Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Medicine The Courts

Google Sued For Conspiring To Share Medical Records Against Patient Consent (chicagomaroon.com) 71

schwit1 writes: A former University of Chicago medical patient filed a class-action lawsuit against the University of Chicago and Google, claiming that the University of Chicago Medical Center is giving private patient information to the tech giant without patients consent.

About two years ago, the university medical center partnered with Google with the hope of identifying patterns in patient health records to help predict future medical issues.

Now, former patient Matt Dinerstein is filing a lawsuit on behalf of the medical center's patients, alleging that the university violated privacy laws by sharing sensitive health records with Google from 2009 to 2016, aiding Google's goal of creating a digital health record system, according to the student newspaper of the University of Chicago.

This discussion has been archived. No new comments can be posted.

Google Sued For Conspiring To Share Medical Records Against Patient Consent

Comments Filter:
  • by Anonymous Coward

    Institutions are so wet for google they break all kinds of rules and chalk it up that google are good guys because don't be evil. Its a crock of shit really. At least medical records are protected by law, unlike private messages somehow?

    • Comment removed based on user account deletion
  • Your information for sale. Glad that Google had no idea I had strokes.

  • by Anonymous Coward

    It's time to start giving CEOs life sentences in jail, this will stop the illegal behavior.

    • I'm not so sure this is management's fault... seems like Google's whole employee culture takes must-gather-info disorder seriously.

      • by Anonymous Coward

        I'm not so sure this is management's fault... seems like Google's whole employee culture takes must-gather-info disorder seriously.

        It's always management's fault. There are no exceptions.

        • by Anonymous Coward

          Management gets paid the big bucks supposedly for their disproportionate impact on the corporation. They should get the "big blame" as well.

      • That disposition towards data rape is called "Googliness".

  • Anybody remember Google Health... it was nothing but a health survey that was eventually only used as a dis-qualifier in employment decisions.

  • by DrLudicrous ( 607375 ) on Saturday July 06, 2019 @01:03PM (#58882714) Homepage
    From the lawsuit: "The records the University provided Google included detailed datestamps and copious free-text notes." This is very, very bad. Google can clearly figure out who is who based on this information, coupled with other info in the EHRs. Completely violates good clinical practice in the US and the EU. Definitely violates the GDPR. Violates all ethical norms of patient consent, dating back to the Belmont Report. Seriously, they should be sued, and they should lose, and they should pay dearly. There is no way anyone high-up involved with this work was not aware of the ethical and legal concerns. Unacceptable.
    • by guruevi ( 827432 )

      One question: Did they have a BAA. If they did, they can share the information with Google.

      • Sure, in theory. But then it is up to Google to comply with privacy laws. I think Google is likely incapable of complying with such laws even if they wanted to. As it goes with many lawsuits of this type, you have to sue everyone involved, even if you suspect only one party is to blame, so you can gather the information needed.
    • by alexo ( 9335 )

      Seriously, they should be sued, and they should lose, and they should pay dearly. There is no way anyone high-up involved with this work was not aware of the ethical and legal concerns.

      The "higher-ups" are wealthy and powerful, not to mention being shielded by a big, wealthy and powerful corporation; and big, wealthy and powerful corporations/people do not "pay dearly" (unless they happen to step on the toes of someone even bigger, wealthier and more powerful).

      If they get sued and lose (and that's a big if) I expect a penalty amounting to less than one day worth of profits.

    • With consent, you can do anything with medical data. What google shared does not need to be stripped of PHI. Everyone signs the HIPAA form, so they only can sue if they didn't sign the HIPAA form, which like nobody does.

  • by Teun ( 17872 ) on Saturday July 06, 2019 @01:03PM (#58882718)
    I know the USofA doesn't have much legislation re. privacy but this sounds extremely bad.
    Yet it is quite well possible the data was anonymised before Google was allowed to access it.
    At least I would imagine the University of Chicago had the brainpower to do so.

    Yes there is more money available at Google but as these patients I would have gone after the UoC.
  • predict future medical issues = a nice blacklist to be used under the gop healthcare plan

  • Pretty sure (Score:5, Insightful)

    by cdsparrow ( 658739 ) on Saturday July 06, 2019 @01:26PM (#58882782)

    As long as they signed and followed the guidelines of a HIPAA business associate agreement then it's legal. Probably gonna have problems with this lawsuit. This is no different then sending records to have a lab check over stuff. Patients don't have to explicitly give that permission.

    • A BAA merely means that the 3rd party accepts legal responsibility for data breaches and proper storage of the data. It does not mean that the patient consented to provide the data. A patient consenting to share data with a lab is not the same as comsenting to sharing the data for research usage.

      [ascopost.com]

      Specifically, de-identified data collected for non-research purposes does not require consent other than that obtained before data collection. However, data collected for research, with or without identifiers, requires consent.

  • by Anonymous Coward

    Regardless, I don't want any tech company or subsidiary of any tech company viewing, touching, thinking about, my fucking records. I don't want my records digitized. DO NOT COPY.

    I'm fine if my paper medical files are physically shared with any medical professionals during the coarse of my care or after I'm dead. That sharing should be when I'm explicitly cared for, inside a medial treatment center, not outside the immediate area. I don't want that data shared anywhere else without my explicit, written,

  • by tquasar ( 1405457 ) on Saturday July 06, 2019 @02:21PM (#58882996)
    Every breath you take, every move you make, I'll be watching you. The Police, 1983. I don't trust my doctor. I believe he talks to friends and other doctors at a party or social event and compares stories about patients. Privacy doesn't exist.
  • by rossz ( 67331 ) <<ogre> <at> <geekbiker.net>> on Saturday July 06, 2019 @11:29PM (#58884680) Journal

    I actually want computer analysis of medical data to help find patterns and potential cures. But I also want the data anonymized properly to protect everyone's privacy. Given big tech's history with privacy, however, I am not feeling very secure.

  • by astrofurter ( 5464356 ) on Sunday July 07, 2019 @02:56AM (#58885020)

    "Google's goal of creating a digital health record system"

    Big Brother Google can't create an EHR. The GOOG hasn't *created* anything since Gmail, 15 years ago. The smart people have long since moved on. All GOOG still knows how to do is us the megaprofits from it's monopoly power to buy up competitors.

    Don't be fooled! When Big Brother Google wants your medical records, it has jack shit to do with building an EHR system. GOOG just wants a more complete profile of your private life. So they can sell it to the gestapo, and to any other group of rich miscreants who might want it.

Hackers are just a migratory lifeform with a tropism for computers.

Working...