Is Your Medical Data At Risk? – Part Two
As a follow-up to our previous article, “Is Your Medical Data At Risk? – Part One,” we now examine how personal health information could be used in the hands of technology companies outside of the medical industry.
Google’s partnership with Ascension, dubbed “Project Nightingale,” has raised a lot of concerns over the safety of personal health information (The Wall Street Journal, 2019), especially since the tech company has already paid $170 million in fines due to violating privacy laws (The New York Times, 2019).
Representatives from Google and Ascension have said the medical data will be used solely to develop software that will make suggestions for patient care. The information will be stored in a private space in Google’s cloud platform, where it won’t be combined with any other consumer data for advertising purposes (The Wall Street Journal, 2019). But, with more technology companies entering the healthcare industry, who’s to stop them from using private medical data to affect insurance premiums, or deliver targeted ads based on health conditions?
Ascension has confirmed that the deal is in compliance with regulations for data handling, but at least a few Ascension employees working on the project have voiced concerns over Google employees downloading patient data, as well as if Google’s software that analyzes the health information complies with HIPAA, reveals internal documents (The New York Times, 2019).
The HIPAA regulations that safeguard health data no longer apply once the personal identifying information has been removed, known as “de-identification,” making it even easier for companies and providers to use the data as they choose. However, Google says their agreement with Ascension does not allow for de-identification.
Data breaches pose another security risk to sensitive medical information, especially since they are extremely prevalent, and the healthcare sector is not immune. In 2018, 15 million patient records were breached, with that number increasing to 25 million this year, according to the Protenus Breach Barometer (Xtelligent Healthcare Media, 2019). The data breaches affected American Medical Collection Agency, Dominion National, Inmediata Health Group, among others, stealing personal information, demographics, medical claims data, and more.
Google has had its fair share of data breaches and security threats. The company shut down its Google Plus service last year after uncovering a security vulnerability that may have put thousands of users at risk (Experian, 2018). A coding glitch in the program granted third-party applications access to names, emails, occupations, genders, and ages of Google Plus users without their knowledge or permission. But, the troubles didn’t stop there – user data from 52.5 million accounts were exposed after an additional bug in a Google Plus API was discovered late last year (WIRED, 2019).
We will continue to monitor Project Nightingale and other tech companies’ emergence into the healthcare sector, and provide updates on how personal medical information will be used going forward.