Press "Enter" to skip to content

Feds Launch Investigation Into Google’s Secretive “Project Nightingale”

Big Tech can’t seem to go one month without becoming involved in some new data privacy scandal, but this time, Google parent Alphabet has outdone itself.

Yesterday, WSJ broke a story about a deal between Alphabet and Ascension Health System, a Catholic non-profit that operates hospitals and nursing homes in 21 states and Washington DC. Ascension has more than 2,600 facilities, but its data – including critical patient data – is presently spread across 40 data centers in more than a dozen states.

But thanks to a deal between the two organizations that spawned Google’s “Project Nightingale”, all of that data are being moved into Google’s cloud, and Google engineers are working on a system that they say could revolutionize how doctors use patient health data to make diagnoses.

The only problem, is some regulators have expressed concerns that the patient data aren’t being properly protected, or that Google might illegally use the data to hone its ad micro-targeting. The sensitive health data of millions of Americans would be quite a score.

And there’s reason to be suspicious: Without notifying patients or doctors, Ascension recently started sharing personally identifiable information on millions of patients with Google. The data include: patients’ names and dates of birth; lab tests; doctor diagnoses; medication and hospitalization history; and some billing claims and other clinical records.

Now, the Office for Civil Rights in the Department of Health and Human Services is investigating the arrangement to see if “this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented.”

For those who are unfamiliar with the term, HIPAA protections are the same rights that prevent doctors from giving out patients’ information without their authorization.

Some Ascension patients who spoke with WSJ said they were suspicious of Google’s motives, since, according to its agreement with Ascension, Google is responsible for building the infrastructure, then Ascension will pay Google to manage the data after the project is completed.

Patients are worried that Google might find another payout somewhere else by using their data to court advertisers.

“Google is not doing this out of the goodness of their heart,” said Tim Wiesner, a 63-year-old retired nurse and Ascension patient in Wichita, Kan. He said he was disappointed not to have been notified of the data sharing directly by his doctor. “It just seems deceitful. I’m sure they are going to make money off our information.”

One academic agreed with the patients, adding that “the optics are bad.”

“The optics are bad. The legal argument is tenuous. Ethically, this is a bad strategy. They need to tell people what they are doing,” said Ellen Wright Clayton, a professor of biomedical ethics at Vanderbilt University. She said the Alphabet Inc. unit risks running afoul of the rules if it uses the health data to perform independent research outside the direct scope of patient care.

Some lawmakers have expressed reservations about ‘Nightingale’, and have asked Google to suspend the project.

“The optics are bad. The legal argument is tenuous. Ethically, this is a bad strategy. They need to tell people what they are doing,” said Ellen Wright Clayton, a professor of biomedical ethics at Vanderbilt University. She said the Alphabet Inc. unit risks running afoul of the rules if it uses the health data to perform independent research outside the direct scope of patient care.

Google employees working on the project might have access to the sensitive information. It’s not clear what the company is doing to try and prevent this. Google stands to reap tens of millions in profits by repeating this work for other health-care giants. It should be able to figure out a way to satisfy those who are concerned about illegal sharing of data.

SOURCE: ZEROHEDGE