Google and University of Chicago face lawsuit over shared patient data
Wow! This is scary. We wouldn’t want this to happen to your practice. Get Meducated!
The lawsuit says the university included timestamps and doctors notes with the data it shared.
A couple of years ago, Google teamed up with the University of Chicago Medicine to improve prediction in healthcare, which could help prevent complications and save lives. To be able to accomplish that, the university had to share patient data with Google, since machine learning requires vast amounts of data. But now a lawsuit filed against the tech giant and the education institution says a bit too much data changed hands in the process. According to The New York Times, the lawsuit, which is seeking class-action status, is accusing the hospital of sharing hundreds of thousands of patient records with identifiable date stamps and doctor’s notes.
Under HIPAA, medical providers are allowed to share data with others for research purposes, so long as they’re de-identified. The lawsuit asserts that the date and timestamps are a violation, especially since Google can collect information about people through other avenues. It could, theoretically, combine the date and time a patient went to the hospital with location data from Google Maps or Waze to uncover their identity.
According to CNET, part of the lawsuit reads: “The personal medical information obtained by Google is the most sensitive and intimate information in an individual’s life, and its unauthorized disclosure is far more damaging to an individual’s privacy” than compromised credit card or Social Security numbers. The plaintiffs are now accusing the university of consumer fraud and fraudulent business practices, because it didn’t receive express consent from patients to share their data. They’re also accusing Google of unjust enrichment.
That said, the lawsuit didn’t include evidence that Google misused the information the university provided. A Google spokesperson told NYT that the company followed all the relevant HIPAA rules and regulations in handling health data, because it believes its “health care research could help save lives in the future.” Even if the lawsuit gets dismissed, we might see more similar ones in the future as tech giants move into the healthcare space.
“We believe our healthcare research could help save lives in the future, which is why we take privacy seriously and follow all relevant rules and regulations in our handling of health data,” a Google spokesperson told Engadget.
“The Medical Center entered into a research partnership with Google as part of the Medical Center’s continuing efforts to improve the lives of its patients,” the University’s statement explains. “That research partnership was appropriate and legal and the claims asserted in this case are baseless and a disservice to the Medical Center’s fundamental mission of improving the lives of its patients. The University and the Medical Center will vigorously defend this action in court.”