Medical technology concept.

Google is collecting the health record data of millions of U.S. citizens, raising serious concerns about patient privacy.

According to a recent story published in The Wall Street Journal, Google has partnered with Ascension, the nation’s second largest health care system for Project Nightingale. 

The partnership gives Google full, non-anonymized access to “lab results, doctor diagnoses and hospitalization records… and amounts to a complete health history, including patient names and dates of birth” for millions of patients in 21 states.

The stated intention of Project Nightingale is “ultimately improving outcomes, reducing costs, and saving lives,” according to Google Cloud president Tariq Shaukat, who also see it helping developers “design new software, underpinned by advanced artificial intelligence and machine learning, that zeros in on individual patients to suggest changes to their care.”

Google’s access to patient data raises concerns among privacy advocates, particularly because at least 150 of the company’s employees have full access to highly personal information without patient consent or notification. 

Of perhaps even greater concern is the fact that Google’s apparent data mining is legal according to federal law, specifically the Health Insurance Portability and Accountability Act of 1996, or HIPAA. According to the U.S. Department of Health and Human Services, medical providers “may disclose protected health information to an entity in its role as a business associate only to help the covered entity carry out its health care functions.”

Google has recently made similar moves to expand its access to health and medical data, including its acquisition of Fitbit and that company’s data sharing partnership with the University of Chicago Medical Center. That move resulted in a class action lawsuit.