Google Stumbles into Healthcare

Google’s researchers apparently didn’t obtain HIPAA releases from patients.

Recently, Google has made some stunning stumbles as it moves into the realm of handling healthcare data. 

First, this is surprising, considering the growing distrust among the public and regulators of platforms like Google and Facebook. Second, and more surprisingly, it seems Google failed to make sure it brought people to the projects who understood HIPAA.

On Nov. 11, Ascension announced on its website:

“Ascension, one of the nation’s leading non-profit health systems, is working with Google to optimize the health and wellness of individuals and communities, and deliver a comprehensive portfolio of digital capabilities that enhance the experience of Ascension consumers, patients, and clinical providers across the continuum of care.”

“The Ascension-Google collaboration will include:    

  • Modernizing Ascension’s infrastructure by transitioning to the secure, reliable, and intelligent Google Cloud Platform. Key elements of this work will focus on network and system connectivity, data integration, privacy and security, and compliance.
  • Transitioning to Google’s G Suite productivity and collaboration tools. Using G Suite will enhance Ascension associates’ ability to communicate and collaborate securely in real-time, supporting interdisciplinary care and operations teams across Ascension sites of care.
  • Exploring artificial intelligence/machine learning applications that will have the potential to support improvements in clinical quality and effectiveness, patient safety, and advocacy on behalf of vulnerable populations, as well as increase consumer and provider satisfaction.”

Just days later, Google was apparently caught off-guard by what would have been one of the largest HIPAA violations in the history of HIPAA (the Health Insurance Portability and Accountability Act).

On Nov. 15, two days before Google was set to publicly post more than 100,000 images of human chest X-rays, they got a call from the National Institutes of Health (NIH), which had provided the images: and NIH noted that some of them contained details that could be used to identify the patients.

Google canceled the project. This is based on emails reviewed by The Washington Post and an interview with a person familiar with the matter, who spoke on the condition of anonymity to Washington Post reporters.

Stunningly, it appears that Google’s researchers didn’t obtain HIPAA releases from patients. They had rushed ahead without any thought of compliance issues. These assertions were apparently documented in emails the Washington Post obtained from a Freedom of Information Act request.

Considering our current political environment, in this election cycle, it would be very surprising to see regulators taking up privacy concerns like this one with Google. My question is, would you trust your medical records to the same people who don’t care if their subscribers running for elected office post fake political ads?

Facebook
Twitter
LinkedIn
Email
Print

Timothy Powell, CPA

Timothy Powell is a nationally recognized expert on regulatory matters, including the False Claims Act, Zone Program Integrity Contractor (ZPIC) audits, and U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) compliance. He is a member of the RACmonitor editorial board and a national correspondent for Monitor Mondays.

Related Stories

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Mastering Good Faith Estimates Under the No Surprises Act: Compliance and Best Practices

Mastering Good Faith Estimates Under the No Surprises Act: Compliance and Best Practices

The No Surprises Act (NSA) presents a challenge for hospitals and providers who must provide Good Faith Estimates (GFEs) for all schedulable services for self-pay and uninsured patients. Compliance is necessary, but few hospitals have been able to fully comply with the requirements despite being a year into the NSA. This webcast provides an overview of the NSA/GFE policy, its impact, and a step-by-step process to adhere to the requirements and avoid non-compliance penalties.

Mastering E&M Guidelines: Empowering Providers for Accurate Service Documentation and Scenario Understanding in 2023

Mastering E&M Guidelines: Empowering Providers for Accurate Service Documentation and Scenario Understanding in 2023

This expert-guided webcast will showcase tips for providers to ensure appropriate capture of the work performed for a visit. Comprehensive examples will be given that demonstrate documentation gaps and how to educate providers on the documentation necessary to appropriately assign a level of service. You will gain clarification on answers regarding emergency department and urgent care coding circumstances as well as a review of how/when it is appropriate to code for E&M in radiology and more.

June 21, 2023
Breaking Down the Proposed IPPS Rule for FY 2024: Top Impacts You Need to Know

Breaking Down the Proposed IPPS Rule for FY 2024: Top Impacts You Need to Know

Set yourself up for financial and compliance success with expert guidance that breaks down the impactful changes including MS-DRG methodology, surgical hierarchy updates, and many new technology add-on payments (NTAPs). Identify areas of potential challenge ahead of time and master solutions for all 2024 Proposed IPPS changes.

May 24, 2023

Trending News