Reports: Ascension, Google Ramp Up Work on ‘Secret’ Health Data Project Without Patient Consent

Nov. 12, 2019
Google employees already have access to data on tens of millions of patients, according to the Wall Street Journal

Google and Ascension—the largest nonprofit health system in the U.S.—are working on a project that aims to leverage the tech giant’s search and artificial intelligence (AI) capabilities to analyze health data for millions of Ascension patients, according to multiple media reports.

The Wall Street Journal first reported on Nov. 11 that the initiative, “code-named ‘Project Nightingale,’ appears to be the biggest effort yet by a Silicon Valley giant to gain a toehold in the healthcare industry through the handling of patients’ medical data,” noting that while Amazon and Microsoft have made aggressive pushes into healthcare, those endeavors have not been at this scope.

The collaboration between Google and the St. Louis-based Ascension, the largest Catholic health system in the world with facilities in 23 states and the District of Columbia, actually began last year as a secret, according to the WSJ. “The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth,” according to the report.

A Forbes report, meanwhile, noted that the project involves "Ascension moving patient records onto Google’s cloud servers and includes a search product that allows Ascension healthcare providers to see an ‘overview page’ about their patients. The page includes complete patient information as well as notes about patient medical issues, test results and medications, including information from scanned documents, according to presentations viewed by Forbes.”

Ultimately, the idea is that when a patient checks into a healthcare facility and has an examination, his or her data would be inputted into the health system’s EHR, and then instantly transferred to the Google Cloud, at which point the “Project Nightingale” system could analyze all of the patient data available to it and suggest personalized changes to the individual's care—which may include treatment plans, new tests, modifications to the number of care providers on a patient’s team, as well as flagging unusual deviations in care.

What are Google and Ascension saying?

Following the WSJ reporting, both Google and Ascension released statements that did not reveal great detail about the work—particularly as it relates to the medical record data element—but the companies did make clear that “All work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling,” according to a press release from the provider.

Google, meanwhile, noted in a blog post, “Our work with Ascension is a business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers. These organizations, like Ascension, use Google to securely manage their patient data, under strict privacy and security standards. They are the stewards of the data, and we provide services on their behalf.”

Google officials also stated that “Some of the solutions we are working on with Ascension are not yet in active clinical deployment, but rather are in early testing. This is one of the reasons we used a code name for the work—in this case, ‘Nightingale.’”

Concerns around patient privacy

Indeed, a key question stakeholders already have centers around patient privacy as big tech companies these days continue to take heat for not doing enough to protect user information.

The WSJ reported that “neither patients nor doctors have been notified [about this initiative]. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter and the documents.”

The report further noted that “Some Ascension employees have raised questions about the way the data is being collected and shared, both from a technological and ethical perspective, according to the people familiar with the project.”

However, both Google and Ascension, in their public statements, attest that their work is compliant under federal law. Some folks have pointed out that because Google and Ascension have a Business Associate Agreement (BAA), they are both covered entities under HIPAA, which generally allows providers to share data with those organizations they have BAAs with without requiring them to notify patients. At the same time, HIPAA mandates that the data be used “only to help the covered entity carry out its healthcare functions,” and some privacy advocates have taken issue with this element of the Google-Ascension project.

To this end, according to the WSJ, “Google and nonprofit Ascension have parallel financial motives. Google has assigned dozens of engineers to Project Nightingale so far without charging for the work because it hopes to use the framework to sell similar products to other health systems. Its end goal is to create an omnibus search tool to aggregate disparate patient data and host it all in one place, documents show.” The report added, “Ascension aims in part to improve patient care. It also hopes to mine data to identify additional tests that could be necessary or other ways in which the system could generate more revenue from patients, documents show.”

Nardev Ramanathan, an analyst at research firm Lux Research, believes that given the optics of this story, Google would be wise to keep in mind that data privacy and security are mission-critical in gaining wider trust and acceptance from all health stakeholders. Ramanathan notes in an email commentary that “Google's insatiable ambition to gain supremacy in healthcare without paying regard to this critical factor risks jeopardizing everything it has worked for to gain momentum in this space.”

Google, in its press release, clarified that it does has a BAA with Ascension, which governs access to protected health information (PHI) for the purpose of helping providers support patient care. “This is standard practice in healthcare, as patient data is frequently managed in electronic systems that nurses and doctors widely use to deliver patient care. To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data,” Google stated.

Just a few months ago, Google announced that it would be teaming up with another huge healthcare provider, Mayo Clinic, on a project that would use Google Cloud to secure and store Mayo Clinic's data, while working with Mayo Clinic to apply AI and other cloud computing technologies to solve complex healthcare problems. However, Mayo Clinic stressed that it would continue to control access and use of its patient data by using Google's cloud technologies, and that any data used to develop new technology would be stripped of any information that could identify individual patients, before it was sent to Google.

For the Ascension project, it appears as if the initiative is only ramping up, as reports have noted that the work has accelerated in recent months. According to the Forbes report, “Google’s search service has rolled out in at least one Ascension facility each in Florida and Texas, and Google plans to release the product in Ascension facilities in states including Michigan and Tennessee by the end of this year, the documents show.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?