A cleaned-up Project Nightingale? Beth Israel Deaconess Medical Center (BIDMC) in Boston announced their participation in a pilot with Google of Care Studio, described in the BIDMC press release as “a technology designed to offer clinicians a longitudinal view of patient records and the ability to quickly search through those records through a single secure tool.” In other words, it’s like Google Search going across multiple systems: the BIDMC proprietary EHR (WebOMR), core medical record system, and several clinical systems designed for specific clinical specialties. All the clinician need do is type a term and the system will provide relevant information within their patient’s medical record from these systems, saving time and promoting accuracy. (See left)
The BIDMC pilot will use a limited group of 50 inpatient physicians and nurses, to assess the tool’s quality, efficacy, and safety of its use. Technical work starts this month.
At the end of the BIDMC release, it’s carefully explained that the tool is “designed to adhere to state and federal patient privacy regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and industry-wide standards related to protected health information. BIDMC and Google Health have entered into a Business Associate Agreement (BAA) to ensure that both parties meet patient privacy obligations required under HIPAA. BIDMC patient data will be stored and maintained in a protected environment, isolated from other Google customers.” (Editor’s emphasis) The BAA was inked in 2018.
Without referring to it, it addresses the controversy surrounding Google’s Project Nightingale and Ascension Health, a major privacy kerfuffle pre-COVID that broke in early November 2019. From the TTA article, edited: “Google’s BAA allowed them apparently to access in the initial phase at least 10 million identified health records which were transmitted to Google without patient or physician consent or knowledge, including patient name, lab results, diagnoses, hospital records, patient names and dates of birth.” Ascension maintained that everything was secure and Google could not use data for marketing or other purposes not connected to the project, but handling was under wraps and Google employees had access to the data. Ascension’s core agreement was about migration of data to Google Cloud and providing G Suite tools to clinicians and employees. But apparently there was also a search tool component, which evolved into Care Studio.
Health and Human Services (HHS) Office of Civil Rights, which governs privacy, announced at the time an investigation. The only later reference this Editor was able to locate was in HIPAA Journal of 5 March 2020 regarding the request of three Senators from both sides of the aisle demanding an explanation on the agreements and what information Google employees accessed. The timing was bad as then COVID hit and all else went out the window. In short, the investigations went nowhere, at least to the public.