Google almost exposed personal information for 30,000 patients: report

by John R. Fischer, Senior Reporter | November 19, 2019
Cyber Security Health IT
Google cancelled an agreement with the NIH that
would have involved publicly posting
100,000 X-ray images of 30,000 patients
A telephone call from the National Institutes of Health (NIH) saved Google from publicly exposing the personal health data of 30,000 patients.

The data was within more than 100,000 chest X-ray images that Google planned to post in 2017 as part of a project between it and the NIH, which had provided the scans, discovered the Washington Post this past week in records obtained under a Freedom of Information Act request.

The call, which came two days before the expected posting date, led Google to “abruptly” cancel the project with the NIH, according to a series of emails that detailed the incident, and were found within the records. The discovery of the event, which was never reported, comes amidst another revelation this month of a secret agreement between Google and healthcare provider Ascension to transfer 50 million American health records to Google cloud.
DOTmed text ad

Reveal Mobi Pro now available for sale in the US

Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.

“We take great care to protect patient data and ensure that personal information remains private and secure,” said Google spokesman Michael Moeschler in regard to the NIH project, reported The Post. “Out of an abundance of caution, and in the interest of protecting personal privacy, we elected to not host the NIH data set. We deleted all images from our internal systems and did not pursue further work with NIH.”

Post reporters discovered the details of the project and its cancellation in a series of emails within the records. A source, who wished to remain anonymous for unspecified reasons, told the paper that Google researchers did not make any legal agreements around the privacy of patient information, and that the company rushed to announce its plans without properly verifying that privacy of the data was in order.

Justin Cohen, chief of the office of communications & media relations at the NIH Clinical Center, told The Post that Google was one of a number of cloud providers that the NIH considered for hosting the 112,000 X-ray scans, which were taken at the NIH Clinical Center, a government-funded research hospital in Bethesda, Maryland. The two organizations worked together to delete any trace of personal health information from the images. Google aimed to finish the job by July 21, 2017, the date on which it planned to announce the project and publicly release the data set at an AI conference in Honolulu.

You Must Be Logged In To Post A Comment