David Feinberg, head of Google Health, defended the company’s partnership with large Catholic hospital system Ascension Tuesday afternoon in San Francisco. The partnership, nicknamed “Project Nightingale,” recently came under criticism after news outlets revealed the partnership enabled Google to access confidential patient data.
“Despite what they say in the newspapers, we’re super proud of it,” Feinberg said.
In November, reporters at Forbes and other publications revealed that Google partnered with Ascension to move its patient electronic medical records to the cloud and create a search tool that would allow doctors to better search those records. A whistleblower alleged that Google employees consequently had access to confidential patient data, and that several employees involved with the project had internally raised concerns about patient data privacy. The claim caused public outcry and Google was admonished by several U.S. lawmakers.
Feinberg made his comments on stage at the StartUp Health Festival, an invitation-only event for biotech entrepreneurs coinciding with the annual JP Morgan Health Conference. Feinberg disputed the news reports and claimed that Google employees did not have access to patient medical records stored in the company’s cloud servers to the extent that was reported. “Think of it as a warehouse,” he said, “the only one that has the key to that record is Ascension.”
He did confirm that some Google employees had access to patient data at two Ascension facilities, however, through a business associates agreement that allows third-party companies to access patient data. Business associates agreements are contracts that allow organizations covered by HIPAA to share patient information with certain partners. Feinberg said that Ascension has over 600 business associate agreements, and that Google employees only had access to patient data at two hospitals, “not three-quarters of the United States as the Wall Street Journal said.”
The Wall Street Journal recently reported that Google has multiple deals with medical companies, including Mayo Clinic and Intermountain Healthcare, which allows the company access to millions of patient health records in three-quarters of American states.
The patient data at two Ascension facilities was shared with Google employees during the process of developing a new search tool for patient medical records, which Feinberg says Ascension asked them to do. As previously reported by Forbes, the new search tool allows doctors to easily search for patients and view previous tests and notes. Feinberg stated that all Google employees who interacted with deidentified patient data received HIPAA training.
“The press has made this into something that it’s not,” Feinberg said. “This is not us mining somebody’s records to sell ads, to learn from it, to do machine learning, to develop products.”