Google and the University of Chicago Medical Center are being sued for violating patients' privacy following a data-sharing partnership that the two parties inked two years ago.
A new class action lawsuit, which was first reported on by the New York Times, accuses the hospital system of sharing data with the tech conglomerate that could be identifiable, namely doctor’s notes and the time frame of their visits.
“In an attempt to provide the public a false sense of security over the legitimate privacy concerns with these practices, Google and the University claimed the medical records were de-identified,” the suit, which was obtained by Daily Caller, said. “But that’s incredibly misleading. The records the University provided Google included detailed date stamps and copious free-text notes.”
The suit goes on to accuse the health center of misleading patients about who their information would be shared with.
“The disclosure of EHRs here is even more egregious because the University promised in its patient admission forms that it would not disclose patients’ records to third parties, like Google, for commercial purposes,” it reads. “Nevertheless, the University did not notify its patients, let alone obtain their express consent, before turning over their confidential medical records to Google for its own commercial gain.”
The author of the suit links the patient data agreement to Google’s acquisition of artificial intelligence company DeepMind, and suggests that this technology has the ability to make connections within the health records.
“In the year following Google’s massive medical data grab, it fully absorbed and took control of a division of DeepMind known as “DeepMind Health,” for the specific purpose of analyzing medical records and creating commercial products. Google’s access to DeepMind’s technology allows it to find connections between various data points (i.e. from EHRs and Google users’ data).”
The lawsuit accuses the partners of violating HIPAA for the development of new Google products.
“The University provided Google a partner willing to turn over the information that it desperately needed. Indeed, the University — seeking not much more than notoriety for its collaboration with Google in the development of healthcare products — was happy to turn over the confidential, highly sensitive and HIPAA-protected records of every patient who walked through its doors between 2009 and 2016. Ultimately, by getting the University to turn over these records, Google quietly pulled off a feat that other tech giants (like Facebook) have had to abandon under mounting public pressure for other gross privacy violations.”
The class action suit — which includes counts of a violation of contract, breach of implied contract, intrusion upon seclusion and unjust enrichment — is seeking an award in damages. It is also calling for the University of Chicago to cease disclosing identifiable patient records to a third party without consent.
Google said that the organization priortizes privacy and does not take HIPAA regulation lightly.
“We believe our healthcare research could help save lives in the future, which is why we take privacy seriously and follow all relevant rules and regulations in our handling of health data. In particular, we take compliance with HIPAA seriously, including in the receipt and use of the limited data set provided by the University of Chicago,” a Google Spokesperson, wrote in an email to MobiHealthNews.
WHY IT MATTERS
Tech giants like Google, Amazon and Facebook are continuing to play a bigger role in the healthcare space. However, there is still a lot of mistrust circulating about these players entering into a field due to privacy and data sharing concerns. Just in April, hundreds of millions of Facebook users' data was exposed on Amazon’s cloud computing service. Breaches like this and accusations of misuse have left many skeptical of whether big tech is capable of maintaining patient confidentiality.
THE LARGER TREND
This isn’t the first time Google has been in hot water for data sharing. In 2016 the UK’s NHS signed a deal with Deep Mind that led to press and UK government criticism after an investigative report by the New Scientist revealed that Google would have access to a huge trove of patient data without the patients' express consent, a potential violation of NHS information governance principles.
