and where the data is stored. (Don't bother asking about encryption)

The feds required medical care reporting be digital. The feds give a 10% discount to hospitals that provide reporting on quality of care of their patients so the feds can publish a 'rating'. Hospitals contract third parties, non-medical third parties, to conduct the surveys.

This is aside from insurance and medical aid passing your private health facts around to 'determine' payment.

Your voice assistants, TV remote controls, even Roku controls, listen in and report key words. Those are passed to their various producers including other countries, Google being only one of them.

Your DNA from medical tests and the results of those medical tests are routinely shared among "legitimate researchers". (duly anonymized of course..koff koff)

Google and Ascension are not remotely the full scope of the problem of medical privacy. Google just wants further in, legally, to cover what they've already collected and used to target you.
 

Markoni35

TS Maniac
It is ok Peps, their AI is working on treating all our diseases as I type this. Take it! take them all! *Throws his medical records at google dramatically*
Yes, but they forgot to mention those treatments will be reserved for the executives of Google and their rich friends. Not for you or me.