Google’s plan to collect data on tens of millions of patients under its “Project Nightingale” program is drawing federal scrutiny.
The Wall Street Journal reported earlier this week that the U.S. Department of Health and Human Services has opened an inquiry into the project to determine whether it violates the Health Insurance Portability and Accountability Act of 1996 (known as HIPAA).
For the project, Google has partnered with Ascension -- one of the largest Catholic and nonprofit healthcare providers. Ascension plans to share comprehensive patient health records with Google, according to the Journal.
The Office for Civil Rights in the Department of Health and Human Services "will seek to learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented,” the Journal said.
A company spokesperson told the publication that Google is "happy to cooperate" with the investigation.
Patient privacy concerns
In a blog post, Google described its collaboration with Ascension as a “business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers."
The Journal reported that at least 150 Google employees had access to patient data. However, Google maintains that it’s fully complying with HIPAA regulations.
"We believe Google's work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage," Google said in the FAQ section of its blog post.
The tech giant added that Ascension’s data "cannot be used for any other purpose than for providing these services we're offering under the agreement, and patient data cannot and will not be combined with any Google consumer data."
Google said Ascension authorized Google employees to handle patient data because the data is "very complex and non-standardized.” The firm said it needs to “configure and tune our processing systems to ensure correct product operations and patient safety.”
Tech companies increasingly look to health care
Google’s privacy practices have undergone federal scrutiny before. Earlier this year, the company agreed to pay a record $170 million penalty to the Federal Trade Commission (FTC) for improperly collecting and profiting off of the personal information of children through targeted ads.
The federal inquiry into Google’s healthcare venture comes as others in tech sector attempt to launch health care initiatives of their own. Apple CEO Tim Cook has said he believes his company’s greatest contribution will ultimately be health-related, and Amazon and Microsoft have each unveiled their own plans to expand into the healthcare industry.