Well, that didn’t take long. Shortly after The Wall Street Journal blew the lid off Project Nightingale, regulators have announced that they’ll start looking into Google’s partnership with Ascension, the second-largest health system in the US. According to WSJ, the Office for Civil Rights in the Department of Health and Human Services “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented.”
The Office for Civil Rights’ website says it “enforces federal civil rights laws, conscience and religious freedom laws, the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule, which together protect your fundamental rights of nondiscrimination, conscience, religious freedom, and health information privacy.”
Project Nightingale gives Google access to tens of millions of patients’ names, health histories, date of birth, lab results, diagnoses and hospitalization records from Ascension. The health system reportedly didn’t tell doctors and patients that it’s sharing data with the tech giant, which is using the information to design new AI-powered software. WSJ says Google envisions an AI that would have the ability to automatically predict the outcome and risks of certain procedures and medications. The software would be able to read scanned images like MRIs and upload related data to a central network that can be accessed by both Ascension and Google personnel.
Critics are worried about patient privacy, especially since a massive collection of health-related data is involved. Senator Amy Klobuchar (D., Minn.) believes the project should have more government oversight and even called for new legislation to address the issue. A Google spokesperson told WSJ, though, that the company is “happy to cooperate” with the probe and it believes its “work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage.” That echoes Google’s blog post about the partnership, where it assured people that it adheres to HIPAA.