Google’s hand has been caught in the cookie jar of your personal health data. And now, Congress is trying to slam that lid shut.
This week, multiple reports came to light showing that Google is very much in the business of acquiring data about our health — from government bodies, health institutes and our own Google searches. That’s caused alarm because, under the Health Insurance Portability and Accountability Act (HIPAA), a person’s health information is supposed to have strict privacy protections. However, it turns out that HIPAA loopholes, and the digital nature of a lot of that information, have punctured a gaping hole in our protective shield.
Now, the federal government has taken notice.
Congress has launched an inquiry into Google’s data-sharing arrangement, known as “Project Nightingale,” with a healthcare provider called Ascension. The inquiry could lead to an overhaul of HIPAA.
Additionally, Sens. Jacky Rosen (D-NV) and Bill Cassidy (R-LA) introduced a bill Thursday called the Smartwatch Data Act that would “prohibit the transfer or sale of certain consumer health information, and for other purposes.” The bill particularly focuses on protections around sharing health data gathered by fitness trackers: It would make selling or sharing this kind of data for profit and without explicit consent illegal.
That should raise some eyebrows around Apple, which has gone all-in on marketing the Apple Watch as “the ultimate guardian for your health,” and talks a big game about its data powering the future of medicine. That “future” could see your health data being shared with any number of privately-held AIs to make diagnoses, drug recommendations, or even predict the outcome of potential surgeries. All of which the proposed smartwatch bill could complicate.
The bill should also make Google squirm since it recently acquired wearable tech company FitBit. Experts say FitBit’s trove of data and enterprise health insight deals are a huge part of its value.
In addition to explicitly preventing the sale and trade of health data for profit and without consent, the bill would change the way the law views health data gathered from fitness trackers.
Currently, that data doesn’t get the same privacy protections as more official health information, like patient records. The bill would change that: In cases where data from apps are transferred from one entity to another, it would classify that data as “protected health information” that is “subject to the protections and restrictions… as any other protected health information.”
Unfortunately, the bill doesn’t address the issue at the heart of the Project Nightingale uproar, which is that it’s legally A-OK for health companies to give patient data to third-party partners for analysis. According to a HIPAA loophole, it’s fine for health companies to share data with “business associates” as long as these entities (in this case, Google) adhere to the contract terms and agree not to misuse the data. This loophole is something the potential HIPAA overhaul would have to address.
As for patient concerns regarding the misuse of health data, “consent” and “transparency” seem to be the buzzwords du jour for leading experts examining the data collection field. One such thought leader, Dr. Michael Snyder, a Stanford University professor who studies the utility of health data collection, believes big data is crucial to informing future healthcare decisions.
“I would hope that a lot of people would be willing to share their information because I think it does have value for science in general,” says Snyder. “But I do think it’s up to them to decide that.” He agrees that “people should consent to [having] their information used … and then it’s up to them to decide how they share it.”
Mashable has reached out to Apple and Google for their take on the new legislation efforts, and will update this story when and if we hear back.
Health and its associated data is the next big, money-making frontier for tech companies. Apple, Google, Amazon, and even Facebook are all making moves to get a piece of the lucrative healthcare pie.
For now, it’s up to Congress to stop big tech from feasting.