John & Rusty Report Editor’s Note: Ascension does not currently operate any hospitals in California
In a sign of Google’s major ambitions in the health care industry, the search giant is working with the country’s second-largest hospital system to store and analyze the data of millions of patients in an effort to improve medical services, the two organizations announced on Monday.
The partnership between Google and the medical system, Ascension, could have huge reach. Ascension operates 150 hospitals in 20 states and the District of Columbia. Under the arrangement, the data of all Ascension patients could eventually be uploaded to Google’s cloud computing platform.
It is legal for health systems to share patients’ medical information with business partners like electronic medical record companies. Even so, many patients may not trust Google, which has paid multiple fines for violating privacy laws, with their personal medical details.
Google mentioned the arrangement in an earnings call in July, but provided few details. More about the arrangement was announced on Monday, after The Wall Street Journal published an article about it.
Already, the two organizations are testing software that allows medical providers to search a patient’s electronic health record by specific data categories and create graphs of the information, like blood test results over time, according to internal documents obtained by The New York Times. The aim is to give medical professionals better access to patient data, to improve patient care and, ultimately, to try to glean insights from the data to help treatment.
Google is teaming up with Ascension, a nonprofit, as American consumer tech giants like Amazon, Apple, Google and Microsoft jockey to gain a bigger share of the huge health care market. Apple has expanded into virtual medical research using its iPhone and Apple Watch. Microsoft has introduced cloud-based tools to help health systems share medical data. Last year, Amazon joined JPMorgan Chase and Berkshire Hathaway in a venture to try to improve care and reduce costs for their employees in the United States.
Google’s health efforts include a push to use artificial intelligence to read electronic health records and then try to predict or more quickly identify medical conditions.
The company’s efforts require machines to learn by analyzing a vast array of health records collected by hospitals and other medical institutions. Under the Ascension partnership, dozens of Google employees may have access to patient data like name, birth date, race, illnesses and treatments, according to the internal documents. These include employees who work on Medical Brain, the company’s health A.I. team.
At least a few Ascension employees in the project have raised concerns that Google employees downloaded patient data, according to the internal documents. They have also raised concerns about whether all of the Google software involved in processing Ascension patient data complies with a federal privacy law. That law, the Health Insurance Portability and Accountability Act, or HIPAA, restricts how doctors, health systems and their business associations may handle identifiable patient data.
In its announcement on Monday, Ascension said the deal complied with the law and followed the organization’s “strict requirements for data handling.” In a follow-up email, the health system said that its patient data was stored in a private space within Google’s cloud platform and that Google could not use it for any purpose other than providing tools for Ascension medical providers.
Tariq Shaukat, the president of Google Cloud, said in the statement that by working with groups like Ascension, “we hope to transform the delivery of health care.”
Ascension did not respond to questions about how many patient records had already been transferred to Google Cloud.
Google’s handling of health care data is a touchy subject. Through its advertising business, Google already knows a vast amount about consumers — including what people are interested in, where they are located, and what they watch on YouTube or search for on Google.
When Google announced plans this month to acquire Fitbit, a maker of activity tracking devices, for $2.1 billion, the company pre-emptively said it would not use health data gleaned from the trackers in its advertising business.
In 2017, a British government watchdog agency ruled that the Royal Free National Health Service Foundation Trust, a major health provider, had violated a data protection law when it transferred medical records to DeepMind, an A.I. lab in London owned by Google’s parent company, without sufficiently informing patients.
DeepMind further outraged privacy groups in 2018 when it announced plans to transfer the unit that processed the medical records to Google, after saying that it would not link patient data to Google accounts. DeepMind’s health team officially joined Google in September. In absorbing DeepMind’s health unit, Google said, it was building “an A.I.-powered assistant for nurses and doctors.”
In June, Google, the University of Chicago Medical Center and the University of Chicago were sued in a potential class-action lawsuit accusing the hospital of sharing hundreds of thousands of patients’ records with the technology giant without properly stripping the records of identifiable date stamps or doctors’ notes.
In a research paper published last year, the company said it had used electronic health record data of patients — including diagnoses, procedures and medications at the University of Chicago Medical Center — from 2009 to 2016. The paper states that the records were “de-identified,” except that “dates of service were maintained.”
The lawsuit said the inclusion of dates was a violation of HIPAA, in part because Google could combine them with other information it already knew, like location data from smartphones, to establish the identity of the patients in the medical records.
A Google spokesman said in a statement that it complied with the law, which allows medical institutions to disclose patients’ personal health information for research purposes as long as the records have been stripped of identifying details like names, Social Security numbers and contact information.
A Google spokesman said at the time that it had followed HIPAA. Google has filed to have the lawsuit dismissed.
The University of Chicago and the medical center have denied the accusations.