HIPAA Does Not Prevent Hospitals From Sending Your Data to Google
Any visit to a healthcare system, which includes hospitals but also many doctor’s offices, requires a tremendous amount of data. You are probably assuming that your data is just living in this health care system, but in reality it can be shared with other companies, and there is almost nothing you can do to stop it.
The latest alarming partnership is a partnership between Google and a network of Catholic hospitals called Ascension . Google has access to patients’ personal data, including names and medical history. Their goal is to create a system that can automatically suggest tests, treatments, or changes in care. Google is interested in this because they can sell similar systems to other hospitals. And the healthcare system is interested because, according to the Wall Street Journal, they can “mine data to identify additional tests that may be needed or other ways the system could generate more revenue from patients.”
Often times, when a company shares your data more often than you’d like, there is an app that needs to be removed or a way to opt-out. This is usually not the case with hospital algorithms. Healthcare systems do not need your explicit consent to send data to a third party as long as they adhere to HIPAA privacy and security guidelines and use the company’s algorithms to make decisions on their own computer systems.
The somewhat chilling truth is that our personal and medical data lives behind closed doors. And since many healthcare facilities are part of large healthcare systems that process data to try to save money, even your neighbor’s doctor’s office is likely to be part of a healthcare system with some sort of data network.