Google Challenged For Collecting American Health Data

Uploaded on 2019-11-15 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Health & Welfare

The US Department of Health and Human Services is launching an inquiry into Google's partnership with giant US healthcare organisation named Ascension. The healthcare deal is a major win for Google's cloud business, Google Cloud, but it has immediately raised concerns over the level of access Google will have to patient data. 

Google and the Ascension health system have been secretly working together on a project to store and analyse millions of patient medical records. Ascension is transferring the personal and medical information of 50 million

Ascension patients onto Google's cloud network. Ascension is a faith-based healthcare provider and operates 2,600 healthcare centers, including 150 hospitals and 50 aged care centers, across 20 states and DC.

Both Google and Ascension claim they are fully compliant with Health Insurance Portability and Accountability Act (HIPAA), the US federal law governing the security and privacy of certain medical information. Hipaa allows hospitals to share data with business partners, without gaining the consent of patients or doctors, if it's for the purpose of improving healthcare services.

The healthcare data on tens of millions of patients can reportedly be accessed by 150 Google employees under what the two organisations call Project Nightingale.  

News of the deal has caught the attention of Department of Health and Human Services' Office for Civil Rights and it has said it will launch an investigation that "will seek to learn more information about this mass collection of individuals' medical records to ensure that Hipaa protections were fully implemented".  

Google says Project Nightingale is nothing more than a codename that Ascension and Google are using for the project. The code name is probably a nod to Florence Nightingale, a 19th century equivalent of today's data scientist who pioneered statistical methods during the Crimean War of the 1850s to improve hygiene and healthcare at hospitals. Google also says the deal is not a secret and that Google CEO Sundar Pichai flagged its partnership with Ascension in in July.

Pichai was informing investors about Google Cloud wins using artificial intelligence and machine learning to tackle the healthcare sector, which AWS and Microsoft are also targeting with cloud-based AI products.  

"Google Cloud's AI and ML solutions are helping healthcare organisations like Ascension improve the healthcare experience and outcomes," Pichai, said.  

Google contends that the partnership with Ascension is compliant with HIPPA rules claiming that the data is "logically siloed", meaning it is not kept on physically separate servers but "housed within a virtual private space and encrypted with dedicated keys". 

Google emphasises that the data is not used to sell ads. "Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads."

It's also keeping logs of anyone who accesses Ascension data and says the systems Google Cloud is using for the Ascension partnership are subject to external audits for compliance with ISO 27001 certification.  According to Google, Ascension approved Google employees to handle health data is because the data is "very complex and non-standardised", which means "we need to configure and tune our processing systems to ensure correct product operations and patient safety".

STAT:        ZDNet:           Business Insider:       Guardian

You Might Also Read:

Google Technology To Treat UK Health Service Patients:

Google Wants Your Medical Records:

 

« A Cyber Security Audit
Britain’s Cybersecurity Skills Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

ExactTrak

ExactTrak

ExactTrak provide embedded cyber security solutions for your digital devices – whenever and wherever you need them.

Apex iQ (ApexiQ)

Apex iQ (ApexiQ)

ApexiQ is a continuous asset assurance platform that empowers you with the confidence to make better data-driven decisions and take automated action to reduce your risk.