A potential class-action lawsuit is alleging that Google and the University of Chicago Medical Center violated hospital patients’ privacy in a 2017 data-sharing agreement.
The suit, filed in federal court in Illinois on Wednesday night, claims that the agreement to study ways to apply machine learning to health care violated privacy laws governing the sharing of medical information.
“While tech giants have dominated the news over the last few years for repeatedly violating consumers’ privacy, Google managed to fly under the radar as it pulled off what is likely the greatest heist of consumer medical records in history,” the lawsuit alleges.
The lawsuit was brought on behalf of patients whose data was included in the partnership and filed in U.S. District Court for the Northern District of Illinois.
The collaboration was touted as a way to study how artificial intelligence (AI) could be used to improve health care by enabling doctors to make better predictions and decisions about their patients. Google says that its AI can lower health care costs and ultimately save lives.
Ashley Heher, a spokeswoman for the University of Chicago Medical Center, said that the lawsuit is without merit and that the center has complied with all privacy and health laws.
“As a leading research institution, the Medical Center also pursues research partnerships to advance health care, improve patient outcomes and find cures for diseases,” Heher said in a statement.
“The Medical Center entered into a research partnership with Google as part of the Medical Center’s continuing efforts to improve the lives of its patients,” she added. “That research partnership was appropriate and legal and the claims asserted in this case are baseless and a disservice to the Medical Center’s fundamental mission of improving the lives of its patients. The University and the Medical Center will vigorously defend this action in court.”
Google said its use of the limited dataset was justified and the decision was reviewed by multiple oversight advisers at the hospital.
“We believe our healthcare research could help save lives in the future, which is why we take privacy seriously and follow all relevant rules and regulations in our handling of health data,” Google spokesman Jose Castaneda said in an emailed statement. “In particular, we take compliance with HIPAA seriously, including in the receipt and use of the limited data set provided by the University of Chicago.”
The lawsuit accuses the hospital of not properly anonymizing the patient data shared with Google as required by the 1996 Health Insurance Portability and Accountability Act (HIPAA). The filing alleges that dates included in the health records could easily be used by Google, in combination with its vast stores of user data, to identify the patients.
“Beyond the vast amount of personal information Google possesses, and its incredibly powerful analytics capabilities (including DeepMind Health), Google has in its possession detailed geolocation information that it can use to pinpoint and match exactly when certain people entered and exited the University’s hospital,” the lawsuit reads.
Date: July 10, 2019
Source: The Hill
