Well, Big Tech is at it again. I have
previously written about Amazon's foray (here and here) into the healthcare industry,
but now it
is Google's turn. Google has recently partnered with Ascension, the nation's
second-largest healthcare provider, on a project that Google calls "Project
Nightingale." *
(This name comes from Florence Nightingale, not the picture of the beautiful
songbird above.)
The partnership offers Ascension access to Google's
vaunted cloud infrastructure and the full selection of Google Suite products.
What Google gains has the potential for a massive invasion of privacy regarding
50 million patient's personal health information (PHI) across 21 states.
Google and Ascension have signed a Business Associate Agreement, which would
allow PHI to be transferred from one entity to another with limits on the usage
of data. But with the Business Associate Agreement, neither party is obligated
to inform the 50 million people of the transfer of their PHI.
Google's
recent acquisition of FitBit, further complicates the speculation of how the
tech giant may use the data. The world of technical devices and apps that allow
consumers to track their health have few rules about the collection and
dissemination of private health data. The main concern is that Google will use
the PHI of the 50 million Ascension patients to test and develop new
technologies for FitBit, without the consent of Ascensions patients. Google has
publicly stated, "... Ascension's data cannot be used for any other purpose than
for providing these services we're offering under the agreement, and patient
data cannot and will not be combined with any Google consumer data."* But the concern
remains that Google will be within the Business Associate Agreement to use
the data collected from Ascension to increase its knowledge base. The question
is, can Google take the new information it learns from the Ascension acquisition
and apply it towards the learning and development for its FitBit
line?
This agreement has caught the eye of the Department of Health and
Human Services and the US Congress. Currently, the rules that would govern this
unique situation are not clear. Congress is presently entertaining a bipartisan
bill that will examine if during a BAA transfer of PHI should the public be
notified. When Ascension transferred the records of 50 million patients, the
doctors nor the patients knew anything about it until a whistleblower leaked the
agreement to the press. Additionally, once the transfer of data is complete,
should there be a mechanism in place to monitor the usage of the data. While the
government investigates whether or not Google or any other partner to a Business
Associate Agreement is complying with the HIPAA regulations, I believe they are
missing the elephant in the room.
"What does
Google plan to do with all of this data?"
From my research,
Google
has had access to
millions of patient's health records before the deal with Ascension. It was just
the scale of the transfer of PHI that caught the eye of the media, the
government, Congress, and the general public. The tech giant has partnered with
more than a dozen health care providers, which include the Cleveland Clinic, the
University of Chicago, and the Mayo Clinic.
While HIPAA will protect the
actual personal health information transferred, the learnings acquired from
Google's analysis of the data is not protected. Google has not made a secret of
the fact that they are working towards using their artificial intelligence (AI)
and machine learning (ML) to presume consumer medical conditions. Similar to
Amazon and Apple, Google has recognized that there is a fortune awaiting the
company that can predict a person's medical illness and market products and
services to that consumer before they know they are sick. In 2018, Google filed
a patent to identify medical conditions using artificial intelligence to analyze
the data gleaned from its tracking of consumer behavior while on the internet.
The AI filters through the raw data looking for keywords and then utilize ML to
conclude the potential for the consumer to display a medical condition within an
allotted time.
"Wait,
What?
As proof of concept, we need only to look at a study
done
by Facebook to identify specific medical illnesses by looking at a user's
Facebook posts.**
Some of the results were fairly obvious: posts including the keywords, drink,
drunk, and bottle were proven indicative of a person suffering from alcohol
abuse. Similarly, posts with the keywords, pain, crying, and tears were
indicative of depression. The study also surprisingly linked Facebook users'
posts with the words God, family, and prayer to diabetes in 25% of the cases,
which included those keywords.
I guess it is worth
asking again: What is
Google planning on doing with all of this data?
And as a
follow-up question.
Will we see
innovation from
the
acquirement of Ascension's Personal Health Information?
I
guess the only way to find
out will to
be to buy a new FitBit in a year or two and see.
- * Shaukat, Tariq. “Our Partnership with Ascension | Google Cloud Blog.” Google, Google, 11 Nov. 2019, https://cloud.google.com/blog/topics/inside-google-cloud/our-partnership-with-ascension.
- ** Merchant, Raina M., et al. “Evaluating the Predictability of Medical Conditions from Social Media Posts.” PLOS ONE, Public Library of Science, 17 June 2019, https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0215476#sec007.
Comments
Leave a Comment