Comprehensive Software Reviews to make better IT decisions

Sr hero 001 Sr hero 002 Sr hero 003 Sr hero 004

Google Has Personal Medical Data of Up to 50 Million Americans: Project Nightingale

Google has access to personal medical data of up to 50 million Americans through its partner Ascension, which is the second-largest health network in the US and consists of 2,600 Catholic hospitals, clinics, and other medical outlets in 21 states. The information about what’s known as “Project Nightingale” has come from a whistleblower working on the project, reports The Guardian.

The whistleblower disclosed documents outlining Project Nightingale and its four stages or “pillars.” According to The Guardian, confidential files for about ten million patients have already been moved, and by March 2020 the total number of impacted patients could be as high as 50 million. The data being transferred contains full personal details including patient name and medical history, and it can be accessed by Google staff.

Patients and their doctors have not been warned about this or asked for consent.

Google’s partnership with Ascension includes several initiatives: shifting Ascension’s infrastructure into Google Cloud, giving it access to G Suite productivity tools, and “extending tools to doctors and nurses to improve care.” It is that last initiative that presumably requires patient data. In the same blog, Google writes of prototyping and testing clinical solutions “to support improvements in clinical quality and patient safety.”

Regarding data privacy, Google claims that everything is above board. Obviously, the whistleblower and the journalists disagree. And regulators are concerned as well. The Office for Civil Rights in the Department of Health and Human Services “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented,” reports The Wall Street Journal (WSJ).

Our Take

This development and the concerns it has raised about Google’s approach to data privacy follow another uproar after the announcement of Google acquiring Fitbit. As Google is accumulating personal and confidential patient data, it needs to make sure that not only does it adhere to relevant regulations and guidelines but that it goes beyond and holds itself to a higher standard. Trust is the foundation of business, and you either have it or you don’t – especially given Google’s unprecedented power and the current political climate with calls to break up big tech.