Not long after it was announced that the U.S. Department of Health and Human Services opened an investigation into Google’s “Project Nightingale” health care data collection program, the tech giant has shared additional details about the controversial project.
Federal regulators are currently looking into whether Google’s program violates the Health Insurance Portability and Accountability Act of 1996 (known as HIPAA).
For the program, Google has partnered with Ascension -- a large, nonprofit faith-based hospital network. The company said previously that it’s legally collecting data from Ascension under a business associate agreement (BAA), which allows it to share some patient information in compliance with current health privacy laws.
In a blog post on Wednesday, Google attempted to assuage lingering privacy concerns by underscoring the fact that identifiable patient data will only be viewed by select staff that "undergo HIPAA and medical ethics training, and are individually and explicitly approved by Ascension for a limited time."
Google added that it will also use technical controls that are "designed to prevent the data from leaving this environment." Patient data access is also “monitored and auditable,” the company noted.
Earlier this week, several Congressional Democrats sent a letter to Google officials calling the company’s data-sharing deal “disturbing.”
The lawmakers noted that Ascension’s decision to not to inform patients before moving ahead with the collaboration has sparked justifiable concern. They requested a briefing to learn more about the agreement by December 6.
In its blog post, Google reiterated that personalized patient data “cannot be used for any other purpose than for providing our services” under its BAA with Ascension.
“This means it's never used for advertising,” the company said, adding that it’s also published a white paper showing how customer data is encrypted and isolated in the cloud.