Google made waves in the fall when the WSJ reported that the tech company had been working with Ascension since 2018 on a collaboration involving patient data, called Project Nightingale. While the partnership appears to be HIPAA compliant, the news drew concerns among patients, providers and legislators.
Earlier this week, a group of three senators, including Elizabeth Warren (D-MA), Richard Blumenthal (D-CT) and Dr. Bill Cassidy (R-LA), sent a follow-up letter to Ascension CEO Joseph Impicciche regarding concerns they hold about Project Nightingale.
This is not the first letter the trio has penned questioning the project. In November they sent a letter to Google raising a number of questions regarding the privacy and security of patient data, and received a reply in early December.
"However, because Google’s response did not answer a number of our questions pertaining to Ascension’s involvement, we are requesting additional details from Ascension to help us better understand how Project Nightingale protects the sensitive health information of American patients," the senators wrote in the more recent letter.
The senators laid out a number of questions surrounding patient consent of data use and privacy concerns. The senators are pressuring the health system for more information regarding the number of Google employees with access to the data and exactly what information is in the records.
"Google, for example, did not provide us with a 'full and complete list of patient-level information' that the company is receiving from Ascension, nor did it provide an exact number of healthcare records that it had received under Project Nightingale," the letter read.
The senators also asked if patients had advance notice of Google’s retention of their EHR, and if they had the ability to opt out of data sharing. Specifically, the senators inquired about whether the patients’ data would be used for research purposes.
The senators point out that, in the December letter from Google, the tech giant said that "providing notice to patients of uses and retention of [personal health information] by a covered entity and its business associations is the responsibility of the covered entity." The senators asked Ascension to clarify exactly what patients knew about their data being used.
The March letter ends by asking if Ascension is aware of any data breeches that would "present a risk of any outside party obtaining access to personal health information."
WHY IT MATTERS
As big tech moves into healthcare, patient privacy has been a concern among stakeholders.
"While improving the sharing, accessibility, and search-ability of healthcare data for providers could almost certainly lead to improvements in care, the role of Google in developing such a tool warrants scrutiny," the senators wrote in the letter.
THE LARGER TREND
Last year, news broke that Google and the University of Chicago Medical Center were being sued for violating patients' privacy following a data-sharing partnership that the two parties inked two years ago. The class action lawsuit, which was first reported on by the New York Times, accused the hospital system of sharing data with the tech conglomerate that could be identifiable, namely doctor's notes and the time frame of their visits.
Google has also been in hot water on the other side of the pond. In 2016 the UK's NHS signed a deal with Deep Mind that led to press and UK government criticism after an investigative report by the New Scientist revealed that Google would have access to a huge trove of patient data without the patients' express consent, a potential violation of NHS information governance principles.