Project Nightingale : Google's four pillars for their secret patient data partnership
Introduction to Project Nightingale
Project Nightingale is a data sharing project financed by Google and Ascension, a Catholic health care system comprising a chain of 2,600 hospitals, doctors’ offices and other related facilities, in 21 states, with tens of millions of patient records available for processing health care data.
Ascension is one of the largest health-care systems in the United States with comprehensive and specific health care information of millions who are part of its system.
Google is involved with Ascension to process this data, which began in secret sometime in 2018, without knowledge and consent of patients and doctors.
Whistleblower
A whistleblower who works in Project Nightingale, the secret transfer of the personal medical data of up to 50 million Americans from one of the largest healthcare providers in the US to Google, has expressed anger that patients are being kept in the dark about the massive deal.
The anonymous whistleblower has posted a video on the social media platform Daily Motion that contains a document dump of hundreds of images of confidential files relating to Project Nightingale. The secret scheme, first reported by the Wall Street Journal, involves the transfer to Google of healthcare data held by Ascension, the second largest healthcare provider in the US.
The data is being transferred with full personal details including name and medical history and can be accessed by Google staff. Unlike other similar efforts it has not been made anonymous though a process of removing personal information known as de-identification.
The whistleblower introduces the video with the words: “I must speak out about the things that are going on behind the scenes.”
Watch Video - https://www.dailymotion.com/video/x7nvz43
The Four Pillars
Stage 1 - Infrastructure and Data Layer transformation
Stage 2 - Collaboration and Productivity, G Suite Deployment
Stage 3 - Healthcare information layer, EHR Search
Stage 4 - Healthcare experience layer, Use cases
Stage v Pillars
Stage 1 and 2 - moving patient data not de-identified to the Google Cloud
Stage 3 - Google using Ascension data to build its own framework in the cloud
Stage 4 - Google uses Ascension data to mine patient info, run analytics, run AI algorithms, sell or share data with 3rd parties, create profiles of patients that they can later advertise to online with healthcare ads targeted to their specific healthcare issues
Is Google allowed to access patient data?
In a word, yes.
Company insiders claim that Ascension patients are unaware that their medical data is being shared. While this may raise concerns among privacy advocates, Forbes states that privacy laws 'generally allow the sharing of patient data with third parties without notification if it is for purposes that “help it carry out its health care activities and functions.’”
Google has also stressed that its agreement with Ascension means that it can only use patient data for its medical-related algorithms.
“To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data”, Google Cloud chief Tariq Shaukat wrote in a blogpost.
Google Q&A - Was your work with Ascension a secret?
"Our work with Ascension was not a secret. In fact, we first announced our partnership with Ascension in July, on our Q2 earnings call. And, as Ascension has stated, they informed acute care administrative and clinical leaders across their organization on the work, held enterprise-wide webinars, and briefed clinical leaders of their employed physician group in detail. In addition, Ascension directly engaged many front-line nurses and clinicians on the project."
Google Q&A - Does Google combine patient data across customers?
"No. We are building tools that a single customer (e.g., a hospital or primary care group) can use with their own patients’ data. The data is siloed, access controlled, and auditable. We do not combine data across partners, and we would not be allowed to under our agreements or the law."
Google Q&A - What does the name “Nightingale” come from?
"It’s actually the code name that both parties are using for this project, nothing more. We use code names for many different things--customers, products, etc."