HIPAA Doesn't Stop Hospitals From Sending Your Data To Google

Photo: Shutterstock

Any visit to a health system—which includes hospitals but also a lot of doctor’s offices—involves tons of data. You probably assume that your data just lives in that health system, but in fact they can share it with other companies, and there’s little to nothing you can do to stop it.

The latest worrying partnership is one between Google and a Catholic hospital network called Ascension. Google has access to personal details of patients, including names and medical history. Their goal is to create a system that can automatically suggest tests, treatments, or changes to care. Google is interested in doing this because they can sell similar systems to other hospitals. And the health system is interested because, as the Wall Street Journal puts it, they can “mine data to identify additional tests that could be necessary or other ways in which the system could generate more revenue from patients.”

Often, when a company is sharing your data more than you’d like, there is an app to uninstall or a way to request to opt out. With hospital algorithms, that isn’t usually the case. Health systems don’t need your explicit consent to send data to a third party, as long as they abide by HIPAA’s privacy and security rules, nor to use a company’s algorithm to make decisions within their own computer systems.

The somewhat scary truth is that our personal and medical data has a life of its own behind closed doors. And since many medical facilities are part of large health systems that crunch data to try to save money, even your neighbourhood doctor’s office is likely to be part of a health system with some kind of data-sharing network.


Comments

Be the first to comment on this story!

Trending Stories Right Now