Serving the High Plains
Few things are more private than a person’s medical history. Yet without the consent of patients or their doctors, America’s second-largest health care system and Google are cooperating to share personally identifiable medical information on 50 million patients.
Regardless of the intentions to improve health care, this is a violation of privacy that may require action from regulators or Congress to correct.
First reported by the Wall Street Journal, Ascension, a chain of Catholic nonprofits with hospitals and nursing homes in 21 states, made a pact with Google to move that big data into the search giant’s cloud-computing system. They hope to crunch the data and provide better health care. Code-named “Project Nightingale,” the plan immediately drew the scrutiny of regulators and lawmakers who fear that patients’ privacy is inadequately protected.
At least four Democrats on the U.S. House’s Energy and Commerce Committee have already sent letters to both Google and Ascension, asking to be briefed. They are right to worry.
Anyone who has visited the doctor has encountered HIPAA, the federal Health Insurance Portability and Accountability Act of 1996, which protects a patient’s privacy. Yet Project Nightingale appears to be permissible under federal law, privacy experts say, because HIPAA generally allows sharing of data with business partners if the information is used “only to help the covered entity carry out its health-care functions.”
Patients would no doubt be surprised to learn it might be legal to share medical information that includes their names and birth dates even without their consent, and if an investigation determines that it is legal, it is time to beef up the law.
Patients should have to consent before identifiable medical information is shared, and they should know the purpose and be fully informed.
In the age of big data, privacy and information are constantly in tension. Crunching big data using artificial intelligence can discover patterns and point to treatment in ways that weren’t possible even a few years ago. That’s good news. But it simply cannot come at the expense of breaking the confidentiality of patients and their personal medical information.
Ask yourself: Would you trust big data companies such as Google and Facebook with the most intimate details of your life?
— Tampa Bay Times