Google and Ascension are offering more information about their ongoing patient data project in light of significant interest and privacy concerns.
The recent revelation of the partnership, called Project Nightingale, by The Wall Street Journal prompted criticism and concern about patient privacy. The WSJ reported that Google was collecting the health information of tens of millions of patients at Ascension, including information such as names and birthdates. Ascension is the nation’s largest Catholic health system, based in Missouri, with more than 2,600 sites of care in 20 states and the District of Columbia.
Since the WSJ’s story broke, both companies have conducted a full-court press to defend the project and offer assurances on privacy compliance. Google has published a handful of blog posts from executives aiming to clarify the partnership, including one from David Feinberg, MD, heat of Google Health, published Nov. 20.
According to Feinberg, Google is “building an intelligent suite of tools to help doctors, nurses and other providers take better care of patients, leveraging our expertise in organizing information.” Among those tools, the tech giant is aiming to improve electronic health records that are interoperable, with Ascension acting as the first partner where frontline staff will “pilot this tool.”
Feinberg reiterated that Google cannot use the patient data for any other purpose other than providing its services, such as using it for advertising.
However, he did admit that Google employees do come into contact with identifiable patient data. One of the biggest concerns brought up in the WSJ report was a lack of disclosure to patients that their information and health data was being shared with Google. Privacy laws under the Health Information Privacy Protection Act (HIPAA) does not require healthcare providers to inform patients if their information is shared under some circumstances.
According to Feinberg, Google has “strict controls” for employees who see the data. For example, these limited employees undergo HIPAA and medical ethics training and are approved by Ascension. The data is also accessible in a “strictly controlled environment with audit trails,” Feinberg wrote.
Still, Congress has questions about the project, and the House Committee on Energy and Commerce asked both companies to provide briefings about Project Nightingale by Dec. 6. In addition, Google has not stated what it plans to do with the data, only that it is following compliance rules, is being careful with who has access to the data and what it won’t do.
In addition to the blog post, Google posted two videos about its aims to improve digital health tools that are a “joy to use,” Alvin Rajkomar, MD, product manager and practicing physician, internal medicine, said in one video that also showcased an EHR pilot.
Ascension, for its part, has also published materials defending the project with Google, also assuring privacy for patient data and compliance.