In a partnership with health care provider Ascension, Google has collected detailed health information on millions of Americans. The project is called “Project Nightingale”.
There are privacy concerns regarding the project as well as concerns that the Dr’s and the patients were not properly notified that their health records were shared with Google. According to Google the provided information will help Google to help, “Healthcare organizations like Ascension improve the healthcare experience and outcomes”.
The law, according to HIPPA, says that, “The Privacy Rule allows covered providers and health plans to disclose protected health information to these “business associates” if the providers or plans obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity’s duties under the Privacy Rule”.
In response to the project a federal investigation was started and Federal Regulator Roger Severino said that they, “Will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented”.
Ascension said that “All work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling”.
Google responded to the probe by saying, “It’s understandable that people want to ask questions about our work with Ascension. We’re proud of the important work we’re doing as a cloud technology partner for healthcare companies”. Google went on to say that,”We aim to provide tools that Ascension could use to support improvements in clinical quality and patient safety”.