In the world of big data, data mining, whether transparent or surreptitious, no longer comes as a shock. But when The Wall Street Journal broke the news that Google could have snooped through patients’ medical records quite possibly without permission, people finally took notice. So what exactly is going on?
Fears started to surface when Google went public with its partnership with a major US hospital network, Ascension. On the surface, the partnership seemed benign. It was just a way for Ascension to use tools that help make sense of information about patients while providing doctors with quick access to medical records.
But that was not the end of it. The waters started to turn murky when the Journal revealed days before the tech giant’s public announcement that the partnership, inked in secret, already existed a lot longer than what Google would like the public to believe. Code-named “Project Nightingale,” the Journal reports that it was already a done deal as early as last year with the move granting Google access to health-related data of millions of Americans that Ascension, the second-largest health care system in the US, services. Data include lab results, medical diagnoses, health and hospitalization records, patients’ names, even their dates of birth.
This bombshell report sent shockwaves to privacy wary masses. From monetising personal data to creating more lucrative AI tools, the impact of such access knows no bounds.
But some are saying it is not as troubling as the public perceive it to be. CNBC reports that they have spoken to anonymous sources privy to the details of the partnership and they say that both companies signed “an industry-standard agreement that allows the hospital to share protected health information with Google as long as this information is used only for treating patients.” They also said that, for the most part, the partnership detailed Ascension’s preferred use of Google’s G Suite set of productivity tools.
Is this enough to allay the fears of surreptitious data mining and other potential data access-related abuses? If the current reactions online and offline are used as a barometer, it certainly is not. In the same CNBC report, another source came out saying that Google may have been using tools that are “not compliant with HIPAA privacy standards.” HIPAA standards are rules that govern how health information is transferred and shared.
As Google faces an uphill battle when it comes to gaining public trust, it would seem that their USD3.5 trillion acquisition of fitness tracker Fitbit and another deal with Mayo Clinic are somehow ill-timed. Judging from the overwhelmingly negative reaction to this Google-Ascension partnership, it proves that anything medical-related is deemed sensitive hence a headache when it comes to security and privacy.
It also does not help that Google has all but clammed up. Most news outlets report that Google has yet to address the issue outright, only expressing responses pertaining to their current tools that are, in fact, HIPAA-compliant. They remain tight-lipped, however, when it comes to the Ascension deal.
Will Google’s seeming tactic of waiting for the storm to calm down (which is usual for practically anything) work for them as it has before? It would seem that way. One thing’s for certain, however. This is the new normal and if oversight yields, the world will face a future where data is readily accessible for the highest bidder and privacy and security will be relegated into a mere footnote.
And that is a chilling outcome, indeed.