Hospitals across the US have granted Microsoft, Amazon and IBM access to millions of patients' sensitive identifiable medical records amid fears ......
Jan. 20, 2020
Hospitals across the United States are said to have granted Microsoft, Amazon and IBM access to sensitive identifiable medical records.
The tech giants are each working with medical centers in Washington, Massachusetts and Minnesota, The Wall Street Journal reports.
But the breadth of access was not made immediately clear as the contracts were signed, according to the paper, although there is no suggestion of legal wrongdoing.
And it means information from millions of identifiable records could be handed over available as part of the deals to crunch the data.
Federal privacy laws do allow hospitals to share patient data. Consultant Lisa Bari said: 'Hospitals are massive containers of patient data. The data belongs to whoever has it.'
Microsoft is said to be building cancer algorithms with the help of data from Providence Health & Services, which is based Renton, Washington.
The doctor’s notes they are using are said to still contain information which can identify patients.
In Boston a deal between IBM and Brigham and Women’s Hospital allows the medical center to share data for particular requests, although they are yet to do so.
And in Seattle Amazon Web Services have access to individual patient information at the Fred Hutchinson Cancer Research Center.
DailyMail.com has contacted each of the health services and tech giants connected.
Microsoft executive Peter Lee said in December the data is still in Providence’s control. A spokesman for Providence said their actions were 'not intended to mislead'.
IBM said: 'Responsible data stewardship is core to our mission.' Brigham and Women’s Hospital have not commented publicly on the tech giant's ability to look at identifiable information.
Amazon Web Services say that any data protected under federal privacy laws is not used.
It comes in the wake of Google's Project Nightingale, alongside leading healthcare company Ascension, to gather millions of Americans' health data without them knowing it.
The two companies announced the collaboration in a press release where they revealed that Ascension's data will move onto Google's Cloud platform.
Google will now have access to patients' test results, diagnoses and hospitalizations to give them a full digital health history. Neither doctors nor the patients in the 21 states where it will be used had been told about it.
The practice is legal under the Health Insurance Portability and Accountability Act of 1996 which allows hospitals to share patients' medical data with business partners on the condition that it is used to 'help the entity carry out its healthcare functions.'
But a whistleblower said that the lack of transparency made many members of the team working on the project uneasy and could put the healthcare data of millions at risk
'Two simple questions kept hounding me: did patients know about the transfer of their data to the tech giant? Should they be informed and given a chance to opt in or out?' the whistleblower wrote.
'The answer to the first question quickly became apparent: no. The answer to the second I became increasingly convinced about: yes. Put the two together, and how could I say nothing?' the person continued.
The person said that about 150 Google employees and 100 Ascension staff collaborated on Project Nightingale, transferring the personal data of more than 50 million Americans to Google.
'I’d like to hope that the result of my raising the lid on this issue will be open debate leading to concrete change,' the person wrote. 'Transfers of healthcare data to big tech companies need to be shared with the public and made fully transparent, with monitoring by an independent watchdog.'
The whistleblower also insisted: 'Patients must have the right to opt in or out.'
Google is also said to have a deal with the Mayo clinic in Rochester, Minnesota. Mayo spokesman said: 'It was not our intention to mislead the public.' Data-team member Lois Krahn said: 'We are a tremendously cautious and conservative organization.'
Head of Google Health Dr. David Feinberg said: 'We didn’t hide it.'
The Health Insurance Portability and Accountability Act does not leave patients with 'much control', one ethics professor has said. Hospitals do not have to warn users of deals if it can be argued the records are needed for treatment, payment or surgery.