Regulators to investigate Google's medical data collection practices

In context: On Tuesday, it was revealed that Google has been gathering the health records of millions of Americans without their knowledge via "Project Nightingale." This mass data collection has already proven quite controversial, but according to Google's partner on the project – healthcare giant Ascension – the tech firm's practices were fully Health Insurance Portability and Accountability Act (HIPPA) compliant.

At least, that's the claim. Whether or not Google's Project Nightingale truly has dotted all of its Is and crossed its Ts remains to be seen, and federal regulators are already aiming to discover the truth. According to a new report from the Wall Street Journal, the United States Office for Civil Rights in the Department of Health and Human Services is planning to open an official investigation into Nightingale and Google's medical data collection practices.

One of the Office's primary roles relates to the enforcement of HIPPA rules, particularly those that involve the privacy of patient health records. Given that the collection and sharing of user data is one of the main ways Google keeps its growing tech empire afloat, regulators will likely want to make sure that the company hasn't abused its access or left patient information exposed.

Indeed, the organization says it "will seek to learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented."

...the organization says it "will seek to learn more information about this mass collection of individuals' medical records to ensure that HIPAA protections were fully implemented."

Project Nightingale reportedly gave Google access to patient lab results, hospitalization records, dates of birth, and other details. Though the company allegedly intended to use this data for creating health-related AI tools (such as machine learning-based care advice), the world has learned time and time again of the dangers that come with a tech behemoth having access to sensitive data.

You need look no further than the Cambridge Analytica scandal, or even the Equifax breach (if we can consider the credit firm a tech company) for evidence of that. We're certainly not assuming Google's stewardship of Project Nightingale data has been poor, but some amount of skepticism is often warranted in the tech industry.

Google, for its part, told the Journal that it's "happy to cooperate" with investigators. We'll be waiting for the results of the Office for Civil Rights' investigation, and will be sure to update you if any new information comes to light.