By Katie Ritchie
Have you heard about “Project Nightingale?” It’s not a covert military operation. It’s the name of the partnership between tech giant Google and Ascension. one of the largest health systems in the US.
The secret project began last year. The data collected includes personally-identifying information. patient names, addresses, dates of birth, diagnoses, records of hospitalizations, and more are collected.
Google claims it wants to analyze patient data for “treatment and administrative” purposes. It says the goal is to help patients and reduce costs and make medical records more useful, accessible, and searchable for physicians. Allegedly, patient data isn’t used for anything but the service Google provides Ascension.
Here’s how it works. A patient arrives at a medical facility. The medical team inputs information about the patient after or during the exam. The computer syncs with Google’s Project Nightingale system. It can suggest doctors to add or replace to assist the patient, provide narcotic enforcement policy information, flag unusual deviations in care or suggest tests and treatment.
The strangest part? Neither patients nor doctors were notified, and it’s legal. The Health Insurance Portability and Accountability Act of 1996 allows hospitals to share data with business partners. They don’t need to notify patients. Supposedly, the info can only be used “to help Ascension carry out its health care functions.”
The Department of Health and Human Services’ Office for Civil Rights has opened a federal inquiry to learn more about this mass collection of individuals’ medical records with respect to the implications for patient privacy.