Google Challenged For Collecting American Health Data

Uploaded on 2019-11-15 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Health & Welfare

The US Department of Health and Human Services is launching an inquiry into Google's partnership with giant US healthcare organisation named Ascension. The healthcare deal is a major win for Google's cloud business, Google Cloud, but it has immediately raised concerns over the level of access Google will have to patient data. 

Google and the Ascension health system have been secretly working together on a project to store and analyse millions of patient medical records. Ascension is transferring the personal and medical information of 50 million

Ascension patients onto Google's cloud network. Ascension is a faith-based healthcare provider and operates 2,600 healthcare centers, including 150 hospitals and 50 aged care centers, across 20 states and DC.

Both Google and Ascension claim they are fully compliant with Health Insurance Portability and Accountability Act (HIPAA), the US federal law governing the security and privacy of certain medical information. Hipaa allows hospitals to share data with business partners, without gaining the consent of patients or doctors, if it's for the purpose of improving healthcare services.

The healthcare data on tens of millions of patients can reportedly be accessed by 150 Google employees under what the two organisations call Project Nightingale.  

News of the deal has caught the attention of Department of Health and Human Services' Office for Civil Rights and it has said it will launch an investigation that "will seek to learn more information about this mass collection of individuals' medical records to ensure that Hipaa protections were fully implemented".  

Google says Project Nightingale is nothing more than a codename that Ascension and Google are using for the project. The code name is probably a nod to Florence Nightingale, a 19th century equivalent of today's data scientist who pioneered statistical methods during the Crimean War of the 1850s to improve hygiene and healthcare at hospitals. Google also says the deal is not a secret and that Google CEO Sundar Pichai flagged its partnership with Ascension in in July.

Pichai was informing investors about Google Cloud wins using artificial intelligence and machine learning to tackle the healthcare sector, which AWS and Microsoft are also targeting with cloud-based AI products.  

"Google Cloud's AI and ML solutions are helping healthcare organisations like Ascension improve the healthcare experience and outcomes," Pichai, said.  

Google contends that the partnership with Ascension is compliant with HIPPA rules claiming that the data is "logically siloed", meaning it is not kept on physically separate servers but "housed within a virtual private space and encrypted with dedicated keys". 

Google emphasises that the data is not used to sell ads. "Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads."

It's also keeping logs of anyone who accesses Ascension data and says the systems Google Cloud is using for the Ascension partnership are subject to external audits for compliance with ISO 27001 certification.  According to Google, Ascension approved Google employees to handle health data is because the data is "very complex and non-standardised", which means "we need to configure and tune our processing systems to ensure correct product operations and patient safety".

STAT:        ZDNet:           Business Insider:       Guardian

You Might Also Read:

Google Technology To Treat UK Health Service Patients:

Google Wants Your Medical Records:

 

« A Cyber Security Audit
Britain’s Cybersecurity Skills Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

Get Indemnity

Get Indemnity

Get Indemnity are specialist insurance brokers with experience working on a wide range of innovative business insurance products that combine risk management, indemnity and incident response services.

Stratosphere Networks

Stratosphere Networks

Stratosphere Networks offer managed cybersecurity services rooted in Managed Detection and Response and Security Operations Center services that our team can tailor to meet your needs.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.