The University of Chicago, its medical center and Google have been hit with a lawsuit contending that the hospital shared hundreds of thousands of patient records with the tech giant which included identifiable data.
The suit was filed on behalf of Matt Dinerstein, who stayed at the University of Chicago Medical Center twice in June 2015.
According to an article published in The New York Times, the University of Chicago Medical Center announced in 2017 that it had formed a partnership under which it would share patient data with Google. The two agreed to jointly develop predictive models based on machine learning which would reduce hospital readmissions, cut complication rates and reduce mortality rates.
Google also cut similar deals with other academic medical centers, including Stanford University and the University of California, San Francisco, which haven’t attracted unwanted attention to date.
However, In the course of conducting its research, the U of Chicago and Google partnership may have dropped the privacy ball. According to the lawsuit, the two organizations didn’t take the necessary steps to completely de-identify the patient data they used, leaving identifiable date stamps and doctors’ notes attached to patient records.
The complaint contends that by combining the date stamps with information it already has in house — such as location data from smartphones running Android — Google could figure out the identity of the patient, though it doesn’t offer evidence that Google made an attempt to do so or otherwise misused the information provided by University, the article notes.
In response to the lawsuit, both Google and the medical center has issued statements denying the accusations it makes and asserting that they followed HIPAA rules related to patient privacy. Google, for its part, noted that HIPAA allows for disclosure of personal health information without authorization in certain situations for research purposes.
Obviously, accusations like these open up not just a can of worms but perhaps a vat full for Google, starting with but far from limited to the fact that even the big G can’t afford to aggravate federal HIPAA watchdogs.
An even bigger issue than HIPAA compliance, if there is such a thing, is that losing such a lawsuit could force Google to play defense rather than keep building out its pipeline of health data innovations.
Over the last few years, the search giant has quietly wriggled its tentacles into virtually every important area of health data analytics.
While Google hasn’t exactly been secretive about its healthcare efforts, it hasn’t been hyping them either in most cases. For example, as I reported a few months ago, Google recently filed an application with the US Patent Office for a new system which would help physicians figure out which patients had the most urgent need for their attention. We’re talking primo AI-in-healthcare territory here, though the search giant is just getting rolling.
If I were Google, I’d certainly prefer to keep extending my pseudopods quietly into new healthcare data markets without jockeying for control.
But a case like the U of Chicago matter could threaten Google’s strategy. Few events could do more to undermine its slow-and-steady approach to healthcare data development projects than a splashy court battle leaving consumers with the impression that it doesn’t care about their privacy.