Elevate your technology and enterprise data strategy to Transform 2021.
On May 26, Google and HCA Healthcare, a national hospital chain, announced a data sharing partnership that will allow the internet giant to access a plethora of patient records and medical information in real time. But what is touted by both companies as a victory for improved treatments and patient outcomes is hardly a victory for consumers.
Google has a dark history of exploiting personal data for profit. Come back at least Rossignol project, Google has collected and monetized the sensitive patient data of millions of Americans. The HCA deal will put a huge amount of new patient data in Google’s hands, and some have already highlighted how the HCA deal resembles the data sharing deal that fueled the Nightingale project.
But as the new HCA deal poses a major threat to consumer privacy health data, Washington DC’s attention has shifted elsewhere when it comes to data security. Since the announcement of the agreement, America has had to face a rising tide of ransomware crimes. Data protection laws have taken a back seat in the fight against ransomware attacks, and American consumers are on their own.
Our national discourse simply does not take this new threat to health data privacy seriously enough. It is as if many do not perceive this threat at all. But these data sharing agreements are not innocent. And we need to raise the level of awareness of the real risks to act as a catalyst for greater regulatory oversight of these efforts.
Data sharing agreements between large companies offer opportunities to better understand trends in patient outcomes and subsequently improve decision making for patient care. As Chief Medical Officer of the HCA declared, the new agreement is designed to create a “central nervous system to help interpret different signals” from patient data. That may seem like a sufficient advantage to override any other concerns, but that’s because those other concerns have gone largely unaddressed.
Consider for a moment the types of risks that already exist to patient data and consumer concerns about who holds their data and how it is used. For example, in 2019 alone, 41.2 million health records have been exposed, stolen or illegally disclosed in 505 health data breaches, putting millions of people, as well as businesses, at risk of seeing health information protected misused. It should therefore be sufficiently clear that the aggregation of several medical records in a single entity increases the risk of exposure to illicit access to data for a large number of individuals.
However, privacy concerns aren’t just about the fact that stolen data could potentially harm patients and consumers. They are also linked to the simple reality that individuals feel they have no say in how their personal data is acquired, stored and used by entities with which they have not actually consented to. share their information.
According to Pew Research Foundation, more than half of Americans do not have a clear understanding of how their data is used once it is collected, and about 80% are concerned about the amount of data that advertisers and other media companies social have collected. Generally speaking, consumers do not have a clear idea of how their information is being used, preventing them from making informed decisions about who can access their data and how to use it.
Similar research finds that consumers feel powerless in the age of big data: Three-quarters of Americans say they have little control over the personal information collected about them, and nearly nine in 10 are very concerned about their privacy when using free online tools like Facebook and Google. In other words, consumers think they don’t really have a say in the privacy of their data, and they are right.
Legitimate consumer concerns combined with a massive and growing amount of data theft make deals like the one between Google and HCA misguided, despite the potential benefits. While the data to which Google will have access will be anonymized and secured via Google’s cloud infrastructure, they will be stored without the consent of patients, whose deeply personal information is at issue. This is because privacy laws in the United States allow hospitals to share patient information with contractors and researchers even when patients have not given their consent. Even when information is anonymized, denying patients control over access to their own information in this way is a deeply troubling act, regardless of the potential health benefits.
Privacy concerns are often overlooked because patients and consumers do not feel sufficiently equipped to protect their own information. And when businesses can share private information without even knowing it, how could they? It is high time for businesses to prioritize patient privacy and recognize the growing threat to autonomy posed by the aggregation and sharing of large bands of data.
While hospitals may be able to improve care with a plethora of new information, leaders in these fields, and the general public, must start asking more difficult questions about how data is acquired and used. and highlight the wisdom of sharing such data. information with a company whose mission is to monetize consumer data. A fairer balance needs to be struck between innovation and privacy – and the deal between Google and HCA will only make that goal harder to achieve.
Tom Kelly is President and CEO of IDX, a Portland, Oregon-based provider of consumer data breach and privacy services such as IDX Privacy. He is a serial entrepreneur from Silicon Valley and an expert in cybersecurity technologies.
VentureBeat’s mission is to be a digital public place for technical decision makers to gain knowledge about transformative technology and deal with. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more