Google’s Project Nightingale Raises Serious Health Data Collection Concerns

Google keeps increasing its efforts into the U.S. healthcare sector currently worth $3.5 trillion yearly.  Projects such as the $2.1 billion acquisition of Fitbit, which has 25 million active users, and now the recent “Project Nightingale,” with Ascension, the second-largest health system in the United States – 2,600 hospital and medical care facilities in 21 states. But the tech giant is trying to access about 50 million patients’ records in these states without the consent of patients or health care professionals.

How can the Project Nightingale break any laws? You may ask. HIPAA says that there are strict guidelines established as to how medical data is managed and shared without consent. Data sharing should be used solely to improve healthcare, and not for commercial uses. Data can’t be shared with third parties such as data brokers and advertisers.

Google says there is nothing wrong with how they accessed health data since they signed an industry-standard agreement, which confirms that the health data will be used to improve the health system and patient health outcomes. But another report from the Wall Street Journal and the New York Times indicates that Google is planning something different, and they crossed the line when they moved a large amount of data to the Google Cloud.  A lot of Analysts agree with the observation and they are skeptical about what the intentions are behind gathering all this data.

Regulators and legislators say there is nothing wrong with the project. But should we be concerned? Currently, over 150 Google staffers have access to the health data of millions of patients, and there are other health information projects in progress, such as the Fitbit fitness product recently purchased.   

Whether the agreement between Google and the nonprofit healthcare provider Ascension is HIPAA compliant is not sure. In other words, Google may use health data in ways that were not originally intended.  It’s no secret that Google wants to train medical artificial intelligence (Ai) systems with electronic health records. Is using the recently acquired health data in an AI lab HIPAA-compliant?

Also, Project Nightingale has been carried out in complete secrecy, which raises public concerns. It took an anonymous whistleblower for the company to admit what they were doing. Why is this data available to 150 Google employees? Why access to 50 million patient records? No answer. If the goal is to improve the Ascension healthcare system, why not inform patients in advance and obtain their rightful consent?

Google is getting access to the medical history of almost 50 million patients, which includes their name, contact information, date of birth, medical conditions, lab, and hospitalization records history.

Best case scenario, Google will simply improve diagnostic and testing options available to doctors, like they did in the past. Google had launched AI projects intended to asses the risk of heart disease with an eye scan and used medical data to calculate the probability of premature death.

There is no doubt that bigger sources of sensitive data make bigger targets for attackers, so customers should be concerned about Google’s new move. As with every project out there dealing with personal data, there are advantages and disadvantages involved. Again, Google is mainly built on data and healthcare is serious business, so the new move makes total sense.

If Google plans on being a major player in healthcare, people are going to naturally take into consideration their sketchy history of using personal data. They will need to catch up on existing standards for health data in U.S.

WRITTEN BY