Google’s Controversial Ascension
Jan. 6, 2020
The recent controversy over Ascension’s contract with Google is not surprising and should be seen as a teachable moment. Patient Health Information (PHI) is sensitive and people are right to feel protective of their information. After all, who wants their private health challenges posted on the internet?
It’s clear that Google did not release private health data to “Google”, their public search engine but the distinction seems lost in the court of public opinion. Google is a victim of their own success as “Google” is now a verb, not just a company and people are confused about the difference. Google, and companies that partner with them, should announce any new partnerships immediately and explain the services being provided, especially in the realm of healthcare. It’s too important to blunder.
I am an entrepreneur and I work with healthcare data to solve real human health problems that could not be addressed without access to private health data. My company, RazorMetrics analyzes patient’s prescription drug information and then makes recommendations to patients and their Doctors about lower-cost alternatives. This program saves the patient’s real dollars at the pharmacy. This program would not be possible without access to health information.
Current health data privacy laws strike just the right balance. If privacy were made too tight, then data would be locked into unusable silos and this would harm society. If privacy is made too loose, then healthcare information could be weaponized and would harm individuals.
Ascension had the right contract with Google, it’s called a Business Associate Agreement (BAA) and it defines who owns the data and how the data is to be managed. Thee BAA allows Google to be the steward of patient data, conduct analysis and provide insights to benefit Ascension’s patients and their care. That’s all they can do. They cannot advertise to patients, as this would be totally illegal.
These agreements are important and legally binding. The BAA is a standard contract between healthcare entities and companies that work with data to improve patient care. They generally state that the Private Health Information is the property of the healthcare entity and cannot be used by the contracting firm for any other commercial purpose. The ability for 3rd party companies to work with private information under contract for the betterment of patients is called “Safe Harbor” under healthcare operations within the HIPAA framework.
I have worked to bring unique solutions to serious health problems by using healthcare data in new, innovative ways but this would not have been possible without BAAs and Safe Harbor rules. The way this worked with my first company ePatientFinder, the Hospital retained ownership of the data and through the BAA, we agreed that ePatientFinder would work on behalf of health organizations to identify alternative treatments for patients with chronic diseases through clinical trials. This helped patients locate trials after regular healthcare treatments failed.
As someone who specializes in healthcare technology, it is clear that Ascension and Google should have announced the partnership and offered patients the ability to opt-out of the program. But, it was not wrong for Ascension to try and maximize benefits to their patients by using one of the best data managers and most secure cloud storage facilitators in the world.
Health and Human Services recently announced they will be conducting an inquiry into the Google and Ascension partnership and this is good. They are exercising their proper government oversight responsibilities and I predict the inquiry will be good for the situation. It’s important to show that our current privacy laws are strong and that the system we have in place works for individuals and for the betterment of society.
Tom Dorsett, CEO