Rep. Pramila Jayapal (D-Washington), a member of the House Judiciary Subcommittee on Antitrust, Commercial, and Administrative Law, has written to Google and Alphabet in relation to their Ascension partnership. She has demanded answers to several questions about how protected health information has been obtained, the measures put in place to protect patient data, and how Google will be using the PHI.
The partnership between Google and Ascension was made public on November 11, 2019 following the release of a story in the Wall Street Journal. A whistleblower at Google had shared information with the WSJ and expressed worry that millions of healthcare records had been shared with Google without first receiving consent from patients. It was also claimed that Google employees could freely obtain PHI.
She wrote: “As Google and parent company Alphabet have engaged in an ever-widening acquisition of the highly personal health-related information of millions of people, Americans now face the prospect of having their sensitive health information handled by corporations who may misuse it. I am especially concerned that your company has not provided sufficient assurances that this sensitive data will be kept safe, and that patients’ data is being acquired by your companies without their consent and without any opt-out provision.”
Rep. Jayapal is particularly worrying that the information will be used improperly. Google is collating massive quantities of healthcare data from several sources. Google’s healthcare-centered AI unit, Medical Brain, is actively getting together health data, Alphabet has linked up with the Mayo Clinic, and Google has purchased the UK startup, DeepMind. NHS data has already been handed over to Google. Google is also looking to take over Fitbit and with it health-related data on 25 million account holders.
In her letter Rep. Jayapal said: “The fact that Google makes the vast majority of its revenue through behavioral online advertising—creating an incentive to commoditize all user information—renders the company’s expansion into health services all the more troubling”.
Rep. Jayapal also highlighted the fact that Google does not have a clean track record when it comes to safeguarding health and medical data, referencing one occasion in which chest X-ray images from the National Institute of Health were almost shared publicly online before Google realized they included personally identifiable information. She also said there is currently an lawsuit that claims Google firms have obtained patient data from a major medical center and DeepMind was found to have breached the Data Protection Act in the UK by using patient data to design new apps.
Rep. Jayapal has given Google and Alphabet until January 5, 2020 to answer her questions, as detailed below: