Who Owns Your Medical Data? Apparently Not You… 

This week we found that Google has been going through the personal medical data from millions of patients without the patients and most of their doctors knowing about it. Google made a deal with a major hospital system to share private patients data to be used to create new products. A deeper dive shows that although nothing illegal was done here, it highlights a big loophole in the HIPAA law. We all assume and expect that our healthcare providers will protect the privacy of our data and only use it for purposes intended such as getting reimbursed by our insurance companies and help us get better care. However, in the process the healthcare systems create enormous amounts of data that could be invaluable to companies that use such data to create new products, i.e., ways to make more money from us. So far there has been a disconnect between “owners” of the data, namely our healthcare providers, and the moneytizers of the data, namely, information hogs like Goggle. In this case, the major healthcare provider, Ascention, used a loophole in the HIPAA laws, where the healthcare providers can employ contractors to use the private medical data they collected from their patients to create new information warehouses, organizing, collating, analyzing and using the data in any way they seem fit. Ascention shared private medical records from millions of its patients with Google in an effort to create new products that can be used initially by Ascention to “help” its patients, while giving Google the ability to generate new products, that Google can then sell to other healthcare providers. It’s a perfect business deal where Google gets access to data it cannot otherwise get and Ascention gets to moneytize its enormous data in more ways. Yes, Ascention is claiming altruistic goals but in a cynical world both companies are for profit ventures that are trying to figure out ways to generate returns. The patients were not told because the patients already signed off their data to Ascention via the HIPAA waivers they all signed, and both Ascention and Google new that patients would likely not like the perception of their data being used this way. It was not illegal but creepy certainly. And it is just the start. Other “owners” of private medical data probably will learn from it and we will likely see more such deals and it will not be prime time news, next time. The realities of the times we live.