Issue link: https://beckershealthcare.uberflip.com/i/1194306
32 CIO / HEALTH IT Google's 'Project Nightingale' is secretly collecting data on millions of Ascension patients: WSJ By Mackenzie Garrity E mployees at St. Louis-based Ascension have raised concerns about the ways Google is collecting and analyzing the person- al health information of millions of the health system's patients, people familiar with the matter told e Wall Street Journal. Google partnered with Ascension in 2018 to conduct its "Project Nightingale," which entails gathering patient information to create healthcare solutions. Over the summer, Google began collecting more data from Ascension, documents given to WSJ revealed. Patient data that is being secretly shared with Google includes lab re- sults, diagnoses and hospitalization records, reported WSJ. In some in- stances, Google has access to patients' complete health history, includ- ing names and dates of birth. At least 150 Google employees have access to data on tens of millions of patients, a person familiar with the matter told WSJ, which was confirmed with internal documents. Ascension physicians and patients across 21 states have not been in- formed about the data sharing. Although Ascension employees have questioned the ethical and tech- nological ways Google is gathering data, privacy experts said it appears to be acceptable under federal law. Hospitals are generally allowed to share data with business partners without informing patients if the in- formation is used "only to help the covered entity carry out its health- care functions." Google is using patients' data to design soware that leverages artifi- cial technology and machine learning to make suggestions in patients' treatment plans. In statements, Google and Ascension said "Project Nightingale" is com- pliant with federal health laws and has robust protections for patient information. In further detail, Ascension said the partnership with Google aims to modernize the health system's infrastructure, improve communication and collaboration and explore artificial learning to boost clinical quality. Specifically, the health system hopes to mine pa- tient data to then identify tests that could be necessary. Ascension is also looking to improve its EHR system. "As the healthcare environment continues to rapidly evolve, we must transform to better meet the needs and expectations of those we serve as well as our own caregivers and healthcare providers. Doing that will require the programmatic integration of new care models delivered through the digital platforms, applications and services that are part of the everyday experience of those we serve," said Eduardo Conrado, executive vice president of strategy and innovations at Ascension. Google's cloud division is spearheading the project. e tech giant has assigned dozens of engineers to support the project. In the end, Google aims to create a search tool that would aggregate patient data into a central location, documents show, according to WSJ. n Warren vows to conduct antitrust investigation of EHR market By Emily Rappleye A s part of her healthcare plan for the first 100 days in office, Democratic presidential hopeful Sen. Eliza- beth Warren of Massachusetts zeroed in on the EHR industry for its lack of interoperability and competition. "Congress spent $36 billion to get every doctor in Amer- ica using EHRs, but we still do not have adequate digital information flow in healthcare — in part because two big companies make up about 85 percent of the market for medical records at big hospitals," she wrote in her health- care transition plan. Ms. Warren pledged to go after health systems and IT companies that engage in information blocking. She also said she will launch an antitrust probe of the EHR market, led by the Federal Trade Commission and the Department of Justice. n Philips warns hospitals of flaw in data systems By Mackenzie Garrity P hilips issued a warning Nov. 14 about a vulnerability in its IntelliBridge EC40 and EC80 Hubs, according to a statement from Philips to Becker's Hospital Review. The systems serve as a plug-and-play solution for hospi- tals. The IntelliBridge hubs allow medical device informa- tion to be transferred from different formats. Clinicians can view a consolidated view of patient data in operating rooms and intensive care units with the system. In a statement to Becker's Hospital Review, Philips said if exploited the vulnerability could allow an unauthorized user access to patient data. Unauthorized users could also execute software, modify system configuration and update patient files. There has been no evidence that the vulnerability has been exploited. Philips plans to release a patch for the system bug by the end of the third quarter of 2020. For any hospitals with the Philips IntelliBridge EC40 or EC80 Hubs, staff should contact Philips' service support team with any questions. Philips has contacted the De- partment of Homeland Security's certified information systems auditor about the vulnerability. Philips created a publicly accessible, voluntary Coordi- nated Vulnerability Disclosure program. The program al- lows customers, security researchers, regulators and oth- er agencies to report and identify potential vulnerabilities within Philips' systems. n