Yesterday, a bombshell report from The Wall Street Journal revealed details about a partnership between Google and Ascension, one of America’s largest healthcare providers.
Dubbed Project Nightingale, the collaboration gives Google’s Cloud division access to millions of records, including patient names, birth dates, medical history, and test results.
For privacy advocates, this revelation is understandably worrying. Google already collects massive amounts of data on its users, and the perspective of adding deeply personal medical records to the pool is problematic, to say the least.
Following the publication of the story, which was picked up extensively by other outlets, Google and Ascension both put out statements that aim to demystify Project Nightingale.
Google: A business arrangement like many others
In a blog post, Google Cloud’s Tariq Shaukat confirmed Google’s work with Ascension, but said there’s nothing unusual or shady about it. Shaukat defined the relationship as “business arrangement to help a provider with the latest technology” and pointed out that Google openly partners with dozens of other healthcare providers.
According to Shaukat, Google works with Ascension to move its infrastructure to the cloud, to deploy the G Suite of productivity tools (think Gmail and Google Drive for business), and to “provide tools that Ascension could use to support improvements in clinical quality and patient safety.”
Google openly partners with dozens of other healthcare providers
What about the data?
Google said it merely provides Ascension with some services, while the healthcare provider remains the “steward” of the data, which cannot be used for any other purpose other than to provide the agreed-upon services.
Google further clarifies that “patient data cannot and will not be combined with any Google consumer data.”
Shaukat also explained the use of the rather mysterious “Project Nightingale” codename for the Ascension tie-up. According to the executive, this was because some of the solutions Google is creating for Ascension are still in “early testing.” Shaukat did not clarify what these solutions actually are. However, Ascension did provide a bit more details in its press release:
Exploring artificial intelligence/machine learning applications that will have the potential to support improvements in clinical quality and effectiveness, patient safety, and advocacy on behalf of vulnerable populations, as well as increase consumer and provider satisfaction.
Ascension also insisted its work with Google is fully compliant to regulations and protected “by a robust data security and protection effort.”
Nothing shady, but it’s bad look for Google
There is no indication that Google is doing anything nefarious here, and little reason to doubt its claims. In fact, if you replace “healthcare” with many other industries, say “automotive” or “asset management,” nobody would bat an eye. After all, Google, like Amazon, Microsoft, Oracle, and many other companies, is in the business of providing cloud solutions to companies who aim to modernize their infrastructures. This exactly what Ascension is doing.
There is no indication that Google is doing anything nefarious here
That said, the fact that Google rushed out a blog post to “proudly announce” Project Nightingale speaks volumes. For more and more people, Google is becoming synonymous with a disregard for privacy, perhaps not entirely unfairly. And Google knows it, and knows that healthcare is the most sensitive sector possible – hence the hasty attempt to stop this story from snowballing.
To its credit, Google is pretty transparent about its work in the medical industry. In fact, the company itself revealed the Ascension deal during its July 2019 earnings call. Its Google Cloud presentation page mentions dozens of healthcare providers from around the US as customers. And Google, like Apple, proudly promotes the way its technology can be used to advance medical care.
Regardless, the average consumer won’t care, and cannot be expected to know, that Google Cloud is HIPAA compliant or that hospitals have been routinely sharing data with service providers for decades. The average consumer will just vaguely know that Google collects your location data (even when you thought you turned it off), that it knows everything you’ve ever searched, or that it just bought Fitbit, which knows when you can’t sleep and when you’re skipping gym day. And what’s Google doing with all that information? That proverbial user will only know “it’s to sell ads.”
Fighting this perception of untrustworthiness is a huge challenge for Google, and it’s only going to get harder in the next years.