Three U.S. senators are demanding that Google account for the company’s reported efforts to obtain the health records of millions of Americans without their awareness or consent.
Senators Richard Blumenthal (D-Conn.), Bill Cassidy (R-La.) and Elizabeth Warren (D-Mass.) wrote a letter to Google this week in response to a Wall Street Journal piece published earlier this month that detailed Project Nightingale—a business partnership that began in secret last year—in which the tech giant has been reportedly developing and managing the infrastructure of healthcare provider Ascension.
“We write with concern over reports that Ascension has entered into a partnership that provides Google with the health records of tens of millions of Americans without their awareness or consent,” states the letter. “Health information and records of medical care are exceptionally sensitive information that, when mishandled, expose patients to embarrassment, discrimination, exploitation and other harms. Based on prior privacy violations and security failures from the company, we have substantial concerns about how Google will handle patient data and use health records for other purposes.”
The three senators demand that Google provide answers to 17 questions raised in their letter on how such a vast amount of private, personal health data was surreptitiously collected, as well as how the company plans to use it. They want a written response from the company by December 6.
“Access to tens of millions of patient records provides Google with an immense resource to build artificial intelligence systems and other tools that could be used elsewhere in the health sector and advertising markets,” warn the senators. “Reports of Google’s collection of personal health data raise additional red flags in light of recent news that Google is attempting to acquire FitBit, amidst a federal antitrust investigation.”
However, Google insists that its partnership with Ascension adheres to strict regulations on the handling patient data.
“Our business associate agreement with Ascension ensures their patient data cannot be used for any other purpose than for providing our services—this means it’s never used for advertising,” wrote Head of Google Health David Feinberg, MD, in a blog post on Wednesday.
“To ensure that our tools are safe for Ascension doctors and nurses treating real patients, members of our team might come into contact with identifiable patient data,” added Feinberg. “Because of this, we have strict controls for the limited Google employees who handle such data.”
While a limited number of screened and qualified Google staff may be exposed to real data, according to Feinberg these employees undergo HIPAA and medical ethics training—and, they are “individually and explicitly approved by Ascension for a limited time.”