Google and Ascension – a healthcare company operating 150 hospitals across 20 states and the District of Columbia – have partnered to store and analyze healthcare records for millions of people. The two companies say it’s a push to improve medical services, but critics say that Google, which also bought Fitbit, is ready to aggregate and analyze millions of data points that it has no business seeing.
Although Google Cloud executive Tariq Shaukat insists that the deal – dubbed Project Nightingale – is perfectly legal, not everyone agrees. Part of the controversy surrounds the fact that the data isn’t anonymized. Google and Ascension can see exactly which records belong to which patients. That means every ailment, every prescription and every doctor’s visit you’ve ever made will be available to Google if you’ve been at an Ascension hospital facility.
“All of Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and come [sic] with strict guidance on data privacy, security and usage,” Shaukat wrote.
This deal with Ascension, in conjunction with Google’s acquisition of Fitbit, has critics railing. The Fitbit acquisition is another matter; some experts believe that Google will use Fitbit data to sell products to users.
Google and Fitbit both claim that Fitbit health data won’t be mined for Google ads, but the company’s track record suggests otherwise. In 2012 and 2013, Google paid almost $40 million to settle charges that it lied to users about how it would track online behavior after it purchased the DoubleClick ad platform. Sure, that’s a slap on the wrist for a huge company like Google – and it likely doesn’t matter much in the grand scheme of things – but their track record does matter.
“These promises about what they’re going to do with data in the context of merger approvals deserve absolutely no weight,” said Sally Hubbard, director of enforcement strategy at the Open Markets Institute, which fights against monopolies all over the United States. “Especially when you’re talking about a company that has persistently violated the privacy laws, been repeatedly fined – a persistent recidivist when it comes to privacy violations.”
In fact, this year alone, Google has been fined over $170 million because its subsidiary, YouTube, has illegally tracked underage users.
With Google’s Project Nightingale, there’s no way for a patient to opt out of his or her records being shared with Google. Because Google and Ascension have the monopoly on these records and the tech they’re using to analyze them, patients have no choice.
“There’s no agency from the patient to say, ‘No, I don’t accept this,’” said Hubbard. “If they are a monopoly provider and they’re not giving them any options, patients can’t say, ‘I’m going to go to another healthcare provider.’” That may also be true for your Fitbit data, which Google is likely to combine with your health records.
What Do You Think?
Now that large companies are buying up access to data – even the most private health data – is there any hope of consumer privacy left? I’d love to hear your thoughts on this, so please share your opinion on my Facebook page or on Twitter.