Google's project with Ascension, a Catholic nonprofit and the second-largest health system in the U.S., to collect health information from about 50 million patients without their explicit consent for research has triggered a federal inquiry.
The initiative (called Project Nightingale) involves moving Ascension's patient data, previously scattered across 40 data centers in more than 12 states, into Google's cloud computing system. Part of the company's plan includes implementing artificial intelligence to predict outcomes of procedures or medications.
Regulators and lawmakers are concerned about whether Ascension and the technology giant are adhering to HIPAA regulations to protect the sensitive data, which contain names, dates of birth, billing claims, lab tests, medication and hospitalization histories, diagnoses, and other clinical records.
Sen. Mark Warner (D-VA) called for Project Nightingale to be paused pending an investigation, and for a halt to any similar deals involving companies under a consent-decree agreement for security and privacy violations.
"We are happy to cooperate with any questions about the project. We believe Google's work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage," a Google spokeswoman said in a statement. She also stated the data would not be used to sell ads.
Google is not currently being paid for its work with Ascension and will not disclose financial details about the deal. However, experts say the company could eventually reap tens of millions of dollars or more by repeating this work for other clients. Apple, Amazon, and Microsoft are pushing into the health care industry in similar ways.