Tech giant Google continues to face criticism for the company’s reported efforts to obtain the health records of millions of Americans without their awareness or consent.
A Wall Street Journal article published on Saturday, entitled “Inside Google’s Quest for Millions of Medical Records,” reported how the vendor has struck deals with some of the largest U.S. healthcare providers as part of a concerted effort gain access to troves of patient data.
“In just a few years, the company has achieved the ability to view or analyze tens of millions of patient health records in at least three-quarters of U.S. states, according to a Wall Street Journal analysis of contractual agreements,” states Saturday’s WSJ piece.
“In certain instances, the deals allow Google to access personally identifiable health information without the knowledge of patients or doctors,” according to the story. “The company can review complete health records, including names, dates of birth, medications and other ailments, according to people familiar with the deals.”
However, in a written statement, a Google spokesperson denied the WSJ’s allegations.
“Claiming that Google has access to millions of health records is highly misleading,” the spokesperson insisted. “Healthcare customers own their data, and we can only process it according to their instructions.”
Nonetheless, according to Saturday’s WSJ article, about a year ago Google attempted to gain access to 250 million health records from healthcare IT vendor Cerner.
“Google offered health-data company Cerner Corp. an unusually rich proposal,” reports the WSJ story. “Google dispatched former chief executive Eric Schmidt to personally pitch Cerner over several phone calls and offered around $ 250 million in discounts and incentives, people familiar with the matter say.”
The piece details how Schmidt’s overtures were in response to Cerner “interviewing Silicon Valley giants to pick a storage provider for 250 million health records, one of the largest collections of U.S. patient data.” However, the WSJ noted that ultimately Cerner struck a storage deal with Amazon, not Google.
Cerner was not immediately available for comment.
Still, an earlier WSJ article published on November 11, 2019, detailed Project Nightingale—a business partnership that began in secret last year—in which Google has been reportedly developing and managing the infrastructure of healthcare provider Ascension.
In response to that WSJ piece, Senators Richard Blumenthal (D-Conn.), Bill Cassidy (R-La.) and Elizabeth Warren (D-Mass.) wrote a letter to Google demanding that the tech giant provide answers to 17 questions about how such a vast amount of private, personal health data was surreptitiously collected—as well as how the company plans to use it.
“We write with concern over reports that Ascension has entered into a partnership that provides Google with the health records of tens of millions of Americans without their awareness or consent,” stated the senators’ letter. “Health information and records of medical care are exceptionally sensitive information that, when mishandled, expose patients to embarrassment, discrimination, exploitation, and other harms. Based on prior privacy violations and security failures from the company, we have substantial concerns about how Google will handle patient data and use health records for other purposes.”
The senators also warned that “reports of Google’s collection of personal health data raise additional red flags in light of recent news that Google is attempting to acquire Fitbit” while charging that “access to tens of millions of patient records provides Google with an immense resource to build artificial intelligence systems and other tools that could be used elsewhere in the health sector and advertising markets.”
However, a Google spokesperson defended the vendor’s business practices in targeting the healthcare industry.
“Many other companies pursue similar business models of selling compute power and cloud storage—or building custom technology solutions—for healthcare providers,” noted the Google spokesperson. “We’re bound by our terms of service, as well as regulations and signed agreements with customers, to not use PHI (protected patient health information) for purposes beyond those permitted by our customers and the law. This includes not using any PHI to target ads.”