Need toKnow8 27 Nov-10Dec 2019
What happened?
Google hasagain caused alarmby
hoovering upmedical data,thistime
viaapartnershipwith aUShospital
chainthatinvolves thehealth records
of 50 millio npeoplebeingshared with
thesearchgiant.
KnownasProject Nightingale,the
plansentaildataheldbythe American
medicalcompany Ascensionbeing
passed to Google to help buildan
artificial-intelligence tool forclinicians.
Unlike previous medical data-sharing
projects,there’sbeenno effort to
anonymise patientdataand,worryingly,
patients weren’teventoldthattheir
datawasbeingshared.Google is able
to seefullhealth recordsincluding
medical diagnoses, alongwith patients’
namesand addresses.
Theproject’s details were revealed
by journalists at theWall Street Journal,
andit is nowunderinvestigationbythe
USDepartmentofHealth following
criticismfrompoliticians. Google said
it was“happytocooperate”with the
federalinquiryintoits medical work.
Thepartnershiphasbeenrunningfor
at leastayear, andGoogle didmention
itspartnershipwithAscensioninan
earnings call lastsummer,notingthat
it had dozens of othersimilar projects.
Oneofthose is in theUK–acontract
wassignedin Octoberwith theTaunton
and Somerset NHSTrust–and involves
Google analysingpatientdatatofeed
into itsAIsystemsto help spot disease
andilln essmore quickly.Underthe
partnership,the trustishandingover
five years’ of patientdata, including
diagnosisand treatmenthistory,aswell
as demographic details. Thetrust
previously hadacontract with theUK
startupDeepMind, whichwas
subsequentlyacquiredbyGoogle.
Initiall y, Google said that data fromthe
medical research firmwouldbe stored
separately, butlastyearchangedits
mindand health datais nowheldnot by
DeepMindbut by Google itself.
Similarly, in 2015,DeepMind started
work withtheNHSRoyalFreehospital
trustin London,onaproject foranapp
that algorithmicallyanalyses patient
data to spot thesigns of kidney failure.
Thetwoorganisations used real patient
databutpatientswereneither notified
notasked forconsent.Twoyearslater,
theInformation Commissioner’s Office
deemedthedatasharingillegal.Google
andthehospital arestill working
together on theproject,but nowhave
aclearerdata-sharingagreement.
Thenewscomesas an investigation
by theFinancialTimesrevealed that
health websites aresharinginformation
gatheredusingcookieswith Google,
includingdataaboutdrugsandfertility,
though Google said it didnot usesuch
sensitivedatafor targeted advertising.Howwill it affect you?
ProjectNightingaleiscurrentlyUS-only
butGoogle hasplentyofother medical
projects aroundtheworld,and hasrun
AI trialsin theUKvia itsDeepMind
machine-learningdivision.Google said inablogpost(bit.ly/
ascension489)thatthe datait sources
fromAscensioncan’t andwon’tbetied
to Google’s owncustomer data,soa
patient’sidentifying details won’tbe
linkedto theirGmail accountortheir
behavioural-advertising profile.
Google also stressed that thedata
is held securely in an encrypted
environment controlled withaccess logs
that is regularlyaudited.Alimited
numberof Google employees have
access to privatehealth information
underthe partnership.What dowethink?
We’rebeing askedtotrustGoogle with
ourmedical recor ds,whichperhapsisn’t
thewisest move.Google says it hasno
planstolinkits profiles on usto any
medical datait gathers, butitalsosaid
it wouldn’t directly hold health records
used in research by DeepMind,then
changeditspolicyand swallowedup
that dataregardless.
It’s possibletodevelop AItools, store
recordsinthe cloudand analyse data
forresearchwithouthandingoverany of
it to Google,but if we’regoingtotrust
anytechcompany withourmedical
records, weneed robust laws that
protectour sensitivedata. Thisshould
be apriorityfor politiciansand data
watchdogs alike, as well as theNHS.
Hospital trusts arethe ones signingover
ourdata, andit’s essential that they
treatour privatedataseriously.Google sparks privacyfears
overhealthdataplans
Google publishedablogpost refuting
claims thatit usespatientdatafor ads