US lawmakers ask Google to elaborate on patient data sharing agreement with Ascension News
FirmBee / Pixabay
US lawmakers ask Google to elaborate on patient data sharing agreement with Ascension

US Senators Elizabeth Warren, Richard Blumenthal and Bill Cassidy sent a letter to Google Wednesday requesting more information about their new partnership with Ascension in which Google stands to access millions of patient health records. The letter alleges that patients of health care entities owned by Ascension have not properly consented to sharing their information with Google, and the new partnership potentially has major privacy and competition violations.

Ascension is a major non-profit health system that owns and operates more than 2,600 sites of care, including hospitals, clinics and senior living facilities. Ascension services roughly 50 million patients, and in doing so, store their health information accordingly.

The major federal law regulating patient information is the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Under HIPAA, patient data must be securely stored and only shared with entities that are compliant with the federal law.

Google’s partnership with Ascension, referred to as Project Nightingale, came to light Monday, and it was later reported that the US Department of Health and Human Services Office for Civil Rights opened a federal inquiry.

In the letter, the senators expressed concern about Google’s past and future compliance with HIPAA. After outlining their concerns, noting the company’s turbulent history with patient information, the senators asked the company a range of questions about Project Nightingale. Specifically, they requested more information about any other health systems from which Google is receiving information, whether Ascension clients can choose not to disclose their information and if the data will be used for advertising purposes.

According to a press release issued by Cassidy’s office, Cassidy met with Google Health officials and said it became obvious that “Congress must clearly define protections for patient health information.”