Google Challenged For Collecting American Health Data

Uploaded on 2019-11-15 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Health & Welfare

The US Department of Health and Human Services is launching an inquiry into Google's partnership with giant US healthcare organisation named Ascension. The healthcare deal is a major win for Google's cloud business, Google Cloud, but it has immediately raised concerns over the level of access Google will have to patient data. 

Google and the Ascension health system have been secretly working together on a project to store and analyse millions of patient medical records. Ascension is transferring the personal and medical information of 50 million

Ascension patients onto Google's cloud network. Ascension is a faith-based healthcare provider and operates 2,600 healthcare centers, including 150 hospitals and 50 aged care centers, across 20 states and DC.

Both Google and Ascension claim they are fully compliant with Health Insurance Portability and Accountability Act (HIPAA), the US federal law governing the security and privacy of certain medical information. Hipaa allows hospitals to share data with business partners, without gaining the consent of patients or doctors, if it's for the purpose of improving healthcare services.

The healthcare data on tens of millions of patients can reportedly be accessed by 150 Google employees under what the two organisations call Project Nightingale.  

News of the deal has caught the attention of Department of Health and Human Services' Office for Civil Rights and it has said it will launch an investigation that "will seek to learn more information about this mass collection of individuals' medical records to ensure that Hipaa protections were fully implemented".  

Google says Project Nightingale is nothing more than a codename that Ascension and Google are using for the project. The code name is probably a nod to Florence Nightingale, a 19th century equivalent of today's data scientist who pioneered statistical methods during the Crimean War of the 1850s to improve hygiene and healthcare at hospitals. Google also says the deal is not a secret and that Google CEO Sundar Pichai flagged its partnership with Ascension in in July.

Pichai was informing investors about Google Cloud wins using artificial intelligence and machine learning to tackle the healthcare sector, which AWS and Microsoft are also targeting with cloud-based AI products.  

"Google Cloud's AI and ML solutions are helping healthcare organisations like Ascension improve the healthcare experience and outcomes," Pichai, said.  

Google contends that the partnership with Ascension is compliant with HIPPA rules claiming that the data is "logically siloed", meaning it is not kept on physically separate servers but "housed within a virtual private space and encrypted with dedicated keys". 

Google emphasises that the data is not used to sell ads. "Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads."

It's also keeping logs of anyone who accesses Ascension data and says the systems Google Cloud is using for the Ascension partnership are subject to external audits for compliance with ISO 27001 certification.  According to Google, Ascension approved Google employees to handle health data is because the data is "very complex and non-standardised", which means "we need to configure and tune our processing systems to ensure correct product operations and patient safety".

STAT:        ZDNet:           Business Insider:       Guardian

You Might Also Read:

Google Technology To Treat UK Health Service Patients:

Google Wants Your Medical Records:

 

« A Cyber Security Audit
Britain’s Cybersecurity Skills Gap »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

Lockton

Lockton

Lockton is the world’s largest privately owned insurance brokerage firm. Commercial services include Cyber Risk insurance.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Red Snapper Recruitment

Red Snapper Recruitment

Red Snapper Recruitment is a market leading staffing services provider to the law enforcement, cyber security, offender supervision and regulatory services markets.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.