Google has come under scrutiny after a report in The Wall Street Journal noted that a newly signed cloud computing deal with a healthcare customer could give the tech giant “detailed personal-health information of millions of people across 21 states.”
The deal, which was previously announced on Google parent company Alphabet’s July earnings call, is with St. Louis-based Ascension, a Catholic health system non-profit that says it is “committed to providing compassionate, personalized healthcare services” for individuals and communities.
In a blog post published after The Journal report, Google’s Tariq Shaukat defended the deal and shed additional light on it.
“Back in July, on our Q2 earnings call, we announced ‘Google Cloud’s AI and ML solutions are helping healthcare organizations like Ascension improve the healthcare experience and outcomes,'” Shaukat wrote in the blog post. “Our work with Ascension is exactly that—a business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers.”
“These organizations, like Ascension, use Google to securely manage their patient data, under strict privacy and security standards,” he added. “They are the stewards of the data, and we provide services on their behalf.”
Known internally as “Project Nightingale,” The Journal reported that Google’s deal involves data such as “lab results, doctor diagnoses and hospitalization records, among other categories,” adding that it “amounts to a complete health history, including patient names and dates of birth.”
Shaukat continued saying the deal would focus on three areas: moving Ascension’s infrastructure to the cloud; using G Suite productivity tools such as Google Docs; and “extending tools to doctors and nurses to improve care.”
He stressed that the work with Ascension is compliant with HIPAA (Health Insurance Portability and Accountability Act) and there is “strict guidance” on data privacy, security and usage. Google also has a Business Associate Agreement with Ascension, which Shaukat said “governs access to Protected Health Information for the purpose of helping providers support patient care,” calling it “standard practice” in the healthcare industry.
A Google spokesperson referred Fox News to Shaukat’s blog post when asked for additional comment.
Ascension’s Chief Marketing and Communications Officer Nick Ragone told Fox News via email that the deal is “HIPAA compliant,” while also pointing to a press release from Ascension that the deal is “underpinned by a robust data security and protection effort” and adheres “to Ascension’s strict requirements for data handling.”
Shaukat stressed that the deal with Ascension is not for any other purpose than the services that are being offered and the patient data “cannot and will not be combined with any Google consumer data.”
The Journal reported that neither patients nor doctors have yet been notified and “at least 150 Google employees already have access to much of the data on tens of millions of patients,” citing a person familiar with the matter and the documents.
Earlier this month, Google announced it would buy Fitbit, a wearable tech company, for $2.1 billion, as it looks to push further into the wearable device and digital health markets.