Google’s secret cache of medical data includes names and full details of millions – whistleblower
As the movement for data privacy gains momentum, yet another whistleblower complaint shows how big tech may be disregarding laws to gain access to personal data that can be used to further its business interests. Google’s parent Alphabet has been pursuing ways to use Artificial Intelligence to improve healthcare delivery and outcomes, including its acquisition earlier this week of Fitbit. However, this time the whistleblower has accused Google of illegally gaining access to more than 50m patients’ personal medical information, allegedly in its bid “to sell or share the data with third parties, or create patient profiles against which they can advertise healthcare products.”
“The anonymous whistleblower has posted a video on the social media platform Daily Motion that contains a document dump of hundreds of images of confidential files relating to Project Nightingale. The secret scheme, first reported by the Wall Street Journal, involves the transfer to Google of healthcare data held by Ascension, the second-largest healthcare provider in the US. The data is being transferred with full personal details including name and medical history and can be accessed by Google staff.
… Project Nightingale is understood to be by far the largest data transfer of its kind so far in the healthcare field. It will cover the entire spread of Ascension, a Catholic network of 2,600 hospitals, clinics and other medical outlets. Google has entered into similar partnerships on a much smaller scale with clients such as the Colorado Center for Personalized Medicine. But in that case all the data handed over to the search giant was encrypted, with keys being held only on the medical side.
The deal between Google and Ascension to go ahead with the data transfer was formally signed on Monday, hours after the Wall Street Journal broke the story.
The Guardian does not know the identity of the whistleblower. They are one of about 300 employees working on Project Nightingale, approximately half on the Google side and half with Ascension.
… Google Cloud told the Wall Street Journal that the aim was “ultimately improving outcomes, reducing costs, and saving lives”. In a statement, Ascension said: “All work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling.” In the video, the whistleblower begs to disagree. In annotations that run over the
leaked documents, they suggest that in future Google might be able to sell or share the data with third parties, or create patient profiles against which they can advertise healthcare products. “Patients haven’t been told how Ascension is using their data and have not consented to their data being transferred to the cloud or being used by Google. At the very least patients should be told and be able to opt in or opt out,” the whistleblower writes.”