Slides and videos from our February 2024 research update for Artificiality Pro
Google and health data
Why the outcry?
This week, the WSJ published a story about Google gathering the personal health data of millions of Americans. Everyone jumped on the story, many were “shocked” and now there’s a federal inquiry into whether Google and the hospital system involved, Ascension, are fully compliant with US privacy law as it relates to health data. This is a fully loaded subject, with an article in The Guardian “I'm the Google whistleblower. The medical data of millions of Americans is at risk.”
Now if you’re a Google or an Ascension exec, or if you are an engineer or a doctor or a nurse involved in the project, the outcry may be perplexing. US law stipulating how health data are shared (HIPAA), is rigorous. It would be insanity to think that these regulations would have been consciously circumvented.
HIPAA makes it clear that data can be shared if it’s to be used for treatment, payment or operational improvement. The partnership between Google and Ascension is formalized under an arrangement called a Business Associate Agreement, which is a well-trodden path in the health industry. The BBA makes it clear for what purposes the data can be used and Google has explicitly stated that it will not use the data for selling advertising. Google even says “patient data cannot and will not be combined with any Google consumer data.” That’s a fairly clear signal upfront that Google won’t be adding this data directly into the AI that powers advertising.
Perhaps even more important is that this was far from secret; Google’s CEO explicitly called it out in its second quarter earnings call. “Google Cloud’s AI and ML solutions are also helping healthcare organizations like Sanofi accelerate drug discovery and Ascension improve the healthcare experience and outcomes.”
So it’s clear there was no secret “hoovering up” of American’s health data. So why the outcry?