Google has confirmed collecting Healthcare Data in a controversy that was fueled by The Washington Post report that the NIH (National Institutes of Health) stopped the company from posting over 100,000 human x-rays.
The report that was credited to a whistle-blower revealed that a program, dubbed Project Nightingale, involving Ascension – the Catholic health system with over 50 million medical records from healthcare providers, has Google working with U.S. healthcare systems to collect private medical data from millions of Americans.
Google claimed to have revealed its plans to use cloud data analytics to cull medical data from Ascension's patient information during a Q2 earnings call in July, though it was never mentioned as "Project Nightingale" during that call.
Albeit, the x-rays were part of Google's 2017 joint project with the NIH, but the agency discovered that the images contained some personally identifiable information (PII) of patients.
While Google has an Agreement with Ascension, who governs access to the Protected Health Information (PHI) for helping providers support patient care, irrespective of the legality, the sheer collection of private medical data without the individuals approval has raised criticism from patients and lawmakers who have demanded federal inquiry into the practice.
It is common knowledge that several healthcare providers are storing patient medical data for analytics purposes in the cloud, with services like Amazon Web Services, Google Cloud and Microsoft's Azure. However, the current controversy means that Google or any of the other tech companies can't be trusted with such sensitive information.
Notwithstanding, the U.S. HIPAA rules allowed a multi-billion-dollar market in the anonymized patient medical data in recent years, with many firms collecting and data-mining millions of patients.
Also, Apple collects data from users of its smartwatches as part of a gynecological study with the NIH aimed at improving fertility and early disease detection.