The federal Department of Health and Human Services is demonstrating reasonable caution and proper oversight in launching an investigation into the new collaboration between Google and the nation’s second-largest largest health system to collect data on 50 million patients.
The inquiry, by the HHS Office of Civil Rights, will focus on compliance with federal laws protecting patient information by Google and its partner, the St. Louis-based Ascension hospital chain, which has been sharing patient-specific information with Google without notifying the patients or the doctors involved.
Google has named the arrangement Project Nightingale, after the famous Victorian nursing volunteer who visited sick soldiers in the Crimean War and who lobbied successfully for major improvements in their care. She also was a pioneer in the use of statistics to improve health care, something that Google and Ascension say they are seeking to do.
But Google is no altruistic Florence Nightingale. It is a powerful profit-making institution that already has an immense amount of data on most Americans. The deal with Ascension will give it even more. How it manages and uses this trove should be of keen interest to every American, especially with Google already under a consent decree because of privacy and security violations.
There undoubtedly is room for profit for both Google and Ascension in using detailed data to improve many hospital operations. For example, McKinsey, the leading management consulting firm, has estimated that the health care industry could save 30 percent of its current administrative costs by improving the automation of its billing and insurance-related systems. The data could also help Ascension improve the best practices of its medical staff and outcomes for patients and avoid unnecessary and costly medical procedures. Other tech companies already are pushing into this field.
All of this is potentially important for reducing the overall costs of health care, which now take up nearly $1 out of every $5 in the national economy. But at this stage the individual who is the source of all of this health information is not part of the loop in deciding how it is going to be used, which raises some unsettling questions.
It is important for government overseers to keep in mind that Google’s main business is collecting personal information from its users and selling it to advertisers. A red-flag report from the Financial Times of London discloses that Google and other vendors are already collecting and selling personal health information gleaned from individual visits to popular health websites.
As a first step Google must show that it has built an impermeable firewall between its data collected from Ascension and the data that it sells to advertisers.
Beyond the benefit to Google and Ascension from their deal, there are other ways big medical data could be used to improve the national health care system. Government regulators should be careful not to block such uses as they develop, provided patient privacy is strictly maintained.
Stripped of personal identifiers, health data such as Google is collecting in Project Nightingale could be a tool for identifying which providers offer the best value for services. This information could be used by insurers when negotiating prices with providers and by individuals seeking the best way to spend their medical dollars. A medical version of Consumer Reports would be useful in the effort to bring more market discipline to health care and slow or reverse its costs.
Regulators must proceed cautiously as they examine how this deal could lead to those promising outcomes while also protecting our privacy.