HBR: Why healthcare leaders should be cautious with Project Nightingale

Despite the fact that the partnership between Google and St. Louis-based Ascension to gather and share patient data may meet the guidelines of HIPAA, it doesn't mean that healthcare leaders shouldn't be cautious, according to a Harvard Business Review article by David Blumenthal, MD, president of the Commenwealth Fund.

Project Nightingale made headlines last month after the Wall Street Journal reported that patients were unaware their data was being collected by the tech giant. Google will reportedly gather data from 50 million Ascension patients to create software and other tools that will support clinicians.

The project sparked investigations from HHS, and congressional leaders are also asking for more information on the project. However, Blumenthal writes, because HIPAA is an old rule, it is filled with holes that lawyers from Google and Ascension likely exploited to reach their agreement. Patient data, under HIPAA, can be shared without consent for three purposes: treatment, payment and operations.

Google's initiatives with the patient data could qualify as meeting Ascension's operational needs, reports Dr. Blumenthal.

"However, even if the relationship turns out to be technically legal, it raises significant unresolved policy issues. The lawmakers who created HIPAA never anticipated the internet, IT behemoths like Google and Apple, or the skill of hackers who seem to penetrate the most secure data systems at will. It is one thing to share a dusty old paper record with an outside entity. It is quite another to send electronic versions off into the cloud where — despite a third party's best efforts — it might be hacked from anywhere on earth. HIPAA is likely no longer sufficient to reassure patients that their electronic health data is adequately protected," Dr. Blumenthal said in the HBR

More articles on cybersecurity:
Michigan insurer alerts members of data breach
Sentara Hospitals agrees to $2.2M HIPAA settlement for incorrectly reporting data breach
16 cybersecurity incidents in November

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers