Google and Ascension, the nation’s largest Catholic health system, will have to answer questions about their project that allows Google to collect the health information of millions of patients after Congress sent a letter to the companies.
News reports about the partnership between the two companies, which was dubbed Project Nightingale, prompted privacy concerns and criticism.
The House Committee on Energy and Commerce requested briefings from both companies, with the letter signed by Chairman Frank Pallone, Jr. (D-NJ), Health Subcommittee Chairwoman Anna G. Eshoo (D-CA), Oversight and Investigations Subcommittee Chair Diana DeGette (D-CO), and Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL).
The members specifically cite “privacy concerns” about Project Nightingale. Both companies published blog posts once news of the partnership became public. The story was first reported by The Wall Street Journal.
“Longstanding questions related to Google’s commitment to protecting the privacy of its own users’ data raise serious concerns about whether Google can be a good steward of patients’ personal health information,” the committee wrote. “Additionally, despite the sensitivity of the information collected through Project Nightingale, reports indicate that employees across Google, including at its parent company Alphabet, have access to, and the ability to download, the personal health information of Ascension’s patients.”
The briefings are requested to Congress by Dec. 6, including what data is being shared with Google about Ascension patients, how that data is being shared and used, the extent to which employees and Google and its parent company Alphabet have access to the information, the extent to which patients were informed their data was shared, and steps being taken to ensure privacy and security of patient data.
Privacy laws under Health Insurance Portability and Accountability Act do not require healthcare providers to share with patients when their health information is shared under some circumstances, but the issue still created some concern.
“Concerns have also been justifiably raised about Ascension’s decision not to notify its patients that their information would be shared with Google or how their information would be used,” the letter reads.
Google and Ascension have both denied that patient data could be used for marketing or research purposes by Google. However, the patient information does contain personal, identifiable information of patients, such as names and birthdates, the WSJ reported.
“Ascension doctors and nurses are working with Google to test a secure clinical search capability that will bring the information within a patient’s entire medical record to our clinician’s fingertips,” Eduardo Conrado, executive vice president, strategy and innovations, Ascension, wrote in a post Nov. 19.