Well, Big Tech is at it again. I have
previously written about Amazon's foray (here and here) into the healthcare industry,
but now it
is Google's turn. Google has recently partnered with Ascension, the nation's
second-largest healthcare provider, on a project that Google calls "Project
(This name comes from Florence Nightingale, not the picture of the beautiful
The partnership offers Ascension access to Google's
vaunted cloud infrastructure and the full selection of Google Suite products.
What Google gains has the potential for a massive invasion of privacy regarding
50 million patient's personal health information (PHI) across 21 states.
Google and Ascension have signed a Business Associate Agreement, which would
allow PHI to be transferred from one entity to another with limits on the usage
of data. But with the Business Associate Agreement, neither party is obligated
to inform the 50 million people of the transfer of their PHI.
Google's recent acquisition of FitBit, further complicates the speculation of how the tech giant may use the data. The world of technical devices and apps that allow consumers to track their health have few rules about the collection and dissemination of private health data. The main concern is that Google will use the PHI of the 50 million Ascension patients to test and develop new technologies for FitBit, without the consent of Ascensions patients. Google has publicly stated, "... Ascension's data cannot be used for any other purpose than for providing these services we're offering under the agreement, and patient data cannot and will not be combined with any Google consumer data."* But the concern remains that Google will be within the Business Associate Agreement to use the data collected from Ascension to increase its knowledge base. The question is, can Google take the new information it learns from the Ascension acquisition and apply it towards the learning and development for its FitBit line?
This agreement has caught the eye of the Department of Health and Human Services and the US Congress. Currently, the rules that would govern this unique situation are not clear. Congress is presently entertaining a bipartisan bill that will examine if during a BAA transfer of PHI should the public be notified. When Ascension transferred the records of 50 million patients, the doctors nor the patients knew anything about it until a whistleblower leaked the agreement to the press. Additionally, once the transfer of data is complete, should there be a mechanism in place to monitor the usage of the data. While the government investigates whether or not Google or any other partner to a Business Associate Agreement is complying with the HIPAA regulations, I believe they are missing the elephant in the room.
"What does Google plan to do with all of this data?"
From my research, Google has had access to millions of patient's health records before the deal with Ascension. It was just the scale of the transfer of PHI that caught the eye of the media, the government, Congress, and the general public. The tech giant has partnered with more than a dozen health care providers, which include the Cleveland Clinic, the University of Chicago, and the Mayo Clinic.
While HIPAA will protect the actual personal health information transferred, the learnings acquired from Google's analysis of the data is not protected. Google has not made a secret of the fact that they are working towards using their artificial intelligence (AI) and machine learning (ML) to presume consumer medical conditions. Similar to Amazon and Apple, Google has recognized that there is a fortune awaiting the company that can predict a person's medical illness and market products and services to that consumer before they know they are sick. In 2018, Google filed a patent to identify medical conditions using artificial intelligence to analyze the data gleaned from its tracking of consumer behavior while on the internet. The AI filters through the raw data looking for keywords and then utilize ML to conclude the potential for the consumer to display a medical condition within an allotted time.
As proof of concept, we need only to look at a study done by Facebook to identify specific medical illnesses by looking at a user's Facebook posts.** Some of the results were fairly obvious: posts including the keywords, drink, drunk, and bottle were proven indicative of a person suffering from alcohol abuse. Similarly, posts with the keywords, pain, crying, and tears were indicative of depression. The study also surprisingly linked Facebook users' posts with the words God, family, and prayer to diabetes in 25% of the cases, which included those keywords.
I guess it is worth asking again: What is Google planning on doing with all of this data?
And as a follow-up question.
Will we see innovation from the acquirement of Ascension's Personal Health Information?
I guess the only way to find out will to be to buy a new FitBit in a year or two and see.
- * Shaukat, Tariq. “Our Partnership with Ascension | Google Cloud Blog.” Google, Google, 11 Nov. 2019, https://cloud.google.com/blog/topics/inside-google-cloud/our-partnership-with-ascension.
- ** Merchant, Raina M., et al. “Evaluating the Predictability of Medical Conditions from Social Media Posts.” PLOS ONE, Public Library of Science, 17 June 2019, https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0215476#sec007.