CNBC later reported, and the companies confirmed, that they had signed an industry-standard agreement that allows for some sharing of protected health information under the current health privacy rules, known as HIPAA, but forbids either company from using that data for any purpose but to provide patient care.
SAN FRANCISCO (Reuters) - Four Democratic leaders on the U.S. House of Representatives Energy and Commerce committee on Monday wrote Alphabet Inc’s Google and Ascension Health demanding briefings by Dec. 6 on how patient data the hospital chain is storing on the cloud is used.
HIPAA does govern several aspects of patient data privacy, but one of these provisions allows “covered entities” (such as a hospital or medical office subject to the law) to share data to Business Associates — which are companies that may help the covered entity carry out its health care functions.
The companies say it will improve patient care and administration, but the strategy has also sparked concern among certain consumer advocates, cybersecurity experts and reportedly some Ascension employees — especially because neither patients nor doctors had been previously been notified of this data-sharing arrangement.
The Wall Street Journal’s Rob Copeland wrote that the data amassed in the program includes “lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, complete with patient names and dates of birth,” and that as many as 150 Google employees may have had access to the data.
A "bombshell" new report from The Wall Street Journal describes a secret project from Google and healthcare giant Ascension to store data on millions of Americans, a move that critics of the tech conglomerate decried as another example of overreach.
In this case, the WSJ reports, Ascension is the "covered entity" as a health care provider and Google is the "business associate."Notably, the press release says nothing about concerns regarding data privacy and questions of the legality of sharing such personal data without patient knowledge.
“This information would be a gold mine for cyber criminals who would have everything they need to steal identities, file false tax returns, get loans or credit cards.” Although the documents originate from these financiers, one bank — Citi, which helped to secure the data — said it had no current relationship with the company.