News: Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans

[Arcadia]

From WSJ https://www.wsj.com/amp/articles/google-s-secret-project-nightingale-gathers-personal-health-data-on-millions-of-americans-11573496790

Non paywall link https://www.businessinsider.com/google-ascension-collecting-private-health-data-wall-street-journal-2019-11

“Google began Project Nightingale in secret last year with St. Louis-based Ascension, the second-largest health system in the U.S., with the data sharing accelerating since summer, according to internal documents.

The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth.

Neither patients nor doctors have been notified. At least 150 Google employees already have access to much of the data on tens of millions of patients, according to a person familiar with the matter and the documents.

Some Ascension employees have raised questions about the way the data is being collected and shared, both from a technological and ethical perspective, according to the people familiar with the project. But privacy experts said it appeared to be permissible under federal law. That law, the Health Insurance Portability and Accountability Act of 1996, generally allows hospitals to share data with business partners without telling patients, as long as the information is used “only to help the covered entity carry out its health care functions.”

Google in this case is using the data, in part, to design new software, underpinned by advanced artificial intelligence and machine learning, that zeroes in on individual patients to suggest changes to their care. Staffers across Alphabet Inc. , Google’s parent, have access to the patient information, internal documents show, including some employees of Google Brain, a research science division credited with some of the company’s biggest breakthroughs.

In a press release issued after The Wall Street Journal reported on Project Nightingale on Monday, the companies said the initiative is compliant with federal health law and includes robust protections for patient data.”

[Jaybee]

I know that somehow some of my medical information is getting out there, because I get ads for medical paraphernalia as well as articles on Facebook that are applicable to me, even though I post none of that type of info on Facebook. 😡 It's infuriating.

[easypeasy]

What the actual heck. 🤯

[Pawz4me]

7 hours ago, Æthelthryth the Texan said:

If you want to go down a really interesting conspiracy trail, it's looking into how bad 23andme's reference ranges are, along with their entire host of earlier issues that caused the FDA to deny them approval for so many years. I honestly think the panel got paid into green lighting them approval- makes me sound like a tin foil conspiracist, but on this type of thing maybe I am. If you saw how crooked they were and how many issues they had/have,  and how much overlap there is between all of these genetic companies, their venture capitalists funding them, and how they work their funding and grants through the well known research hospitals to access data in return for more funding/access to equipment and facilities-not to mention the PI's are making big bucks sitting on the VC and start up boards, and then Big Data, you wouldn't believe it......you can disclose all sorts of conflict of interests, and its never going to show the whole picture and it doesn't stop anyone from raking in a % of their grants. The research centers aren't about to dump them because they bring in too much money. It's really musical chairs at this point within the research hospitals on many fronts. Highest bidder. No one cares, and rarely doesn't any one look - no one on the inside of all of this is caring about patient confidentiality or protecting anyone's data. They are either in it for the money, the fame of getting the next cutting edge publication, or both.

The only reason it hasn't blown up more in the media imo is it's its not killing anyone that they know of. If you try to access their reference ranges for any of the OTC gene tests through Google, you constantly get rerouted to sites that only show them in a positive light and that's what happens when you combine the powers of Big Data with genomics for profit. People were outraged by the BRCA test being patented and how that whole thing would play out- it was overturned,  but that was just the start, and now people are willing handing over bucket loads of cash for similar. It's hard to cry foul when people are willingly handing it over.

Part of me gets it, because it's such a complex field. People have no idea exactly what they are handing over and that it doesn't just affect them- it's going to follow them and their kids and their grandkids and nephews and nieces and on and on.......It just ticks me off that such a powerful thing was just dumped over where anyone can have it with complete sign off by multiple national govts. It's really irresponsible. (But of course they want the data too......)

Then you have the angle of where the genetics companies like 23 shadow partner with the supplement/psuedo-herbal industry and it's a match made in exploitation heaven, because it's not as regulated as it is with actual pharma. Although that can happen too. But the vitamin/supplement industry and telling people they have this or that mutation so they need this and all will be well? Hello$$$$$. No one is getting the funding to run enough of the other studies to show these type of "hobby" type mutations and supplements to matter so it's a snake oil paradise right now. (I'm not saying that every single thing is a fraud, because i know I'm going to get quoted that someone had this mutation and took this supplement and it cured them and made them have eternal life- hope springs and all-- but I do think more are than are not unproven to put it mildly, and I think they exploit certain vulnerable subpops in particular where they have no where else for hope, so "why not" is the attitude.) 

As a side note, I personally think in another decade a lot of their "results" are going to be shown as false, or at a minimum misleading and inaccurate- their reference ranges blow by and large-  but it's hard to go into in a post like this and I don't have access to the journal databases to cite here that I did when I worked in genomics. I just really wish people didn't see it as an innocent hobby/passtime sort of thing. I think the OPs article shows that in spades. 

I totally agree with you on all of this. Someone would have to pay me hugely big bucks to do something like 23andme. And I admit to kinda mentally rolling my eyes anytime someone mentions it or other genetic testing companies. Yeah, right (no).

But I do kinda sorta disagree with you on electronic medical records. I was leery of them at first, but after DH's cancer diagnosis--it makes consulting between different specialists SO very much easier than having to run around here and there and everywhere collecting hard copies, or trying to get one office to send something to another. Our experience with a serious illness really changed my mind, and I do believe that for many people the benefits of EMRs outweigh any risks.

[Cecropia]

Google is acquiring Fitbit, too.  It will add people's historical and real-time fitness records to the trove of healthcare data it already has.

https://www.usatoday.com/story/tech/2019/11/01/fitbit-being-bought-out-google-parent-company-alphabet/4121246002/

[Carol in Cal.]

Also, having to enter those electronic records diverts nursing attention to the computer away from the patient.

When a family member was hospitalized after a bad fall two years back, the nurse would come into the room to check her but barely look at her.  And the meds records about her current prescriptions were wrong for literally weeks.

[Laurie]

On 11/11/2019 at 7:51 PM, Æthelthryth the Texan said:

 

As a side note, I personally think in another decade a lot of their "results" are going to be shown as false, or at a minimum misleading and inaccurate- their reference ranges blow by and large-  but it's hard to go into in a post like this and I don't have access to the journal databases to cite here that I did when I worked in genomics. I just really wish people didn't see it as an innocent hobby/passtime sort of thing. I think the OPs article shows that in spades. 

You might enjoy reading this (maybe enjoy is the wrong word...)  :  https://thednaexchange.com/2017/07/23/sour-grapes-a-tragicomic-dystopia-set-in-the-consumer-genomics-counseling-space/#comments

[TravelingChris]

On 11/12/2019 at 9:15 AM, Æthelthryth the Texan said:

On the medical records, these are a few of the reasons I think the risks outweigh the benefits still at this point- it seems like you had a good service experience but here are the behind the scenes issues I find concerning. 

1) Even within a lot of large institutions they don't "talk" to each other on their systems well to this day, so things don't get properly sent or transferred. Some of this is because the Federal Govt still has rules about how medical information is transferred that belongs in the 20th century, not now.  They have to fax them in most cases, or mail a hard copy- even within the same Org in many/most circumstances if they aren't physically linked in the same location.  And to make it even better, the kicker is, most faxes are now over email, so you have records often times going unencrypted if they're going to non physical fax machines. What if someone types in a wrong number? Happens.  So although the facility may seem high tech with everything digitized, and the Doctor having everything on his laptop or tablet in the room, at his finger tops, how those records got there is still antiquated. Even if they can pull up a scan on computer instantly and show you- most of the time they had to mail a hard copy somewhere, on a disk to get to the secondary specialist (if they aren't in the same hospital/facility. The Fed Law hasn't kept up on these regulations, so they are actually often transmitted in the LEAST secure way possible because that's the law. Then you throw state laws on top of it and it really becomes crazy town, because every state has different laws about accessing/storing/transferring those records. 

2) The people handling and scanning all of these records, especially when they are moving them to other places, scanning and storing, or say accessing for legal reasons (fraud cases, malpractice, lawsuits etc.) are oftentimes minimum wage level, which equate to high turn over in almost all cases,  and now they have the ability to stick a thumb drive into a computer and pull down thousands of records and personalized information like that. Or take screen shots with their phones. Or a place lets them "work from home" and doesn't even require VPN access, so although they have the "no phone" rule to try and combat data theft in the office place, they turn around and let them work from home, on an unsecured network and access your records from their house. And even if the person themselves has no ill intent, that doesn't mean that their system is secure. So right there is all of it- socials, insurance numbers, addresses, payment numbers, medical histories, all of it.  

When records are kept within office on paper files, of course you could hav someone who surreptitiously is copying things, but it's harder to do in bulk scale that way. And now health insurance fraud is a very real thing- so that information is valuable. 

3) Then you have the error rate. The e-records are not as reliable as everyone had hoped. They were supposed to ensure better care- I know some of the reasoning was that there would be fewer errors due to misinterpreting of handwriting- and lower error rate, but that's not bearing out. The companies making the e-systems aren't flawless and there are more than a few glitches in the systems. Some of these systems have been under Federal Investigation there have been so many problems, injuries and deaths, but they go under the radar because the companies pay and settle out of court- with the Federal Government mind you- not the patients. THat's how it works a lot of the time- the companies will just pay off for their mistake and take it as a loss, but they are making buckets of money with the new e-regs, so who cares if you get fined $30 million. You'll bounce back the next quarter. The FDA sets the regs and standards, and then the take the corporations to task, IF the makers get caught, but then they are still allowed to keep making the software/handling the product and keep on keeping on. It's completely an insane system. It shouldn't take a lot of googling to pull up what I'm saying if anyone wants to verify. The info is there- you just have to know to look for it. 

Those are only a few things that are massive flags, so I don't take up even more room, but e-records are definitely not the wonderful thing they are made out to be. 

How about this one--- they are incorrect because they do not have all diagnoses on there-  for example-- I have labile hypertention, which is not the same as regular hypertension,.  I have secondary fibromyalgia, which is not the same as primary fibromyalgia.  Blood problems can be loads of things.  Half of the doctors do not have even things like osteopenia--- just osteoporisis.  And forget things like Juvenile ideopathic osteoporosis that one of my kids had.  A  lot of them have check off boxes only and life isn't delinated like that.

Edited November 18, 2019 by TravelingChris

[Valley Girl]

Accuracy of records...bah!

I took DS to the local children's hospital for a first-time appointment. I handed the appropriate person the forms listing his current meds. The summary I got back had an outdated listed from the pediatrician on it. Why ask me for a list if you're going to ignore it? We haven't been back for a follow-up, so I don't know if they bothered correcting it. (I did correct it a second time via phone a few months ago.)

While I can see the benefits of having information available electronically, the risks and potential for abuse/misuse far outweigh them. To deny that is naive at best. Sinister at worst. (In my not-so-humble opinion.)

[TravelingChris]

1 hour ago, Æthelthryth the Texan said:

That's weird, because they should have the ability to input things to code for ICD-10, which would need that level of detail (and has it). The coding determines the reimbursement (unless they are concierge or something that doesn't take insurance or Medicaid/care). Most of them are buying off the shelve systems and not designing their own, so that's a doctor in a hurry it sound like. 

I checked.  There is no code for labile hypertension, though it is certainly in the medical literature as a true hypertension variant.  There is no secondary fibromyalgia.  There is no Sjogren's Syndrome---- it is labeled sicca syndrome  and has to be categorized as having eye problems, or whatever specific problems when it is a actual autoimmune disease.    And I could go on and on and on.  When you have a very complicated medical situation- like I have and my kids have, check offs and codes do not tell the whole story at all.  You need notes.

[TravelingChris]

1 hour ago, Æthelthryth the Texan said:

That's weird, because they should have the ability to input things to code for ICD-10, which would need that level of detail (and has it). The coding determines the reimbursement (unless they are concierge or something that doesn't take insurance or Medicaid/care). Most of them are buying off the shelve systems and not designing their own, so that's a doctor in a hurry it sound like. 

I checked.  No labile hypertension.  No secondary fibromyalgia.  No Sjogren's Syndrome--- which is the second most diagnosed autoimmune rheumatological condition.  etc,etc.  When you have a very complicated medical history- no check off boxes nor ICD codes can adequately cover such a situation.  That is the case with me and all three of my children, my son in law and even my pretty healthy husband does not fit neatly into codes and boxes because he has a genetic inability to basically make Vit D from sun ir makes it very, very poorly which is why one of my daughters who inherited that issue from him and some sort of hypermobility/fracture issue from me, ended up with osteoporosis as a child.

[Arcadia]

Google collaboration with Mayo Clinic https://www.medcitybeat.com/news-blog/2019/mayo-clinic-google-partnership

“The bombshell article, and the national debate that has resulted from it, comes as Mayo begins a similar arrangement with Google.

In September, the two organizations announced a 10-year partnership in which Mayo will store its medical, genetic and financial data in the Google Cloud. Central to the agreement is a plan for Mayo to work with the tech giant to translate troves of patient data into functional tools designed to improve the delivery of personalized healthcare.

For its part, Mayo maintains that the relationship has safeguards built in that will prevent the kind of data transfer outlined in the WSJ report. The Rochester-based hospital system points out that the agreement prevents any partner, including Google, from having independent access to private patient data. It also notes that Google will be contractually prohibited from combining Mayo data with any other data, such as the information Google collects for commercial purposes through its search engine.

“Mayo Clinic will manage access to all data using rigorous long-standing institutional controls and will specifically authorize the use of data for joint research projects that solve health care problems,” Mayo spokesperson Duska Anastasijevic said in an email this week.

Asked about the report from the WSJ, and whether it had raised any red flags regarding Google’s management of patient data, Anastasijevic said Mayo could not comment on the dealings of Google and other businesses, but that it remains proud of the partnership between the two institutions.

“Patients’ best interests are at the core of everything we do and we recognize the trust that patients place in Mayo Clinic,” she said. “We take our commitment to privacy and security very seriously, and selection of Google as a strategic technology partner will only bolster our data security and help us maintain patient privacy.”

...

However, according to Mayo leaders, that is all expected to change as large tech companies begin to seek inroads into the $3.5 trillion industry.

“That environment [of technological disruption] is coming to healthcare,” said Adam Brase, division chair for strategic intelligence, in a presentation this week to the Destination Medical Center Corporation board.

For Mayo, preparing for the next wave of disruptive technologies means finding ways to leverage its patient data. One way that will work is to find partners like Google with the capabilities to make sense of it all.

“The technology that’s emerging, when you pair that with the data that’s generated in healthcare, which is massive, you apply artificial intelligence and machine learning to that, you can unlock things we can’t unlock today,” explained Brase.”

[kbutton]

4 hours ago, Valley Girl said:

Accuracy of records...bah!

I took DS to the local children's hospital for a first-time appointment. I handed the appropriate person the forms listing his current meds. The summary I got back had an outdated listed from the pediatrician on it. Why ask me for a list if you're going to ignore it? We haven't been back for a follow-up, so I don't know if they bothered correcting it. (I did correct it a second time via phone a few months ago.)

While I can see the benefits of having information available electronically, the risks and potential for abuse/misuse far outweigh them. To deny that is naive at best. Sinister at worst. (In my not-so-humble opinion.)

Usually the people asking for the information can't remove something another doctor put on the list. Sometimes the doctor can, but not likely the nurse or intake person entering the information. 

[Valley Girl]

On 11/18/2019 at 5:42 PM, kbutton said:

Usually the people asking for the information can't remove something another doctor put on the list. Sometimes the doctor can, but not likely the nurse or intake person entering the information. 

Good to know. I'm not trying to be argumentative, but surely someone in the office needs to be responsible for making corrections before we leave the office? There's zero value in being handed a visit "summary" that's completely incorrect. I think if it happens again, I'm going to hand it back to them and insist on getting it corrected while I'm there.