Google reportedly gathering millions of Americans’ personal health records

Google is secretly working with one of the nation’s biggest healthcare organizations to obtain the personal health records of millions of Americans, the Wall Street Journal reports.

Known as “Project Nightingale,” the initiative involves Ascension, a Catholic-based healthcare system, providing the tech giant with data from 21 states.

The data includes not only “lab results, doctor diagnoses, and hospitalization records,” but also “patient names and dates of birth.”

The Journal further notes that patients and doctors mentioned in the records were never notified about the data being given to Google and that at least 150 Google employees currently have access to it.

Employees at Ascension have also reportedly expressed concern about Project Nightingale “both from a technological and ethical perspective.”

Despite the questions raised, the massive undertaking appears to be legal under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law allows health data to be shared with businesses without the knowledge of patients, so long as the data is only used “to help the covered entity carry out its health care functions.”

One of Google’s aims is to use the data to develop new AI-based software capable of recommending changes to patients’ healthcare to improve their treatment.

In a statement following the Journal’s report, Google Cloud president Tariq Shaukat defended Project Nightingale as a way for the company to reduce healthcare costs and save lives.

Eduardo Conrado, an executive vice president at Ascension, similarly defended the program as a win for patients.

“As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers,” Conrado said.

Documents obtained by the Journal, however, show both Google and Ascension have financial aims too.

Once its software is fully developed, Google hopes to sell its final product to other health systems.

“Its end goal is to create an omnibus search tool to aggregate disparate patient data and host it all in one place,” the Journal reports.

Ascension believes Google’s software could also help it generate more revenue by discovering necessary tests for patients that doctors may have missed.

In an effort to ease the concerns of Americans, Ascension also asserted that its efforts with Google were HIPAA compliant.

“All work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling,” the company said.

READ MORE: 

Mikael Thalen

Mikael Thalen

Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.