Google did a privacy lap over a partnership with Ascension, a major United States hospital network, to cooperate on tools that help make sense of info about patients and help the doctors to search the patient’s medical record. Wall Street Journal piece first disclose the deal between Google and Ascension. It describes that around 150 employees of Google already have access to the information on tens of millions of Ascension’s patients while those patients are unaware of the deal. Whereas, it is not clear that consent represents the main privacy risk.

According to six concerning people with the accord and an international Ascension email, the two firms signed an industry-standard deal that permits the hospital to share protected information about health with Google while this info only used for treating patients. These people enquired about obscurity because they were not legal to discuss the agreement with the media. Moreover, the email notes that the agreement was a part of a bigger deal between the corporations that included Ascension’s use of G Suite of Google set of productivity tools, which competes with Office 365 of Microsoft.

At the same time, another person said some employees of Ascension worried that some tools that Google is using to export and import information were not compliant with privacy standards of HIPAA (the set of rules that rule how health data transformed & shared, as well as some of the products cited by the concerned employees). The flap comes as Google Inc. makes hard steps into the health sector of $3.5 trillion, previously approving to get Fitbit, a fitness tracker firm, and announcing an agreement with Mayo Clinic.

How the Agreement came together

A lot of people said that the project came after Ascension spent several dollars on a project of a data warehouse that pulls together clinical data across its patient population. Google and Ascension started their dialogue around eight months ago on a set of so-called people health and analytics software to examine health info in aggregate, and they termed to a wider scope of the work under the code name “Nightingale.” While on the Google end, the aim was to create tools to make it comfortable for doctors to stop data of a specific patient in a medical record. Vice President of Google Health, David Feinberg, referred to this competence in the unclear terms at the latest industry conference. According to a familiar source with the matter, the tool makes it comfortable for a doctor to look up any specific patient’s recent test results, medications, and much more.

A spokesman of Google confirmed that the firm is developing tools to assist doctors as well as nurses to improve patient care. But the spokesperson declined to share further information. These types of large-scale analytics projects actually associated with health data firms like Optum, owned by UnitedHealth Group, along with the big electronic health record vendors like Epic Systems. On the other side, tech firms such as Google seeking ways into the businesses of health-care, they expected to become more common participants in such type of agreements. Another three familiar people said both companies signed a business associate accord (BBA), as part of their negotiations, which allows for some protected health info to share with a business partner.

Agreements Designed to ensure the security of Personal Health

These consents planned to ensure the security of the personal health info, and they are common in the industry. As a privacy expert for Omada Health (health-tech company), mention these types of deals would typically restrict the scope of what Google can do. In this case, the business partner, Google, can’t convert the information to serve its own commercial purposes, and it can’t trade the information under these consents. An email from Ascension health firm to its employees confirmed that both firms signed a BAA and said data of Ascension couldn’t use by Google for any other cause than for provisioning these tools for Ascension clinicians use. Furthermore, the data of patients can’t mix with consumer data on Google.

Two concerned people explained that Ascension particularly brought on the assurance of a compliance officer’s presence in all of their meetings with tech firm Google to assure that the information shared properly. Instead of all these assurances, another employee having an awareness of the project said that some employees of Ascension had personal concerns related to the Google tools used to export and import data. Which they said aren’t completely complaint under HIPAA. According to CNBC, seen materials, Data Lab, Data Studio, and Big Query are the tools at issue. He added, either company not fully addressed the concerns. The person said, they asked Google for comment but they got no response or delayed response. There is continuous pressure from the top authorities to get it out rapidly.

Google also Faced Lawsuits in the past about Patient Data Privacy

In the past, Google signed many other big agreements, including with the University of Chicago and the Mayo Clinic. Whereas, earlier this year, a patient prosecuted the University of Chicago and Google after accusing that the firms didn’t strip out date stamps or notes of doctors buried under several other patient medical records. A spokesman said in a statement that at that time, the University and the Medical Center would strongly defend this action in the court proceeding. According to the United Kingdom government watchdog, Google also faced issues regarding privacy in the United Kingdom in 2017. When it’s A.I project, “DeepMind” used information from patients in a way that violates the data protection law.

Read Also: Australian Regulator files lawsuit against Google over location data misuse