Google has partnered with one of the largest health care providers in the U.S. to store 50 million Americans' health care data.
The Wall Street Journal was the first to report on "Project Nightingale," a secret collaboration between Google and Ascension.
An anonymous source who says they worked on the project exposed details of the partnership in a video posted online. They say the project has four stages, or "pillars."
According to the whistleblower, pillars one and two involve moving medical data to the Google cloud "without patient knowledge or consent". They say that data is "not de-identified" and includes patients' names alongside certain medical information. Pillar three reportedly involves Google using Ascension data to "build its own framework in the cloud."
Pillar four is where the whistleblower says Google could potentially "mine" the data and sell it to third parties. They say it could also create profiles of patients and sell them for targeted advertising purposes.
The whistleblower says in the video that Google's end goal is to build a system that would make patient data accessible anywhere, so doctors can obtain a patient's medical history automatically.
But the whistleblower expresses concern that the data could fall into the wrong hands and that the system may violate HIPAA. They say Google failed to answer questions about security, and that patients don't know how Ascension is using their data. They also said Google employees have access to all the sensitive medical information in the system.
In a blog post, Google said its venture with Ascension is a step toward "modernizing" medicine. It also tried to ease potential concerns about security.
It said, "All work related to Ascension's engagement with Google is HIPAA compliant and underpinned by a robust data security and protection effort and adherence to Ascension's strict requirements for data handling."