Mayo Clinic: Google will not have independent access to patient data
Mayo Clinic remains confident its partnership with Google will only bolster data security — even as the Silicon Valley company faces scrutiny from lawmakers, regulators and privacy advocates overs its handling of sensitive medical records from another large nonprofit hospital system.
Earlier this week, the Wall Street Journal published an investigate report detailing Google’s relationship with Ascension, a health system that includes over 2,600 hospitals and health care centers in 21 states. The report said Ascension has been providing Google with swaths of patient data, including lab reports and physician diagnoses, along with personally identifiable information such as names and birth dates.
The report, the result of whistleblower testimony, also stated that as many as 150 Google employees have had access to much of the data. Patients and doctors were reportedly not notified of how the data was being used.
The bombshell article, and the national debate that has resulted from it, comes as Mayo begins a similar arrangement with Google.
In September, the two organizations announced a 10-year partnership in which Mayo will store its medical, genetic and financial data in the Google Cloud. Central to the agreement is a plan for Mayo to work with the tech giant to translate troves of patient data into functional tools designed to improve the delivery of personalized healthcare.
For its part, Mayo maintains that the relationship has safeguards built in that will prevent the kind of data transfer outlined in the WSJ report. The Rochester-based hospital system points out that the agreement prevents any partner, including Google, from having independent access to private patient data. It also notes that Google will be contractually prohibited from combining Mayo data with any other data, such as the information Google collects for commercial purposes through its search engine.
“Mayo Clinic will manage access to all data using rigorous long-standing institutional controls and will specifically authorize the use of data for joint research projects that solve health care problems,” Mayo spokesperson Duska Anastasijevic said in an email this week.
Asked about the report from the WSJ, and whether it had raised any red flags regarding Google’s management of patient data, Anastasijevic said Mayo could not comment on the dealings of Google and other businesses, but that it remains proud of the partnership between the two institutions.
“Patients’ best interests are at the core of everything we do and we recognize the trust that patients place in Mayo Clinic,” she said. “We take our commitment to privacy and security very seriously, and selection of Google as a strategic technology partner will only bolster our data security and help us maintain patient privacy.”
What’s Google saying?
In response to the WSJ story, Google has defended the practice, pointing out that its work with Ascension is designed to “support them with technology that helps them to deliver better care to patients.”
The company also contends that its work with Ascension is in compliance with industry-wide regulations regarding patient data, including HIPAA, an assertion most experts agree with.
“To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data,” Google wrote in a blog post this week.
But thus far, that line of defense has done little to quell a growing number of critics who question whether enough is being done to protect the privacy of patients. This week, the Department of Health and Human Services’ Office of Human Rights opened an inquiry into the Google-Ascension partnership. The arrangement has also drawn scrutiny from a top Minnesota lawmaker, U.S. Senator Amy Klobuchar.
“As science continues to drive technological innovation, we must not sacrifice privacy,” said Klobuchar, who has introduced a Senate bill aimed at strengthening privacy and security protections for personal health data.
Why is Mayo partnering with Google?
It only took a matter of years for industries like shopping, entertainment and ride-hailing to be completely transformed by technology.
Healthcare, on the other hand, has moved at a far slower pace.
However, according to Mayo leaders, that is all expected to change as large tech companies begin to seek inroads into the $3.5 trillion industry.
“That environment [of technological disruption] is coming to healthcare,” said Adam Brase, division chair for strategic intelligence, in a presentation this week to the Destination Medical Center Corporation board.
For Mayo, preparing for the next wave of disruptive technologies means finding ways to leverage its patient data. One way that will work is to find partners like Google with the capabilities to make sense of it all.
“The technology that’s emerging, when you pair that with the data that’s generated in healthcare, which is massive, you apply artificial intelligence and machine learning to that, you can unlock things we can’t unlock today,” explained Brase.
Sean Baker is a Rochester journalist and the founder of Med City Beat.