What are the HIPAA rules for privacy?

What are the HIPAA rules for privacy?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Healthcare providers, insurance companies, and their business associates are all bound by HIPAA rules.

Protected health information can only be disclosed:

  • To patients themselves
  • For treatment, payment or healthcare operations
  • With permission from the patient or in their best interest, such as notifying family members when a patient is incapacitated
  • In the public interest for 12 national priority purposes

But that didn’t stop critics from expressing concern, with one Twitter user sharing fears that Google’s advanced AI algorithms would be able to identify even anonymized records. 

Medical records are protected under federal privacy laws, but the rules allow hospitals and other healthcare providers to share patient information with contractors, as long as they abide by the same privacy protections.

HCA says that patient records will be stripped of personally identifying information before being shared with Google data scientists, and that the hospital system would control access to the data, according to the Wall Street Journal, which first reported the partnership.

‘Privacy and security will be guiding principles throughout this partnership,’ HCA said in a statement. ‘The access and use of patient data will be addressed through the implementation of Google Cloud’s infrastructure along with HCA Healthcare’s layers of security controls and processes.’

HCA hopes to use Google’s algorithms to provide real-time input on treatment options for doctors and improve patient outcomes.

The hospital system points to early success using its own technology to monitor critically ill COVID-19 patients, and notify doctors of potentially better treatment options.

‘Next-generation care demands data science-informed decision support so we can more sharply focus on safe, efficient and effective patient care,’ said HCA CEO Sam Hazen in a statement. 

The partnership marks Google's latest foray into the healthcare realm -- and it is already raising privacy concerns
The partnership marks Google’s latest foray into the healthcare realm — and it is already raising privacy concerns 

‘We view partnerships with leading organizations, like Google Cloud, that share our passion for innovation and continual improvement as foundational to our efforts,’ added Hazen.

HCA says the partnership will also focus on streamlining non-clinical support areas that may benefit from improved workflows through better use of data and insights, such as supply chain, human resources and physical plant operations. 

It is not Google’s first foray into the healthcare realm, and the company’s prior partnerships on healthcare records have drawn criticism before.

In 2019, a whistleblower leaked details of Project Nightingale, Google’s partnership with Ascension, the St. Louis-based healthcare company that helped Google collect personal health-related information of millions of Americans across 21 states. 

‘Two simple questions kept hounding me: did patients know about the transfer of their data to the tech giant? Should they be informed and given a chance to opt in or out?’ the whistleblower wrote in an essay for the Guardian.

‘The answer to the first question quickly became apparent: no. The answer to the second I became increasingly convinced about: yes. Put the two together, and how could I say nothing?’ the person continued.


The person said that about 150 Google employees and 100 Ascension staff collaborated on Project Nightingale, transferring the personal data of more than 50 million Americans to Google.

The data involved in Project Nightingale includes lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, complete with patient names and dates of birth.

In that project, Google hoped to use artificial intelligence and machine learning tools to predict patterns of illness in ways that might some day lead to new treatments, according to the whistleblower.

Ascension issued a press release acknowledging its partnership with Google after the Wall Street Journal blew the lid off the project.

The statement said that the project would help Ascension ‘improve the experience of patients and consumers, as well as providers and associates, and advance its Mission of providing compassionate, personalized care to all, especially people living in poverty and those most vulnerable.’ 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s