Congress asks Google, Ascension for answers on patient data project

Google and Ascension, the nation’s largest Catholic health system, will have to answer questions about their project that allows Google to collect the health information of millions of patients after Congress sent a letter to the companies.

News reports about the partnership between the two companies, which was dubbed Project Nightingale, prompted privacy concerns and criticism.

The House Committee on Energy and Commerce requested briefings from both companies, with the letter signed by Chairman Frank Pallone, Jr. (D-NJ), Health Subcommittee Chairwoman Anna G. Eshoo (D-CA), Oversight and Investigations Subcommittee Chair Diana DeGette (D-CO), and Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL).

The members specifically cite “privacy concerns” about Project Nightingale. Both companies published blog posts once news of the partnership became public. The story was first reported by The Wall Street Journal.

“Longstanding questions related to Google’s commitment to protecting the privacy of its own users’ data raise serious concerns about whether Google can be a good steward of patients’ personal health information,” the committee wrote. “Additionally, despite the sensitivity of the information collected through Project Nightingale, reports indicate that employees across Google, including at its parent company Alphabet, have access to, and the ability to download, the personal health information of Ascension’s patients.”

The briefings are requested to Congress by Dec. 6, including what data is being shared with Google about Ascension patients, how that data is being shared and used, the extent to which employees and Google and its parent company Alphabet have access to the information, the extent to which patients were informed their data was shared, and steps being taken to ensure privacy and security of patient data.

Privacy laws under Health Insurance Portability and Accountability Act do not require healthcare providers to share with patients when their health information is shared under some circumstances, but the issue still created some concern.

“Concerns have also been justifiably raised about Ascension’s decision not to notify its patients that their information would be shared with Google or how their information would be used,” the letter reads.

Google and Ascension have both denied that patient data could be used for marketing or research purposes by Google. However, the patient information does contain personal, identifiable information of patients, such as names and birthdates, the WSJ reported.

“Ascension doctors and nurses are working with Google to test a secure clinical search capability that will bring the information within a patient’s entire medical record to our clinician’s fingertips,” Eduardo Conrado, executive vice president, strategy and innovations, Ascension, wrote in a post Nov. 19.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

With generative AI coming into its own, AI regulators must avoid relying too much on principles of risk management—and not enough on those of uncertainty management.

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

Trimed Popup
Trimed Popup