As technology becomes a part of people’s everyday lives, people have begun leaking out more information about themselves than they’re actually aware of. From Venmo transactions that are left wide open to Google tracking purchases, tech companies are latching onto your personal data. Now, Google may have recently gone too far.
On Wednesday, the University of Chicago, its medical center, and Google were all sued in a potential class-action lawsuit, The New York Times reported. The lawsuit has accused the hospital of sharing hundreds of thousands of patients’ records to Google without removing identifiable date stamps or doctor’s notes.
Lorna Wong, a spokeswoman for the University of Chicago Medical Center, said that the “claims in this lawsuit are without merit.” According to The Times, Wong asserted that the medical center “has complied with the laws and regulations applicable to patient privacy.”
“We believe our health care research could help save lives in the future, which is why we take privacy seriously and follow all relevant rules and regulations in our handling of health data,” Google spokesperson, Jose Castaneda, told The Times.
The partnership between Google and the University of Chicago originally began in May 2017. It revolved around using machine-learning techniques to develop predictive models that could help avoid complications and save lives.
It sounds like a noble cause, but the Health Insurance Portability and Accountability Act (HIPAA) places strict restrictions on what data is allowed to be shared for research purposes. The data has to be de-identified in order to be shared, but the lawsuit says that leaving the data and timestamps is a violation of that.
That’s a fair concern. Google knows a lot about most people already, including their location history. The lawsuit points out that Google can find out who patients are by combining timestamps and dates with location data from Google Maps or Waze.
This isn’t the first time Google’s access to health records has raised concerns. Back in 2016, CNET reported that documents revealed a data-sharing agreement between Google and the United Kingdom’s National Health Service. The tech giant was given access to data on 1.6 million patients at London hospitals. That information was passed to the AI company DeepMind — owned by Google — as part of a research program.
Although a Google spokesperson told The Times that the company followed all HIPAA regulations, this probably won’t be the last lawsuit launched against a big tech company in healthcare.
For most tech companies, data is a currency, but that viewpoint is at odds with how most patients see their personal health information. You may be willing to sacrifice some privacy in order to use Maps or other programs, but as big tech moves into healthcare — it poses questions about whether people are willing to sacrifice that kind of privacy.