Google has been a hot topic this month in the healthcare industry and for a good reason. Announcing their $2.1 Billion acquisition of Fit Bit and their creation of Google Health and Verily has caused quite a buzz. The most current news introduces news that is exciting and concerning at the same time, Project Nightingale.
From the name, you might think that Google is working with some secret agency, and Project Nightingale is the secret initiative they are working on together. Well, the name creates more atmosphere than it warrants. Project Nightingale is a collaboration between Google and the healthcare provider, Ascension. Ascension is operating in 20 states and can gather information from more than 2,600 hospital systems. The main goal of Project Nightingale is to combine Google's AI and search capabilities with Ascension's medical records to build a search tool for medical professionals that would employ machine-learning algorithms. This machine-learning would process data and make recommendations for prescriptions, diagnoses, and even which doctors should be on a patient's doctor team based on their credentials.
Some may say, “Wow, technology sure has come a long way!” While others will tout their concerns about patient data privacy and HIPAA compliance. The latter concern would have merit. Still, Google and Ascension have followed all the HIPAA compliance requirements for sharing Patient Health Records with Third-Party Entities, meaning that Project Nightingale is in full compliance. Being within full compliance of the 1996 HIPAA laws brings up even more concerns about the HIPAA laws themselves. Many healthcare professionals are stressing that the HIPAA laws were created in a time before big data and that they need to be revisited and updated for the current environment of the healthcare-tech revolution.
These concerns are valid enough for the Department of Health and Human Services to probe the legality of the deal. Google stresses that their company is a “business associate” and not a health-care provider. This difference would require a different level of scrutiny. If Google is determined to be a health-care provider, then they would violate the law, and the matter would be referred to the Department of Justice. Only time will tell what the outcome of their investigation will be.
The swiftly moving landscape of healthcare and technology muddies the waters making it more important than ever to have HIPAA compliance professionals on your team. Your practice can do this with in house experts or IT professionals like Medicus IT to ensure you are HIPAA compliant at all times. You don’t want your efforts to improve healthcare for your patients squashed by the bureaucratic red tape, do you? Let us help!