In recent years, Google has been making increasingly aggressive forays into the lucrative U.S. healthcare sector, estimated by some to be worth $3.5 trillion annually. For example, Google recently announced plans for a $2.1 billion acquisition of Fitbit, which has 25 million active users. And now, after an anonymous whistleblower provided details online, the company is unveiling a once-secret health data partnership (codenamed “Project Nightingale”) with Ascension, the nation’s second-largest health system with over 2,600 hospitals and other medical care facilities scattered over nearly two dozen states. According to the whistleblower, Google is attempting to acquire access to over 50 million patient records in 21 different states, all without the consent of patients, doctors or other healthcare professionals.
The big question, of course, is whether this Project Nightingale health data partnership between Google and Ascension involving tens of millions of patient records actually breaks any laws. According to the 1996 Health Insurance Portability and Accountability Act (HIPAA), there are very rigid guidelines in place as to how health data can be shared without the formal consent of patients. Any health data-sharing arrangement must be used specifically to improve the quality or scope of healthcare, and cannot be used for purely commercial purposes. Moreover, data cannot be shared with any third parties, such as potential advertisers or data brokers.
More » Tech Letter