Sundar Pichai, CEO of Google, speaks to the opening of the Berlin office of Google Germany on January 22, 2019 in Berlin with the media.
Carsten Koall | Getty Images News | Getty Images
Google has partnered with Ascension, a major US hospital network, in a privacy-protection flap to work together on tools that make information about patients useful and help physicians keep medical records to browse.
The business was first published in an article in The Wall Street Journal, which said that 1
However, it is not clear that the deal represents a major privacy risk. According to six people who are familiar with the scope of the agreement and an internal Ascension email from CNBC, the two companies have signed an industry standard agreement that allows the hospital to provide protected health information to Google, if that information is only used for Treatment to be used patients. These individuals have requested anonymity because they were not authorized to discuss the deal with the press. The e-mail also notes that the deal was part of a wider agreement between the companies that included Ascension's use of Google's G Suite productivity tools competing with Microsoft Office 365.
At the same time, a well-known person said, Ascension Employees were concerned that some of the tools that Google uses to import and export data do not conform to HIPAA privacy standards, and that the people concerned did not receive satisfactory answers from Google to have. Google did not comment on these specific complaints, but noted that there are a variety of Google Cloud products that enable HIPAA compliance, including some of the products mentioned by the affected employees.
The gag comes when Google takes aggressive steps to $ 3.5 trillion in healthcare, which recently agreed to acquire fitness tracker Fitbit and enter into an agreement with Mayo Clinic. The medical industry is known to be sensitive to privacy and security. Google is facing a tough fight to prove it's trustworthy to earn most of its money through advertising that relies on the extensive use of customer data.
How the deal came about
Several respondents said the project came about after Ascension spent millions of dollars on a data warehouse project bringing clinical information across the entire patient population.
Ascension and Google began discussions About eight months ago, a series of so-called population health and analysis software for analyzing health information as a whole referred to the wider scope of the work under the code name "Nightingale".
On the Google side, the goal was to develop tools that would make it easier for physicians to retrieve certain patient data in a medical record. David Feinberg, vice president of Google Health, recently referred to this feature at a sector conference with vague words. According to a well-known source and CNBC screenshots, the tool makes it easy for a doctor to visit a specific patient to see the latest test results, medications and more.
A Google spokesperson confirmed that he has developed tools "to help doctors and nurses improve patient care," but did not provide any further information.
These large scale analytics projects typically involve healthcare data companies such as Optum, which belongs to United Healthcare, as well as large providers of electronic health records such as Epic Systems. However, since tech companies like Google are looking for ways to enter the health business, they are likely to be more likely to engage in such deals.
Three respondents stated that the two organizations have signed a Business Associate Agreement (BAA) agreement to facilitate discussions that will allow some proprietary healthcare information to be transferred from a healthcare system to a business partner.
These agreements are designed to ensure that personal health information is provided securely and are common in the industry. As Lucia Savage, data privacy expert at health technology company Omada Health, points out, such agreements would typically limit the scope of Google's activities. The Affiliate – in this case, Google – generally can not convert the data for its own commercial use and will not sell the data under these agreements.
An email from Ascension to staff discussing the deal identified the tools as being in "early testing" and "not in active clinical use". The e-mail confirmed that the two companies have signed a BAA. "Ascension's data can not be used by Google for other purposes to provide these tools to Ascension clinicians, and patient data can not be combined with Google's customer information."
Two respondents said Ascension had specifically mandated a Compliance Officer to contact Google at all meetings to ensure the data was properly shared.
Despite all these assurances, an employee with knowledge of the project should have some of Ascension's employees concern about some of the tools Google has used to export and import data. These are not fully compliant under HIPAA, the body of rules governing the transmission and dissemination of health information. The tools in question include Data Studio, Big Query, and Data Lab, according to materials viewed by CNBC. This person said that the concerns had not been fully addressed by both companies.
"When we asked Google for answers and received late or no response," the person said. "There is a constant pressure from above to get it out quickly."
In response to a request from CNBC, Google refused to discuss the details of this partnership, but referred to a list of HIPAA-compliant cloud products, including Big Query and AI DataLab.
Google has signed several other important cloud contracts in the past, including the Mayo Clinic and the University of Chicago.
Earlier this year, a patient sued Google and the University of Chicago for alleging that companies had not stripped outdated stamps or medical notes buried in hundreds of thousands of patient records that could be used to identify a patient. "The university and the medical center will vigorously defend this action in court," a spokesperson said in a statement at that time.
Also in the UK, Google faced privacy issues in 2017 when DeepMind was artificially deployed The intelligence project used patient data in a manner that "violates the data protection act," according to a British government observer.
Follow @CNBC t on Twitter to get the latest news from the technology industry.