Reveal of Google and Ascension's data project sparks federal privacy concerns

Google has been working with Ascension Health to layer its cloud-computing technologies into the expansive non-profit hospital system’s collection and analysis of patient data, through a previously under-the-radar project first reported by The Wall Street Journal this week.

Dubbed “Project Nightingale,” the year-old efforts were formally announced by the two companies in a press release shortly after the Journal’s report—amid concerns and federal inquiries into the data’s safekeeping, as well as patients’ consent for its use.

According to reports, the collaboration covers hospital records and identifying information such as names and birth dates from tens of millions of patients, as well as diagnoses and lab results. In its release, Ascension said the project complies with HIPAA as it looks to transition its legacy health IT infrastructure onto Google’s cloud platform, and includes the adoption of new artificial intelligence and machine learning tools designed to help improve clinical quality and patient safety.

“As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers,” Ascension’s executive vice president for strategy and innovations, Eduardo Conrado, said in the statement. “Doing that will require the programmatic integration of new care models delivered through the digital platforms, applications and services that are part of the everyday experience of those we serve.”

RELATED: Google, Mayo Clinic team up on patient data and AI healthcare research

However, members of Congress, as well as the Department of Health and Human Services, have expressed doubts and criticism about the project’s impact and scope—and, namely, how it has been carried out without informing doctors or patients.

HHS’ Office for Civil Rights “will seek to learn more information about this mass collection of individuals’ medical records to ensure that HIPAA protections were fully implemented,” Director Roger Severino said in a follow-up WSJ report.

While Ascension maintains ownership of its data, it has formed a business associate agreement with Google that allows the company to access protected patient records and health information under HIPAA.

RELATED: Google shells out $2.1B for Fitbit and its health-focused wearables

“That a health care provider could be furnishing sensitive health data, directly tied to patient names and dates of birth and without the knowledge or consent of doctors or patients, to Google should be deeply unsettling,” Sen. Mark Warner (D-Va.) said in a statement to The Hill.

In a Google blog post, Tariq Shaukat, president of the tech giant’s cloud-based industry products and solutions, wrote that the project follows federal regulations and strict guidance on data privacy, security and usage, and that the company would cooperate with any federal inquiry.

In addition, some of the joint efforts are “not yet in active clinical deployment, but rather are in early testing” and the basis of pilot projects, Shaukat said, such as tools to allow Ascension clinicians to access and view their patients’ relevant medical history.