The data on patients of St. Louis-based Ascension were until recently scattered across 40 data centers in more than a dozen states. Google and the Catholic nonprofit are moving that data into Google’s cloud-computing system—with potentially big changes on tap for doctors and patients.
At issue for regulators and lawmakers who expressed concern is whether Google and Ascension are adequately protecting patient data in the initiative, which is code-named “Project Nightingale” and is aimed at crunching data to produce better health care, among other goals. Ascension, without notifying patients or doctors, has begun sharing with Google personally identifiable information on millions of patients, such as names and dates of birth; lab tests; doctor diagnoses; medication and hospitalization history; and some billing claims and other clinical records.
The Office for Civil Rights in the Department of Health and Human Services “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented,” the office’s director,
Roger Severino,
said.
HIPAA refers to the federal Health Insurance Portability and Accountability Act of 1996, which generally allows hospitals to share data with business partners without telling patients as long as the information is used “only to help the covered entity carry out its health-care functions.” Privacy experts say Project Nightingale appears to be permissible under federal law.
A Google spokeswoman said in a statement: “We are happy to cooperate with any questions about the project. We believe Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage.”
The spokeswoman said Ascension data wouldn’t be used to sell ads.
Project Nightingale was first reported by The Wall Street Journal on Monday.
Paging Nurse Google
The tech giant is teaming with Ascension on an ambitious project to crunch patient data for treatment and administrative purposes
How ‘Project Nightingale’ intends to use data
1. Patient checks into hospital, doctor’s office or senior care center.
2. Doctors/nurses examine the patient, input data into computers.
Data that is
shared includes:
Name
Date of Birth
Address
Family members
Allergies
Immunizations
Radiology scans
Hospitalization
records
Lab tests
Medications
Medical conditions
3. Data instantly flows to Google’s ‘Project Nightingale’ system. The system may suggest the following outcomes, among others:
Treatment plans, suggests tests, flags unusual deviations in care.
Replacement or addition of doctors
to patient’s team.
Additional enforcement of narcotics policies.
Ascension may bill more or for different procedures.
Ascension has more than 2,600 facilities like hospitals and nursing homes in 21 states and Washington D.C.
“The optics are bad. The legal argument is tenuous. Ethically, this is a bad strategy. They need to tell people what they are doing,” said
Ellen Wright Clayton,
a professor of biomedical ethics at Vanderbilt University. She said the
Alphabet Inc.
unit risks running afoul of the rules if it uses the health data to perform independent research outside the direct scope of patient care.
Share Your Thoughts
How do you view the alliance between a tech company and a health care provider? Join the conversation below.
Google declined to comment on whether it would conduct research. People familiar with the project said the company’s staffers are still parsing through Ascension’s patchwork of data collections and aren’t yet positive what insights might be found or eventually produced.
Several lawmakers on Tuesday expressed concern about the program, including Sens. Mark Warner (D., Va.), Amy Klobuchar (D., Minn.), Bill Cassidy (R., La.), Lisa Murkowski (R., Alaska) and Richard Blumenthal (D., Conn.).
Mr. Warner called for Project Nightingale to be halted pending an investigation. He said a moratorium should be applied to any similar deals involving a company already under a consent-decree agreement for serious privacy and security violations, as is the case with Google.
Ms. Klobuchar, a presidential candidate, said Google’s trove of health data warrants more government oversight because there are “very few rules of the road in place regulating how it is collected and used.” She called for new legislation to address the issue.
Other technology companies, including
Apple Inc.,
Amazon.com Inc.
and
Microsoft Corp.
, are also aggressively pushing into health care.
Eventually, experts say, Google could reap tens of millions of dollars—if not more—by repeating its Ascension work for other health-care clients.
Google cloud President
Tariq Shaukat
said Monday the company aimed to help “modernize Ascension’s infrastructure,” as well as give Ascension staffers tools to communicate and build functions that the health system could use to improve care.
In meetings and presentations reviewed by the Journal, Google has laid out deep ambitions for the project. Google executives describe the goal as a “layer” of patient information that is essentially an entire personal health record. Artificial intelligence would immediately jump in with suggested questions, and its own answers, such as risks of a given treatment plan. Project Nightingale would then automatically predict and map the outcome of certain procedures or medications.
Doctors and other Ascension medical staff, as well as Google employees, would be able to pull up far-flung patient data faster than under Ascension’s current system.
Conceptual images of the software under construction show an interface much like Google’s flagship search engine. Begin to type in a first name, and Google will produce a drop-down menu featuring other patients with similar names. A single click reveals metabolic data, medications, phone numbers and even the patient’s temperature.
Software would be able to automatically read scanned images such as MRIs and upload related data to a central network accessible to Ascension and some Google employees.
The concept gave some Ascension patients pause.
“Google is not doing this out of the goodness of their heart,” said Tim Wiesner, a 63-year-old retired nurse and Ascension patient in Wichita, Kan. He said he was disappointed not to have been notified of the data sharing directly by his doctor. “It just seems deceitful. I’m sure they are going to make money off our information.”
Google isn’t being paid for the work for now, documents show, but Ascension is incurring costs as it trains its staff in the search giant’s systems, people familiar said. Google said Tuesday it wouldn’t disclose financials of the deal.
Google and Ascension have signed what is known as a business associate arrangement, which specifies when a health-care vendor can access patient data. Ascension retains ownership of the data, people familiar with the matter said. Neither Google nor Ascension would give details on who at Google can access data.
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
