Google has made a deal for access to patient records from HCA, which which operates 181 hospitals and more than 2,000 healthcare sites in 21 states, so the tech company can develop healthcare algorithms, The Wall Street Journal reports.
Google will store anonymized data from patient health records and internet-connected medical devices. That data will be used to build programs that could inform medical decisions made by doctors. The deal is described as “multiyear” by the WSJ, without specifying how many years.
This feels uncomfortable on so many levels.
I do not know the specifics of this project. However given its sensitive nature, and the strength of HIPAA laws, it would be reasonable to assume privacy would be taken seriously.
That being said, many hidden patterns of drug, disease, protein and gene interactions can only be inferred by looking at very large samples of data, provided no individual is singled out (https://en.wikipedia.org/wiki/Differential_privacy).
Previously, this was done be individual doctors, reading lots of research papers.
Then there are methods developed to go over existing medical literature to help those researcher discover these patterns (let’s plug out paper here: https://pubmed.ncbi.nlm.nih.gov/22693501/)
That could be then used to provide better treatment plans based on individuals (https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5898022/ this was one of my professors).
And now this is being done with machine learning by insurance companies, NHS like countrywide systems, or private companies.
The future will definitely have better understanding of disease. As long as we don’t assume the systems as infallible (they do make mistakes), and not single out individuals Gattaca style.
sukru,
HIPAA has strict laws, but as is often the case in the US companies are self-enforcing the rules. As an insider in the industry, I wouldn’t make too many assumptions that there’s zero problems just “because HIPAA”. It doesn’t eliminate the need for trust. IT employees do sign nondisclosures, but they have access to pretty much everything and it wouldn’t be difficult to abuse.
iamblue says patients in England will have the opportunity to opt out, but here in the US we generally don’t have such rights, if a hospital/network partners with google they don’t need patient authorization. Obviously google would be legally restricted in terms of what it can do with the data, but technically there is virtually nothing at all to stop them from using patient records in bad faith, you implicitly have to trust google.
Well, arguably it’s not the studies that are controversial, but putting the records in the hands of an advertising company. I think a lot of people find the idea of handing google our medical data creepy. I personally don’t like that they monitor credit card transactions either…it’s too much.
Well, I can only speak about what I know from public sources.
Google had a serious issue one time in 2011 with Google Buzz wrt. privacy. So settled with FTC to have 20 years of privacy audits.
https://www.ftc.gov/news-events/press-releases/2011/03/ftc-charges-deceptive-privacy-practices-googles-rollout-its-buzz
https://spectrum.ieee.org/tech-talk/telecom/internet/google-agrees-to-20-years-of-privacy-audits
Also HIPAA means one cannot join individual’s medical data with any other table. So “advertisement” is definitely out. And there are algorithms that make sure no sensitive data is learned by inference: https://research.google/pubs/pub48121/
But of course, one cannot be absolutely sure without seeing the code base. For that, there is always https://careers.google.com/ 🙂
sukru,
I realize they wouldn’t be allowed to use the data for advertising, but once they have the data it will be google enforcing it’s own compliance with the law. And some people may not be comfortable with google having their data anyways even assuming google are compliant under HIPAA. There may be nothing that patients can do about it.
Google rejects the majority of candidates who apply, including yours truly a long time ago. Incidentally I’m very curious what data google uses in hiring decisions? They could just throw all the data they’ve collected from our private lives into a neural net to screen candidates. Even current employees might have to be very careful to avoid speaking out against google.
https://www.inc.com/suzanne-lucas/google-fires-employee-for-expressing-an-opinion-s.html
https://www.bloomberg.com/news/articles/2019-11-25/google-fires-four-employees-citing-data-security-violations
Google has tons of information about people’s private lives. Heck even osnews is hosted at google, they could technically identify all of us. Of course just because it’s technically possible doesn’t mean they’re actually doing it, but on the other hand I don’t put blind faith in companies doing the right thing.
I wonder if the UK NHS patient data will follow the same route.
Just saw this today:
England’s NHS plans to share patient records with third parties
55m patients have until June 23 to opt out of having their health data scraped into a new database
https://www.ft.com/content/9fee812f-6975-49ce-915c-aeb25d3dd748
I don’t give a f*** what Google is trying to do. I don’t want my “anonymized” medical data anywhere near their grubby enormous hands. HIPAA or not, I have zero confidence the data will be truly anonymous and zero confidence Google will not abuse the data in their own interests. Not that I don’t feel that way about every other company out there. But Google? Yeah right, GTFO with that.