Google’s “Project Nightingale” Analyzes Millions of Health Records
Last week, the New York Times and the Wall Street Journal reported on Google’s “Project Nightingale”. In collaboration with Ascension, one of the largest American health organizations, Google collects and analyzes the medical data of more than 21 million US patients. The data is used to develop new algorithms and procedures to enable early detection of diseases. Tariq Shaukat, head of Google’s cloud division, comments:
Ascension, one of the nation’s leading non-profit health systems, is working with Google to optimize the health and wellness of individuals and communities through technology. The goal of the partnership is to enhance the experience of patients and clinical providers across the continuum of care, improving outcomes and saving lives.
The collected data includes laboratory results, physician diagnoses, hospital reports and complete disease histories. It is noted, that neither physicians nor patients knew about the sharing of this data. In fact, the partnership between Google and Ascension has been running since 2018, but it only became public last week. Apparently Google had “forgotten” to inform the affected patients. Both parties only commented on the cooperation after the publication of the report in the Wall Street Journal.
What is interesting is that the transfer of highly sensitive medical data to business partners is legal for healthcare providers in the U.S. The Health Insurance Portability and Accountability Act of 1996 allows data to be shared as long as the data is only used to support or improve treatment. Even without notifying patients.
What’s the problem?
Due to the vague wording of the outdated law, Google is able to handle the data quite freely. This is not only a moral problem, but can have real effects on the patients. For example, a patient’s medical history is stolen or leaked (even Google is not immune to cyber attacks). The hacker or whoever has the medical history then sells it to the patient’s employer. If the employer finds out about an illness that is supposed to be confidential, he can use this as a reason to dismiss the employee. After that, it can be difficult for the patient to find a new job, as sick employees are often undesirable.
In general, it is always problematic to share highly sensitive data with profit-oriented companies. Although the collaboration between Ascension and Google is being promoted as a measure to improve health services, the passing on of data also increases possible abusive behaviour. According to the New York Times, 150 Google employees had access to the data, several of which had the ability to download it.
We at Blockchain HELIX are working on the Digital Identity solution, helix id.
With helix id, every user retains control of his or her data. Therefore, the data does not end up with Google or other profit-oriented companies. Because no one wants to hear in the news that their own data has been collected and analyzed — due to the non-transparent data management.
