Whistle Blower Posts Video of ‘Project Nightingale’ Leaving Google to Face Investigation

A video posted on social media by a whistleblower that Google has been working with Ascension, the second largest healthcare provider in the country, on a secret project has been met with growing concern.

According to the whistleblower, Project Nightingale has been secretly transferring the personal medical data of up to 50 million Americans from Ascension to Google, without their permission.

The secret project has seen healthcare data being transferred to Google without being de-indentified, meaning the full personal details including names and medical history are available to be accessed by Google staff.

The whistleblower also shares the news that by the time the full transfer has been completed – around March next year – over 50 million patients across 21 states will have had their personal data sent across to Google, without informing any of the patients or doctors involved.

As well as names, lab results, medical diagnoses and hospitalization records, notes from a private meeting between Ascension employees involved in the project were also shared. In the document concerns about the way Google would use the personal information were raised, including building new artificial intelligence.

The meeting also raised security fears such as the transfer being in breach of federal HIPAA rules on data privacy, questions that Google have not answered as yet.

With over 2,600 medical facilities including clinics and hospitals, Ascension – a Catholic network – is believed to be conducting the biggest data transfer so far in the healthcare field. But this isn’t the first partnership that Google has entered into albeit their other partnerships have been on a smaller scale, including the Colorado Center for Personalized Medicine. However the data was encrypted with only the medical center able to access the data.

Although the identity of the whistleblower is not known it is understood they are one of around 300 employees working on Project Nightingale, with roughly a fifty per cent split between Google and Ascension. The Wall Street Journal originally broke the story on Monday 11th November and the data transfer deal was formally signed only hours later.

The whistleblower decided to go public due to the widespread anxiety throughout the project’s employees with many worried about the way in which Google was able to access millions of patients personal data.

“Most Americans would feel uncomfortable if they knew their data was being haphazardly transferred to Google without proper safeguards and security in place. This is a totally new way of doing things. Do you want your most personal information transferred to Google? I think a lot of people would say no.”

The concerns about so much information, that is potentially very valuable, being collated by just one company has also been mentioned with the possibility that Google could use its own AI analytics to work out medical diagnoses for patients.

“In the future, such risks are only likely to grow. This is the last frontier of extremely sensitive data that needs to be protected.”

Surprisingly this is not the first time Google has seen itself in trouble thanks to their plans to become the leading figure in healthcare analytics and data. Only a few years ago in 2017 1.6 million patient records were transferred from the Royal Free Hospital in London, England to Google’s artificial intelligence division with the UK’s watchdog on data declaring Deep Mind Health to have an ‘inappropriate legal basis’.

Like all companies Google, and more specifically their parent company Alphabet, has ambitions. Alphabet has made no secret that they wish to develop new AI tools to predict health patterns, meaning they can improve treatment. Google are also keen to expand into the digital health market and recently announced plans to buy fitness company Fitbit for $2.1billion.

After the disclosure of Project Nightingale both Ascension and Google have released statements confirming they are keeping in line with all HIPAA and federal health laws, stating that all patient data collected is ‘protected’.

A recent interview by Google Cloud in the Wall Street Journal declared that Google were working towards “ultimately improving outcomes, reducing costs, and saving lives.” Ascension also stated “all work related to Ascension’s engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling.”

However, those watching the whistleblower’s video can see that this is something they definitely do not agree with. Annotations appear over the documents suggesting Google are wanting to share or even sell the information to third parties, or even create profiles which can be used to advertise healthcare products.

The whistleblower says ‘Patients haven’t been told how Ascension is using their data and have not consented to their data being transferred to the cloud or being used by Google. At the very least patients should be told and be able to opt in or opt out.’

What happens next remains to be seen but with companies compiling databases of personal information like these, it is no wonder the US Department of Health has launched an investigation.