Google Challenged For Collecting American Health Data

Uploaded on 2019-11-15 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Health & Welfare

The US Department of Health and Human Services is launching an inquiry into Google's partnership with giant US healthcare organisation named Ascension. The healthcare deal is a major win for Google's cloud business, Google Cloud, but it has immediately raised concerns over the level of access Google will have to patient data. 

Google and the Ascension health system have been secretly working together on a project to store and analyse millions of patient medical records. Ascension is transferring the personal and medical information of 50 million

Ascension patients onto Google's cloud network. Ascension is a faith-based healthcare provider and operates 2,600 healthcare centers, including 150 hospitals and 50 aged care centers, across 20 states and DC.

Both Google and Ascension claim they are fully compliant with Health Insurance Portability and Accountability Act (HIPAA), the US federal law governing the security and privacy of certain medical information. Hipaa allows hospitals to share data with business partners, without gaining the consent of patients or doctors, if it's for the purpose of improving healthcare services.

The healthcare data on tens of millions of patients can reportedly be accessed by 150 Google employees under what the two organisations call Project Nightingale.  

News of the deal has caught the attention of Department of Health and Human Services' Office for Civil Rights and it has said it will launch an investigation that "will seek to learn more information about this mass collection of individuals' medical records to ensure that Hipaa protections were fully implemented".  

Google says Project Nightingale is nothing more than a codename that Ascension and Google are using for the project. The code name is probably a nod to Florence Nightingale, a 19th century equivalent of today's data scientist who pioneered statistical methods during the Crimean War of the 1850s to improve hygiene and healthcare at hospitals. Google also says the deal is not a secret and that Google CEO Sundar Pichai flagged its partnership with Ascension in in July.

Pichai was informing investors about Google Cloud wins using artificial intelligence and machine learning to tackle the healthcare sector, which AWS and Microsoft are also targeting with cloud-based AI products.  

"Google Cloud's AI and ML solutions are helping healthcare organisations like Ascension improve the healthcare experience and outcomes," Pichai, said.  

Google contends that the partnership with Ascension is compliant with HIPPA rules claiming that the data is "logically siloed", meaning it is not kept on physically separate servers but "housed within a virtual private space and encrypted with dedicated keys". 

Google emphasises that the data is not used to sell ads. "Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads."

It's also keeping logs of anyone who accesses Ascension data and says the systems Google Cloud is using for the Ascension partnership are subject to external audits for compliance with ISO 27001 certification.  According to Google, Ascension approved Google employees to handle health data is because the data is "very complex and non-standardised", which means "we need to configure and tune our processing systems to ensure correct product operations and patient safety".

STAT:        ZDNet:           Business Insider:       Guardian

You Might Also Read:

Google Technology To Treat UK Health Service Patients:

Google Wants Your Medical Records:

 

« A Cyber Security Audit
Britain’s Cybersecurity Skills Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

ShieldIOT

ShieldIOT

ShieldIOT delivers a complete AI-powered security solution across any IoT device, application and network.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

Cysiv

Cysiv

Cysiv SOC-as-a-Service combines all the elements of an advanced, proactive, threat hunting SOC, with a managed security stack for hybrid cloud, network, and endpoint security.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.