There has been much ado lately about a newly-revealed joint venture between Ascension Medical Group and Google. Ascension is the nation’s largest non-profit health care system; Ascension Medical Group is the company’s subsidiary physician group, with facilities in more than twenty states. Google is, well, Google. The joint venture being undertaken by these industry behemoths is known as “Project Nightingale.” Ascension and Google describe Nightingale as a treatment-focused initiative, designed to facilitate access and use of data in the medical records of Ascension’s patients. It also involves migrating Ascension’s data from proprietary storage to Google’s cloud-based storage. The software tool developed from this initiative allegedly makes it easier for a doctor to access and use specific patient data such as recent test results, medications, and more.
The initiative appears to be squarely of the type that HIPAA (the package of laws that protect a patient’s privacy) would permit to be undertaken by a provider’s “business associate.” The two companies assert that they have signed a business associate agreement (“BAA”), and also assert that the terms of the agreement prohibit Google from using Ascension’s PHI (Protected Health Information) for any other purpose than for provisioning this tool for use by Ascension clinicians. Further, the BAA allegedly prohibits Google from combining Ascension’s patient data with Google consumer data.
Nightingale is now under scrutiny from the HHS Office of Civil Rights (“OCR”), the office charged with enforcing HIPAA. The agency’s examination comes as no surprise given the controversies around Big Tech companies’ mass collection of data, privacy rights and who exactly has access to personal information and why. To help health care providers and consumers understand the issue, PLDO health care attorney Joel K. Goloskie explores the Nightingale controversy in his latest advisory, Project Nightingale and the Take-Away Lesson for Providers and Payors. The thought-provoking article provides readers with information as to why Nightingale has received such a storm of whistleblower complaints, public backlash and now, an OCR investigation. If you have questions on Project Nightingale or need assistance for your organization, please contact Attorney Goloskie at 401-824-6100 or email jgoloskie@pldolaw.com.
Disclaimer: This blog post is for informational purposes only. This blog is not legal advice and you should not use or rely on it as such. By reading this blog or our website, no attorney-client relationship is created. We do not provide legal advice to anyone except clients of the firm who have formally engaged us in writing to do so. This blog post may be considered attorney advertising in certain jurisdictions. The jurisdictions in which we practice license lawyers in the general practice of law, but do not license or certify any lawyer as an expert or specialist in any field of practice.
