Google Data-Related Scandal: Everything About “Project Nightingale”

“Don’t be evil” hasn’t been on unofficial Google’s motto for quite some time to date. Some of the latest events connected with healthcare data show us why.

In this blog post, we’ll try to follow the whole chain of events of “Project Nightingale”, it’s revealing to the general public by Wall-Street Journal, Google’s follow-up of the ‘excitement about the cooperation’ and the FBI investigations that followed.

We will acknowledge all the facts regarding the data-sharing project, it’s development, complication and everything that is known to the general public. We’ll speculate on the matter and try to figure out, whether it is “not a big deal” really, or there are some worrying moments.

Spoiler alert: we don’t buy the integrity and honesty of each and every one of 150 Google employees who got access to the big archive of patients’ data.

Google to Store and Analyze Millions of Health Records

Google tries to find ways of proper application and expansion of utilizing artificial intelligence in their healthcare-related activities.

As part of these efforts of the tech company, they acquired Ascension, catholic healthcare organization, one of the biggest in the US. Ascension claim they are delivering medical healthcare to all, focusing on people living in poverty, hence those who can’t afford it.

According to financial documents, Ascension provided $2 billion in healthcare money via community benefit programs. They operate at 2,600 facilities (including 150 hospitals and 50+ senior living sights) across 20 states. Among the services provided by the company are physician practice management, venture capital investing, investment management, biomedical engineering, facilities management, clinical care management, information services, and risk management.

So how do both parties cooperate exactly? According to the statements released, Google helps to store and analyze the data of millions of patients at their cloud computing platform.

Though it is legal for health systems to share patients’ medical information with their business partners for certain matters, Google proves not to be trustworthy. The company was fined multiple times in the past for privacy laws violations as they disclosed personal medical data.

Google claimed they’ve announced the  arrangement in a July report but this is hardly could be called a loud announcement. The Wall Street Journal publication made the hell break loose.

The New York Times posses internal documents that open sme insights on how the two companies (Google and Ascension) cooperate. In the moment, they are testing the software that allows medical providers make a search of patient’s EHR filtered by categories.

The overall goal is to provide physicians with the better access to patient data, hance improve the quality of the care due to visualized insights gotten from the data that has potential to help treatment.

It is a part with Google’s competition with other tech giants for medical expansion. Apple uses medical research virtual medical research data from iPhones and watches. Microsoft, in turn, introduced cloud-based tools to help health systems share medical data.

Google announced plans to acquire Fitbit, a producer of activity tracking devices, for $2.1 billion. The company assured in advance that health data received from the trackers will not be used for ads.

In case with Ascension, no pre-emptive statement were released. Under the Ascension partnership, certain number of Google employees receive access to patient data that could be considered sensitive. Name, birthdate, race, illnesses and treatment are available to some members of Medical Brain, Google’s AI health team.

Some of Ascension employees were concerned about the fact Google associates downloaded these data, according to the internal documents. Also, it is unclear whether  HIPAA (the Health Insurance Portability and Accountability Act) was violated during the processing of patient’s data.

It is important to note that after WSJ article saw the light, Ascension representatives said that the deal WAS complied with the law. They also claimed that Google could not use it for any purpose other than providing tools for Ascension medical providers.

“We are proud to announce…”

The next day after the article by WSJ saw the light, on November, 12th, Google Cloud released official statement regarding the situation as media expressed concerns and wanted blood.

Tariq Shaukat, the president of Google Cloud, said in the statement “we hope to transform the delivery of health care.”

Ascension did not respond to questions about how many patient records had already been transferred to Google Cloud.

Google’s handling of healthcare data is a touchy subject. DeepMind outraged privacy groups in 2018 when it announced plans to transfer the unit that processed the medical records to Google, after saying that it would not link patient data to Google accounts.

DeepMind’s health team officially joined Google in September, 2019. In absorbing DeepMind’s health unit, Google said, it was building “an AI-powered assistant for nurses and doctors.”

In “Project Nightingale” Google also claimed that they “do not combine data across partners, and we would not be allowed to under our agreements or the law”.

Previous Data-Related Scandals and Current Investigations

In June, Google and two universities the University of Chicago Medical Center were sued  accusing the hospital of sharing hundreds of thousands of patients’ records. The lawsuit said the inclusion of dates was a violation of HIPAA as Google could combine them with other information it already knew, like location data from smartphones, to establish the identity of the patients in the medical records.

The records have been stripped of identifying details like names, Social Security numbers and contact information. A Google spokesman said at the time that it had followed HIPAA. Google has filed to have the lawsuit dismissed. The University of Chicago and the medical centre have denied the accusations.

Now, CBSnews report that government officials are asking for more information about „Project Nightingale,“. The Office for Civil Rights at the U.S. Department of Health and Human Services claimed they“would like to learn more information about this mass collection of individuals‘ medical records with respect to the implications for patient privacy under HIPAA“. These are the exact word of Roger Severino, director of the civil rights office.

Why We Care So Much? (Conclusion)

We are not a media website. We can’t claim that we are somehow connected with professional journalism. In fact, our blog doesn’t contain posts like these – you can check it, we’re not highlighting the scandals around the industry.

However, we do care about personal data protection. Some of our healthcare projects took twice the time they could have lasted hence we wouldn’t complete every single item needed for HIPAA compliance.

We strongly believe that no matter how big is the tech giant, it has to obey the rules just like any other company. Hopefully, this is the case here as well.

The fact that the government is involved is worrisome, but maybe, the data wasn’t leaked and won’t be used for ads or some other activities potentially harmful to the patients. We’ll keep an eye on the situation.