Google and Ascension assured doubters their data-sharing venture is HIPAA compliant, but lawmakers still want more details


  • This story was delivered to Business Insider Intelligence Digital Health Pro subscribers earlier this morning.
  • To get this story plus others to your inbox each day, hours before they’re published on Business Insider, click here.

Google’s cloud tie-up with Ascension has stirred up a commotion among healthcare professionals and government entities — and it shows no signs of dying down: Congressional Democrats penned a letter to Google and Ascension demanding they unleash more details regarding how patient health information is being stored and why the two kept the endeavor under wraps, per CNBC.

Business Insider Intelligence

The initiative, Project Nightingale, was launched with the purpose of creating tools to streamline the process of combing through patient medical records — but in their letter, policymakers raised issue with the fact that “employees across Google, including at its parent company, have access to, and the ability to download, the personal health information of Ascension’s patients.”

Google Health leader David Feinberg reiterated that Project Nightingale hasn’t strayed from HIPAA-compliance — but that’s still unlikely to quell patients’ distrust of big tech with their health data. Feinberg maintained that the “limited” volume of Google employees who had access to patient information underwent HIPAA training — and asserted that Google plans to develop tech to curb the number of Google staff needed to interact with sensitive info.

He also restated that patient info is encrypted and cannot be used for other purposes, like advertising. Still, Google is pitted against a pool of patients who generally distrust tech cos to handle their health information: Just 10% of US consumers would readily share their health data with tech giants — and only about half of that segment would be willing to share their health data with Google.

Since touting HIPAA-compliance hasn’t been enough to alleviate data-sharing woes, we think it suggests the law is in need of a revamp now that tech giants like Google — with far more sophisticated data and analytics practices than in 1996, when HIPPA was passed — are forging deeper inroads into healthcare. 

HIPAA was passed more than two decades ago to protect against the misuse and fraudulent handling of health data. And while HIPAA has been updated to keep up with the technological advances of the times — like EHR adoption — big tech companies’ foray into healthcare by way of their data management and analysis expertise could call for a HIPAA overhaul, especially as their services become need-to-have for healthcare firms, per Healthcare Dive.

For example, CIO of Boston Children’s Hospital Dan Nigrin said that “the safeguards provided for in HIPAA probably lack specific granularity and detail” for initiatives like Project Nightingale. We think hospital leaders, who would benefit from partnering with big tech firms but who also want to keep employees and patients at ease, will up demand for greater transparency around data sharing practices. We expect to see heightened activity within state governments to boost healthcare data privacy and security a la California’s Consumer Privacy Act , which grants consumers more agency over how and with whom their data is shared.

Want to read more stories like this one? Here’s how to get access:

  1. Sign up forDigital Health Pro, Business Insider Intelligence’s expert product suite keeping you up-to-date on the people, technologies, trends, and companies shaping the future of healthcare, delivered to your inbox 6x a week.>>Get Started
  2. Join thousands of top companies worldwide who trust Business Insider Intelligence for their competitive research needs.>>Inquire About Our Enterprise Memberships
  3. Explore related topics in more depth.>>Visit Our Report Store
  4. Current subscribers can log in to read the briefinghere.

Read More


Please enter your comment!
Please enter your name here