TechViews News …..
Lawyers, medical professionals and tech experts have reacted with a mixture of horror and fury after it emerged that Google has been secretly acquiring sensitive medical data on millions of people without their knowledge or consent.
Questions were immediately raised around the ethics of the data-gathering operation – code-named Project Nightingale – as well as the security of patient data after the program was first reported in November 2019. A simple online search for ‘Project Nightingale’ gives an alarming amount of information on how this data violates our most sensitive privacies.
Others called for an immediate change to privacy laws after Google and Ascension, the healthcare organization it has partnered with, boasted that the scheme is completely legal.
Dr. Robert Epstein, an author, medical researcher and former editor-in-chief at Psychology Today, summed up the mood when he tweeted: ‘You can’t make this s*** up. #BeAfraid.’
Dr Epstein was one of a host of figures to speak out after it was revealed Google has been gathering patient data from Ascension, America’s second-largest health system, since last summer.
The data includes names, dates of birth, lab results, doctor diagnoses and hospitalization records on ‘tens of millions of patients’, according to a research article in the Wall Street Journal, which first exposed the story.
Neither doctors nor patients were informed that the data-gathering was taking place or given the chance to opt-out.
Following the report, both companies put out press releases acknowledging the partnership, insisting it was designed to ‘improve patients outcomes’, and that it complied with all existing privacy laws.
Google even commented that it was gathering the personal medical data for two purposes. First – was to add it to the individual profiles that it is building on everyone that has a Google account. And second – it catalogued the personal medical information to sell to advertisers to “better provide Google services to its customers”.
Chris Vickery, director of cyber risk research for security firm UpGuard, was among those calling for an immediate change to the law.
He tweeted: ‘Lawmakers need to, right now, put some teeth in the consequences for future abuse of this data.
‘It’ll happen if it is not already happening. Put them on notice. Add in mandatory minimum prison time for execs and other employees responsible for any abuses.’
Walt Mossberg, a former technology columnist for the Wall Street Journal and now a leading voice in the industry, added: ‘This is why (a) we need a federal privacy law and (b) can’t be trusted and (c) neither can some giant hospital networks.
‘Note that patients were in the dark and consent wasn’t obtained.’
Civil rights attorney Harmeet Dhillon reacted with alarm, tweeting: ‘Wow — this is downright alarming. Do you trust Google with your blood test results, diagnoses, sensitive health information? We know Google vacuums up personal information to add to the individual profiles it’s building on us, but there is absolutely no reason to add medical data to our profiles.’
Concern over the revelation spanned the political spectrum, with elected officials from both parties expressing their apprehension over Google’s data gathering.
‘This abuse is beyond shameful,’ wrote Senator Richard Blumenthal, a Democrat from Connecticut. ‘Blatant disregard for privacy, public well-being, & basic norms is now core to Google’s business model.’
Republican Senator Marsha Blackburn of Tennessee said that it was ‘troubling’ that millions of patients were learning for the first time of Google’s deal to access their health records.
One Twitter user, going only by the handle Irenes and claiming to be a former Google worker, offered additional insights.
‘This is scary. HIPAA (the law covering patient privacy) wasn’t written with privacy protection as its main goal, it’s a lot more permissive than people realize.
‘The fact that so many people seem to feel as though this ought to be a HIPAA violation really highlights the gap between public understanding, and what the law actually says.
‘The law should be much, much stronger – that’s the real story here.’
Julie Rovner, chief health correspondent for Kaiser Health News, added: ‘1) this is apparently perfectly legal. 2) What could possibly go wrong?’
Meanwhile others pointed out that the news puts Google’s recent acquisition of Fitbit in an entirely new light.
At the time of the acquisition, many of Fitbit’s 28 million users announced they were throwing their devices away for fear of Google getting its hands on sensitive medical information.
Tiffany C. Li, an attorney and legal scholar working in tech and privacy, wrote simply: ‘How’s that Fitbit acquisition looking now?’
Hugh Langley, editor of two smart tech publications, added: ‘*This* is why Google bought Fitbit.
‘The big picture is about getting closer to patients, not to expand its product line.
‘The deal is already under a lot of scrutiny by some regulators – this story validates those concerns.’
Health Insurance Portability and Accountability Act (HIPAA) allows hospitals to share patients’ medical data with business partners on the condition that it is used to ‘help the entity carry out its healthcare functions.’
‘By working in partnership with leading healthcare systems like Ascension, we hope to transform the delivery of healthcare through the power of the cloud, data analytics, machine learning, and modern productivity tools—ultimately improving outcomes, reducing costs, and saving lives,’ said Google Cloud President Tariq Shaukat in a statement.
WSJ gives more information, saying that Google’s end goal is to broaden the categories of personal information it collects on its users.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.