Amazon, IBM, Microsoft have access to millions of medical records: WSJ

Amazon Web Services, IBM and Microsoft are among the big tech companies to make deals with hospitals and health systems to analyze patients' medical records in order to develop new solutions, according to The Wall Street Journal.

Microsoft signed an agreement with Renton, Wash.-based Providence St. Joseph Health, which records around 20 million patient visits annually. The limited amount of patient data being shared with Microsoft has been stripped of personally identifiable information. Additionally, all the data is being controled by Providence St. Joseph Health, according to the health system. In its partnership with the health system, Microsoft plans to develop cancer algorithms. Providence St. Jospeh Health is not selling data to Microsoft 

With additional safeguards in place, Providence St. Jospeh Health's Institutional Review Board gave approval for the research project, which is also HIPAA-compliant. 

"We are committed to open and transparent communication and will continue to share more details about our Microsoft partnership as it develops," said a representative from Providence St. Joseph Health to Becker's Hospital Review. "Data holds an important key to unlocking advances in healthcare. As we move into the digital age, we are committed to protecting that information and making sure it is used responsibly for the common good."

Boston-based Brigham and Women's Hospital partnered with IBM. In the deal, IBM is using patient data to create artificial intelligence that will allow clinicians to share data for specific requests. As of now, Brigham and Women's Hospital has not shared personally identifiable information, reports WSJ.

Seattle-based Fred Hutchinson Cancer Research Center signed a deal with Amazon Web Services that gives the tech company permission to access patients' health information. AWS is using that data to design software that can read medical notes.

While these deals may raise concerns for patients and providers, there is no indication of wrongdoing. Under HIPAA, hospitals are allowed to share data with business partners without asking for patients' permission.

This may be just the beginning of hospitals becoming brokers to tech companies as the data hospitals store becomes more lucrative.

Editor's note: This story was updated Feb. 18, 2020, to include a statement from Providence St. Joseph Health. 

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.