Google Challenged For Collecting American Health Data

The US Department of Health and Human Services is launching an inquiry into Google's partnership with giant US healthcare organisation named Ascension. The healthcare deal is a major win for Google's cloud business, Google Cloud, but it has immediately raised concerns over the level of access Google will have to patient data. 

Google and the Ascension health system have been secretly working together on a project to store and analyse millions of patient medical records. Ascension is transferring the personal and medical information of 50 million

Ascension patients onto Google's cloud network. Ascension is a faith-based healthcare provider and operates 2,600 healthcare centers, including 150 hospitals and 50 aged care centers, across 20 states and DC.

Both Google and Ascension claim they are fully compliant with Health Insurance Portability and Accountability Act (HIPAA), the US federal law governing the security and privacy of certain medical information. Hipaa allows hospitals to share data with business partners, without gaining the consent of patients or doctors, if it's for the purpose of improving healthcare services.

The healthcare data on tens of millions of patients can reportedly be accessed by 150 Google employees under what the two organisations call Project Nightingale.  

News of the deal has caught the attention of Department of Health and Human Services' Office for Civil Rights and it has said it will launch an investigation that "will seek to learn more information about this mass collection of individuals' medical records to ensure that Hipaa protections were fully implemented".  

Google says Project Nightingale is nothing more than a codename that Ascension and Google are using for the project. The code name is probably a nod to Florence Nightingale, a 19th century equivalent of today's data scientist who pioneered statistical methods during the Crimean War of the 1850s to improve hygiene and healthcare at hospitals. Google also says the deal is not a secret and that Google CEO Sundar Pichai flagged its partnership with Ascension in in July.

Pichai was informing investors about Google Cloud wins using artificial intelligence and machine learning to tackle the healthcare sector, which AWS and Microsoft are also targeting with cloud-based AI products.  

"Google Cloud's AI and ML solutions are helping healthcare organisations like Ascension improve the healthcare experience and outcomes," Pichai, said.  

Google contends that the partnership with Ascension is compliant with HIPPA rules claiming that the data is "logically siloed", meaning it is not kept on physically separate servers but "housed within a virtual private space and encrypted with dedicated keys". 

Google emphasises that the data is not used to sell ads. "Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads."

It's also keeping logs of anyone who accesses Ascension data and says the systems Google Cloud is using for the Ascension partnership are subject to external audits for compliance with ISO 27001 certification.  According to Google, Ascension approved Google employees to handle health data is because the data is "very complex and non-standardised", which means "we need to configure and tune our processing systems to ensure correct product operations and patient safety".

STAT:        ZDNet:           Business Insider:       Guardian

You Might Also Read:

Google Technology To Treat UK Health Service Patients:

Google Wants Your Medical Records:

 

« A Cyber Security Audit
Britain’s Cybersecurity Skills Gap »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Atlas Systems

Atlas Systems

Atlas Systems helps companies large and small accelerate their digital transformation journeys – expanding their capabilities and delivering tailored solutions including cybersecurity.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.