Is Your Medical Data At Risk?

Last Updated June 17, 2024

Is Your Medical Data At Risk?

Not much stays private in today’s increasingly digital world, and it seems even ultra-sensitive medical records may be at risk. Google is partnering with Ascension, the country’s second-largest hospital system. The partnership will allow the tech giant to store and analyze millions of medical data to improve healthcare services. Ultimately, Google will have access to full names, birth dates, illnesses, and treatments of Ascension’s patients (The New York Times, 2019).

YES HIM Consulting’s team of coding and auditing experts can help healthcare providers bridge the gap between patient data management and the growing digital storage strategies. Contact our team to discuss those options.

Google Announces Partnership

The eye-opening announcement forced many to wonder how this partnership will follow the legal regulations enforced by HIPAA. The legislation HIPAA, or the Health Insurance Portability and Accountability Act, protects patients’ confidential medical histories and data. And prevent any mishandling of information. Healthcare providers, insurance companies, and clearinghouses must abide by these laws. Individuals and organizations that do business on behalf of a medical provider are required to follow these privacy laws under a business associates agreement, according to the U.S. Department of Health & Human Services.

Although HIPAA has been amended to include regulations for the safeguarding and sharing of information digitally as new systems have entered the scene, the regulations are outpaced by technology and do not provide protections for what’s to come. Furthermore, HIPAA does not apply if the patient willingly shares his or her personal information with an organization or application. This is why several consumer-facing companies have been able to get away without signing a business associates agreement.

For example, Apple made it easier for patients to receive health information via iPhone by establishing an encrypted connection between the patient and provider. But Apple will not have access to these confidential records. Facebook created a healthcare tool that reminds consumers to set checkup appointments or tests. Fitness trackers, such as Fitbit, monitor heart rates, sleep cycles, food intake, and activity. And share that information with a user’s smartphone or computer.

Review These Insights

The introduction of technology and data analyzation in the healthcare realm is not new. Insights from machine learning are already utilized to provide better care in hospitals and clinics. Stanford University’s Center for Biomedical Informatics Research shares some of the insights they’ve discovered by studying 200 million health records of patients in their hospital system and outside sources (The Wall Street Journal, 2019). Their algorithms have been able to predict which patients are most likely to die within a three- to 12-month period. And compare patients’ data and blood work to make recommendations for certain checkups and treatments.

In a previous article on our blog, YES HIM Consulting explored how healthcare providers are continuously refining and developing their processes by implementing digital project management systems to improve patient care, reduce costs and elevate the patient’s overall experience and satisfaction. There’s no doubt that technology has improved healthcare services and made the entire experience easier for both patients and providers.

But, when companies who don’t fall under HIPAA’s protection acquire sensitive medical data and information, what are the risks? How will they use this data?

Concerns Over Safety of Medical Data

Google’s partnership with Ascension, dubbed “Project Nightingale,” has raised a lot of concerns over the safety of personal health information (The Wall Street Journal, 2019), especially since the tech company has already paid $170 million in fines due to violating privacy laws (The New York Times, 2019).

Representatives from Google and Ascension say the medical data will help develop software that will make suggestions for patient care. Google’s cloud platform will store the information in a private space, and it won’t combine it with any other consumer data for advertising purposes (The Wall Street Journal, 2019). But, with more technology companies entering the healthcare industry, who’s to stop them from using private medical data to affect insurance premiums, or deliver targeted ads based on health conditions?

Ascension has confirmed that the deal is in compliance with regulations for data handling, but at least a few Ascension employees working on the project have voiced concerns over Google employees downloading patient data, as well as if Google’s software that analyzes the health information complies with HIPAA, reveals internal documents (The New York Times, 2019).

HIPAA Regulations

Once companies and providers remove personal identifying information, known as “de-identification,” HIPAA regulations that safeguard health data no longer bind them, making it even easier for them to use the data as they choose. However, Google says their agreement with Ascension does not allow for de-identification.

What Are the Risks?

Data breaches pose another security risk to sensitive medical information, especially since they are extremely prevalent, and the healthcare sector is not immune. In 2018, 15 million patient records were breached, with that number increasing to 25 million this year, according to the Protenus Breach Barometer (Xtelligent Healthcare Media, 2019). The data breaches affected American Medical Collection Agency, Dominion National, Inmediata Health Group data breach, among others, stealing personal information, demographics, medical claims data, and more.

Google has had its fair share of data breaches and security threats. The company shut down its Google Plus service last year after uncovering a security vulnerability that may have put thousands of users at risk (Experian, 2018). A coding glitch in the program granted third-party applications access to names, emails, occupations, genders, and ages of Google Plus users without their knowledge or permission. But, the troubles didn’t stop there. User data from 52.5 million accounts were exposed after an additional bug in a Google Plus API was discovered late last year (WIRED, 2019).

We will keep a close eye on how tech companies, including Project Nightingale, are entering the healthcare sector and how they plan to use personal medical information going forward. We’ll provide updates as we learn more.

Is Your Medical Data At Risk?