Some further evidence of a lack of transparency affecting social license and consumer trust with regard to secondary uses of data. Another cautionary tale for us to add to the list and another reason to be glad that we are working on something better.
Will be interested to see how big this gets. My reading so far suggests this might be the tip of the iceberg.
opengraphobject:[360499563102208 : https://www.theverge.com/2019/11/11/20959771/google-health-records-project-nightingale-privacy-ascension : title=“Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records” : description=“Google secretly gathered millions of patient records across 21 states on behalf of a health care provider, in an effort dubbed “Project Nightingale,” reports The Wall Street Journal. Neither the provider’s doctors nor patients were made aware of the effort, according to the report. The tech giant partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis.”]
This is a good example of apparently being consistent with law but not public expectations. Per the analyses I’ve read, in fact, neither Ascension nor Google (ABC) have violated HIPPA, the American legal framework surrounding health data. However, the whistle-blower and the subsequent response, highlight that while the activity may be legal, it may in fact run counter to public and professional expectations of what should be done. I just read a chapter in a book on big data ethics by Klaus Hoeyer on the Danish framework for data use. At present, as a result of an extremely permissive legal environment, secondary use of data or tissue requires no approvals - a circumstance driven by governmental-commercial interests. However, recent data breaches, unexpected uses of data, and other circumstances are heavily eroding public trust in the the process, and the author strongly argues that the standpoint of obfuscating the extent of use and commercialization of the data by government has eroded public trust, in a way that in the long run may threaten future ability to engage the population in work that is to the public’s benefit.
opengraphobject:[360499563102208 : https://www.theverge.com/2019/11/11/20959771/google-health-records-project-nightingale-privacy-ascension : title=“Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records” : description=“Google secretly gathered millions of patient records across 21 states on behalf of a health care provider, in an effort dubbed “Project Nightingale,” reports The Wall Street Journal. Neither the provider’s doctors nor patients were made aware of the effort, according to the report. The tech giant partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis.”]
I don’t know whether the data was identifiable or captured by the HIPPA but I do know we are amassing multiple examples of transparency failures and unconsented data sharing and use in the EHT field. Google’s development of the Streams app using identifiable patient data of nearly 2 million Britons caused a furore. The care.data debacle in the UK was another example of a transparency failure. Goodness only knows exactly what NHSX is doing - or Apple. We need to tread carefully or public trust may be significantly damaged. I completely agree with Matthew’s comments.
opengraphobject:[360499563102208 : https://www.theverge.com/2019/11/11/20959771/google-health-records-project-nightingale-privacy-ascension : title=“Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records” : description=“Google secretly gathered millions of patient records across 21 states on behalf of a health care provider, in an effort dubbed “Project Nightingale,” reports The Wall Street Journal. Neither the provider’s doctors nor patients were made aware of the effort, according to the report. The tech giant partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis.”]
It is identifiable - https://www.theguardian.com/technology/2019/nov/12/google-medical-data-project-nightingale-secret-transfer-us-health-information?CMP=Share_iOSApp_Other
opengraphobject:[360499563102208 : https://www.theverge.com/2019/11/11/20959771/google-health-records-project-nightingale-privacy-ascension : title=“Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records” : description=“Google secretly gathered millions of patient records across 21 states on behalf of a health care provider, in an effort dubbed “Project Nightingale,” reports The Wall Street Journal. Neither the provider’s doctors nor patients were made aware of the effort, according to the report. The tech giant partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis.”], opengraphobject:[360499792379904 : https://www.theguardian.com/technology/2019/nov/12/google-medical-data-project-nightingale-secret-transfer-us-health-information?CMP=Share_iOSApp_Other : title=“Google’s secret cache of medical data includes names and full details of millions – whistleblower | Technology | The Guardian” : description=“Whistleblower tells Guardian of growing alarm over secret transfer of medical history data, which can be accessed by Google staff”]
Thanks John.
It’s worth reading the NZ Privacy Commissioner’s key note address at the IAPP ANZ Summit 2019 “Addressing the Power Asymmetry of the Big Tech Companies” 30 October 2019
https://privacy.org.nz/assets/Uploads/IAPP-ANZ-Summit-2019-keynote-presentation4.pdf
While he focuses on the media context of the big tech companies with reference to the Grace Millane and Christchurch massacre, he also sends out clear warnings about how he intends to use his powers under the Privacy Bill, once enacted. He says: " One of the ways to correct the information asymmetries that plague the online environment is by a more focused attention on transparency. Not consent necessarily, but at least an open, clear and honest disclosure of the data consequences of any given engagement. Internationally, the days of click to consent are numbered because it is not meaningful consent"
opengraphobject:[360499563102208 : https://www.theverge.com/2019/11/11/20959771/google-health-records-project-nightingale-privacy-ascension : title=“Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records” : description=“Google secretly gathered millions of patient records across 21 states on behalf of a health care provider, in an effort dubbed “Project Nightingale,” reports The Wall Street Journal. Neither the provider’s doctors nor patients were made aware of the effort, according to the report. The tech giant partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis.”], opengraphobject:[360499813277696 : https://privacy.org.nz/assets/Uploads/IAPP-ANZ-Summit-2019-keynote-presentation4.pdf : title=“” : description=“”]
opengraphobject:[360499563102208 : https://www.theverge.com/2019/11/11/20959771/google-health-records-project-nightingale-privacy-ascension : title=“Google reveals ‘Project Nightingale’ after being accused of secretly gathering personal health records” : description=“Google secretly gathered millions of patient records across 21 states on behalf of a health care provider, in an effort dubbed “Project Nightingale,” reports The Wall Street Journal. Neither the provider’s doctors nor patients were made aware of the effort, according to the report. The tech giant partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis.”], opengraphobject:[360500148240384 : https://www.technologyreview.com/f/614708/health-websites-are-sharing-sensitive-medical-data-with-google-facebook-and-amazon/ : title=“Health websites are sharing sensitive medical data with Google, Facebook, and Amazon - MIT Technology Review” : description=“The news: Popular health websites are sharing private, personal medical data with big tech companies, according to an investigation by the Financial Times.”]