PALO ALTO, Calif.—Roughly a year ago, Google offered health-data company Cerner Corp. an unusually rich proposal.
Cerner was interviewing Silicon Valley giants to pick a storage provider for 250 million health records, one of the largest collections of U.S. patient data. Google dispatched former chief executive Eric Schmidt to personally pitch Cerner over several phone calls and offered around $250 million in discounts and incentives, people familiar with the matter say.
Google had a bigger goal in pushing for the deal than dollars and cents: a way to expand its effort to collect, analyze and aggregate health data on millions of Americans. Google representatives were vague in answering questions about how Cerner’s data would be used, making the health-care company’s executives wary, the people say. Eventually, Cerner struck a storage deal with Amazon.com Inc. instead.
The failed Cerner deal reveals an emerging challenge to Google’s move into health care: gaining the trust of health care partners and the public. So far, that has hardly slowed the search giant.
Google has struck partnerships with some of the country’s largest hospital systems and most-renowned health-care providers, many of them vast in scope and few of their details previously reported. In just a few years, the company has achieved the ability to view or analyze tens of millions of patient health records in at least three-quarters of U.S. states, according to a Wall Street Journal analysis of contractual agreements.
In certain instances, the deals allow Google to access personally identifiable health information without the knowledge of patients or doctors. The company can review complete health records, including names, dates of birth, medications and other ailments, according to people familiar with the deals.
The prospect of tech giants’ amassing huge troves of health records has raised concerns among lawmakers, patients and doctors, who fear such intimate data could be used without individuals’ knowledge or permission, or in ways they might not anticipate.
Google is developing a search tool, similar to its flagship search engine, in which patient information is stored, collated and analyzed by the company’s engineers, on its own servers. The portal is designed for use by doctors and nurses, and eventually perhaps patients themselves, though some Google staffers would have access sooner.
Google executives and some health systems say that detailed data sharing has the potential to improve health outcomes. Large troves of data help fuel algorithms Google is creating to detect lung cancer, eye disease and kidney injuries. Hospital executives have long sought better electronic record systems to reduce error rates and cut down on paperwork.
In his first extensive interview since joining the search giant last January, the head of Google Health, Dr. David Feinberg, says the tech giant’s push into health care is motivated more by the greater good than profits. “I came here to make people healthy, I’m not here to sell them ads,” Dr. Feinberg says. “Google is so good at being helpful. We want to be helpful with knowledge, success, health and happiness.”
A Google spokesman sent an email saying the health systems it works with “own their data, and we can only process it according to their instructions.”
Legally, the information gathered by Google can be used for purposes beyond diagnosing illnesses, under laws enacted during the dial-up era. U.S. federal privacy laws make it possible for health-care providers, with little or no input from patients, to share data with certain outside companies. That applies to partners, like Google, with significant presences outside health care. The company says its intentions in health are unconnected with its advertising business, which depends largely on data it has collected on users of its many services, including email and maps.
Medical information is perhaps the last bounty of personal data yet to be scooped up by technology companies. The health data-gathering efforts of other tech giants such as Amazon and International Business Machines Corp. face skepticism from physician and patient advocates. But Google’s push in particular has set off alarm bells in the industry, including over privacy concerns. U.S. senators, as well as health-industry executives, are questioning Google’s expansion and its potential for commercializing personal data.
In one previously undisclosed example, Google reached an extensive agreement last year with Intermountain Healthcare that allowed the Utah hospital system to share with Google medical records including names and other identity-revealing details, people at both companies say. The hospital system and Google planned to apply Google’s search tool to Intermountain patient records.
An Intermountain spokesman now says that project didn’t go forward.
Under the Microscope
Google has struck partnerships with large U.S. health systems that give the company access to tens of millions of health records. Here is one of the systems and their data agreement.
electronic health records
in 4 states
Data shared with Google:
None yet, but the agreement allows Google access to patient health records, including data that identify individual patients.
Another partnership with the Rochester, Minn.-based Mayo Clinic allows Google access to personally identifiable information when needed, Mayo says. When the arrangement was announced in September, the hospital system said publicly that data wouldn’t include names or other identifiable details.
Mayo Clinic and Intermountain say their deals with the search giant are structured to protect patient privacy and security.
The issue began drawing widespread attention in November, when The Wall Street Journal reported on Google’s “Project Nightingale” partnership with Ascension, a Catholic chain of 2,600 hospitals, doctors’ offices and facilities, to crunch detailed information on 50 million patient records across 20 states and the District of Columbia.
Outcry over the Ascension deal, including a federal inquiry and objections from patients, shocked executives inside Google, and opened fissures in its top ranks over how to proceed, according to people with knowledge of the discussions. The head of Google Health, Dr. Feinberg, pushed to tell the public more about his division’s operations, but met resistance from longtime staffers who cite the company’s tradition of keeping potential new products under wraps.
A Google spokesman says the company has been transparent in its work in the field, publishing its research and making some data sets public.
Dr. Feinberg says the company was mistaken to begin building such a large, sensitive program outside of the public eye. At the outset, it wasn’t clear how the project would advance beyond initial, experimental steps. “We didn’t know what we were doing,” says Dr. Feinberg, a trained child psychiatrist and former chief executive of Pennsylvania hospital system Geisinger.
Dr. Feinberg’s triage is ongoing. On its website, Google’s cloud computing division until recently listed as a customer the large nonprofit health system Kaiser Permanente, something hospital representatives say isn’t accurate. Google removed the listing after inquiries from the Journal.
“We are not actively doing anything today with Google,” says Kaiser Permanente vice president Elizabeth McGlynn. “We have to be very clear about who shares our values about protecting patient privacy. Not every tech company can satisfy that standard, and a lot of them come with baggage they have earned.”
The roots of Google’s move into health stretch back before the company’s founding in 1999.
Three years earlier, President Bill Clinton signed the Health Insurance Portability and Accountability Act, or HIPAA, into law. The legislation was intended to help individuals maintain their health plans and combat rising costs by accelerating a shift to electronic health records. Its more famous legacy, however, has become its rules on health data.
Though patients commonly believe HIPAA prevents doctors from sharing their data, in practice it can do the opposite. The rules are written broadly enough for health-care systems to share personally identifiable patient data with a broad array of business associates for help with functions closely related to health care, such as quality assurance or practice management.
So long as hospitals post notices that such agreements generally exist, they don’t have to tell patients proactively who these third parties are or what personal data they can access.
Google has long seen health data as a natural extension of its stated mission to organize information. Parent Alphabet Inc. also boasts divisions that work on extending life, early detection of disease, wearable devices and drone delivery for prescriptions.
In 2011, Google shut down a one-stop medical-records collection platform that required patients to input personal information themselves. “Few consumers,” said one research analyst, “are interested in a digital filing cabinet for their records.”
A few years later, under the code name “Guardian,” Google began building exactly that—except in a way that didn’t give patients choice in the matter.
At first glance, Guardian, currently in testing, looks much like the company’s flagship search engine. Type in a patient name and a pull-down menu offers auto-fill suggestions. One click reveals personal patient information like vital tests, surgical history and identifiable information—culled in real-time from health system data portals.
Ascension, based in St. Louis, was eager to pilot the program. The chain’s records, like many hospitals’, are a patchwork maze with little consistency from state to state, impeding efforts to standardize care.
Ascension executives told a small circle of staff about the project in May at meetings attended by Google staffers who passed out free Google T-shirts, pins and notebooks. Millions of patient records were soon shared. Among the goals laid out in internal documents reviewed by the Journal: to predict procedures that patients might need, and identify “missed opportunities for revenue.”
electronic health records
in 20 states
Data shared with Google:
Patient health records, including:
Other details that identify
After the Journal’s report, Ascension narrowed network access among its own staff and some at Google to information about Project Nightingale, people familiar with the matter say, adding that Ascension hasn’t re-examined its Google ties.
Federal investigators in the Department of Health and Human Services’ Office of Civil Rights in recent weeks began interviewing people close to Project Nightingale as part of an inquiry into what regulators called the “mass collection of individuals’ medical records” and whether security or privacy were sacrificed. Google earlier said it would cooperate, and an HHS spokeswoman declined to give an update.
Ascension’s innovations and strategy chief, Eduardo Conrado, says hospital officials retain oversight of Google, control the data and audit access. “In all of this work, access to our private cloud and the clinical information contained within it is controlled, logged and monitored by Ascension,” Mr. Conrado said in an email.
Google Health’s roughly 1,000 employees are headquartered in a beige, unmarked office complex a few miles from Google’s sprawling Mountain View, Calif., main campus.
The head of Google Health, Dr. Feinberg, is a former Pennsylvania hospital system executive who joined Google one year ago. Dr. Feinberg holds medical and business degrees and exercises for two hours each day beginning at 4 a.m. He boasts about his $5 Wal-Mart fleece jacket, and is an astrology enthusiast.
“I’m positive,” Dr. Feinberg says to a reporter good naturedly, if inaccurately, “you’re Sagittarius.”
Dr. Feinberg says Google should be more transparent about its plans in health care, though he won’t say how many personal health records the company can currently view.
Reiterating what Google has told lawmakers and industry executives in private meetings over the past two months, Dr. Feinberg says he operates on a personal directive from Mr. Schmidt: “Don’t worry about making money.”
Share Your Thoughts
How should tech companies balance patient privacy concerns with pursuing health-care advances? Join the conversation below.
When it comes to Google Health initiatives such as using artificial intelligence to diagnose illnesses, Dr. Feinberg says the company may give consumers a choice on whether to participate.
“All that other scary stuff—we’re going to be so explicit about it,” Dr. Feinberg says. “Most people I think would say ‘Yeah, it’s great.’ And some people can say, ‘I hate Google, no.’ ”
He says he wants patients to be fully informed of how their data may be used: “I want to get the moment of consent there.”
Yet he is reluctant to allow people to opt out of Google’s core health-search tool. He likens that to a physician knowingly offering substandard care, he says.
“If you believe me that all we are doing is organizing that information to make it easier for your doctor, I’m going to get a little paternalistic here: I’m never going to let that get opted out,” Dr. Feinberg says. “It’s going to screw up your treatment. We’re not going to be able to take care of you.”
Dr. Feinberg says he can see how the company’s track record might make that a tough pill to swallow. Google Health’s DeepMind unit three years ago admitted errors in accessing 1.6 million U.K. patient records.
“There’s a disbelief that what we say we’re doing is what we are actually doing. And I think that’s Google’s fault,” says Dr. Feinberg, 57. “There’s been missteps, right? We’ve got to own that. And that’s why we’ve got to do even better.”
The Google spokesman’s email said the company is proud of its efforts in the field, which are focused on using its expertise to “boost access to quality care, free up providers’ time so they can focus on patients, and expand the frontiers of medicine.”
There are other deals that bear a resemblance to the Ascension arrangement.
Intermountain has for roughly a year had an agreement that permits Google access to patient health records, according to people familiar with the matter. The scope of the agreement, and its lack of detailed public disclosure, is similar to Google’s Ascension partnership. Intermountain discussed working on a beta version of Google’s Guardian search tool with patient medical records.
Intermountain spokesman Daron Cowley said the hospital didn’t share data that identified patients with Google. He said Intermountain’s agreement with Google continues, but said it has no current projects with the company.
Google and its partners say patient data being shared is often “de-identified,” or aggregated without personal information such as names and birth dates, but there are indications that avoiding such details is likely to be a challenge.
University of Chicago Medical Center
electronic health records
in 1 state
Data shared with Google:
Patient medical records stripped of data that directly identify individuals, such as names, addresses and phone numbers. Shared records include:
Dates of medical care, a potential identifier
A federal lawsuit from a patient in Illinois alleges that one such arrangement between Google and University of Chicago Medical Center includes information that could be traced back to an individual using other data the search-engine holds.
Google and the University of Chicago deny that, saying they comply with federal privacy laws and have moved to dismiss the lawsuit.
“You can’t put knowledge in a box,” said Deven McGraw, an advisor to Alphabet’s life-sciences arm and chief regulatory officer of health startup Ciitizen. “If people can learn things, machines can learn things better and faster. It can’t be contained.”
In September, Google and the Mayo Clinic announced a partnership to “solve complex health care problems.” Patient data would remain private and devoid of identifiable personal information, Mayo officials said then.
What neither Mayo nor Google disclosed at the time was that the Mayo contract with Google permits Mayo to share personally identifiable health data in the future, executives say. “It was not our intention to mislead the public,” Mayo Chief Information Officer Cris Ross now says.
Mr. Ross and Google both say Mayo hasn’t yet shared personal patient data with the search giant, and that it would do so only if absolutely necessary. A Mayo spokeswoman says the health system may split with Google rights to products developed under the partnership.
“We have a moral obligation,” Mr. Ross says, “to pursue discovery and advance cures for people.”
As Google has moved to expand its data collection, some potential partners have been put off by what they viewed as the company’s aggressive maneuvers to acquire data without providing enough information on how it would be used.
Google pushed one medical-data manager not to share data with other companies, according to a person familiar with the pitch.
As part of its huge offer for Cerner, whose software is embedded in doctors’ offices in 30 countries, Google used its size to its advantage. Google Cloud executives offered that other arms of the conglomerate would buy unspecified other services from Cerner, people familiar with the matter say.
Cerner ultimately accepted a less generous offer from Amazon, in part because the company decided Amazon was more trustworthy on security, according to one of these people.
Existing players in the health-care data market also fear that the tech giant will gain too much power in their industry. Some hospital and technology executives say they declined deals with Google lest it become a future competitor.
“We could never pin down Google on what their true business model was,” says a Cerner executive involved in the discussions.
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8