Google Violated HIPAA Regulations, According to Lawsuit Filed Wednesday

Eoin Hudson News

The takeaway: According to a lawsuit filed 6/26 Google’s partnership with the University of Chicago Medical Center, which gave them access to patient health data, violated HIPAA regulations. This is part of a growing trend of tech companies running afoul of healthcare regulators as they race to grab a portion of the ever-expanding health-tech market.

Hyperproof summary: Google partnered with the University of Chicago Medical Center in a bid to accelerate the development of machine-learning diagnostic tools using deidentified patient health data. At issue is that the University of Chicago never received consent from the patients who could potentially be reidentified if the shared data was correlated with Google’s GPS information. This, the plaintiff’s contend, “put patients’ privacy at grave risk.”

The University of Chicago stated the lawsuit was “without merit.” Evidence of a privacy breach or the use of patient information beyond the planned scope has not been provided.

This is the second time Google has faced legal action relating to the company’s use of health data. A deal between the UK’s National Health Service (NHS) and Google subsidiary DeepMind Health, which gave the latter access to the full records of 1.6 million patients, was found to be illegal by UK data security standards in 2017.

While HIPAA infractions carry a heavy cost—both to a company’s bottom line and reputation—these risks are unlikely to outweigh the rewards predicted for pioneers in the health-tech industry.

Organizations that can effectively comply with HIPAA regulations without sacrificing innovation will quickly distance themselves from the competition, in both market and investment share.


Click here to view the complete Business Insider article