Google’s Care Studio patient record search tool to pilot at Beth Israel Deaconess Medical Center

A cleaned-up Project Nightingale? Beth Israel Deaconess Medical Center (BIDMC) in Boston announced their participation in a pilot with Google of Care Studio, described in the BIDMC press release as “a technology designed to offer clinicians a longitudinal view of patient records and the ability to quickly search through those records through a single secure tool.” In other words, it’s like Google Search going across multiple systems: the BIDMC proprietary EHR (WebOMR), core medical record system, and several clinical systems designed for specific clinical specialties. All the clinician need do is type a term and the system will provide relevant information within their patient’s medical record from these systems, saving time and promoting accuracy. (See left)

The BIDMC pilot will use a limited group of 50 inpatient physicians and nurses, to assess the tool’s quality, efficacy, and safety of its use. Technical work starts this month.

At the end of the BIDMC release, it’s carefully explained that the tool is “designed to adhere to state and federal patient privacy regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and industry-wide standards related to protected health information. BIDMC and Google Health have entered into a Business Associate Agreement (BAA) to ensure that both parties meet patient privacy obligations required under HIPAA. BIDMC patient data will be stored and maintained in a protected environment, isolated from other Google customers.” (Editor’s emphasis) The BAA was inked in 2018.

Without referring to it, it addresses the controversy surrounding Google’s Project Nightingale and Ascension Health, a major privacy kerfuffle pre-COVID that broke in early November 2019. From the TTA article, edited: “Google’s BAA allowed them apparently to access in the initial phase at least 10 million identified health records which were transmitted to Google without patient or physician consent or knowledge, including patient name, lab results, diagnoses, hospital records, patient names and dates of birth.” Ascension maintained that everything was secure and Google could not use data for marketing or other purposes not connected to the project, but handling was under wraps and Google employees had access to the data. Ascension’s core agreement was about migration of data to Google Cloud and providing G Suite tools to clinicians and employees. But apparently there was also a search tool component, which evolved into Care Studio.

Health and Human Services (HHS) Office of Civil Rights, which governs privacy, announced at the time an investigation. The only later reference this Editor was able to locate was in HIPAA Journal of 5 March 2020 regarding the request of three Senators from both sides of the aisle demanding an explanation on the agreements and what information Google employees accessed. The timing was bad as then COVID hit and all else went out the window. In short, the investigations went nowhere, at least to the public.

It would surprise this Editor if any questions were raised about Care Studio, though BIDMC’s goal is understandable and admirable. Also Becker’s Hospital Review, FierceHealthcare

News roundup: Kompaï debuts, Aging Tech 2020 study, Project Nightingale may sing to the Senate, Amwell, b.well, Lyft’s SDOH, more on telehealth for COVID-19

Believe it or not, there IS news beyond a virus!

France’s Kompaï assistance robot is finally for sale to health organizations, primarily nursing homes and hospitals. Its objective, according to its announcement release, is to help health professionals in repetitive daily tasks, and to help patients. It’s interesting that the discussion of appearance was to achieve a ‘slightly humanoid’ look, but not too human. The development process took over 10 years. (Here at TTA, Steve’s first ‘in person’ with the developers was in May 2011!) Kompaï usage mentioned is in mobility assistance and facility ‘tours’ and public guidance. Here’s Kompai in action on what looks like a tour. Press release (French/English)

Not much on robotics here. Laurie Orlov has issued her 2020 Market Overview Technology for Aging Market Overview on her Aging and Health Technology Watch, and everyone in the industry should download. Key points:

  • In 2020, aging technologies finally nudged into the mainstream
  • The older adult tech market has been recognized as an opportunity by such companies as Best Buy, Samsung, and Amazon. Medicare Advantage payers now cover some tech.
  • Advances plus smart marketing in hearing tech–one of the top needs in even younger demographics–is disrupting a formerly staid (and expensive)
  • The White House report “Emerging Technologies to Support an Aging Population” [TTA 7 March] first was an acknowledgment of its importance and two, would also serve as a great source document for entrepreneurs and developers.

The study covers the demographics of the older adult market, where they are living, caregiving, the effect of data breaches, optimizing design for this market, the impacts of voice-driven assistants, wearables, and hearables.

Project Nightingale may be singing to some US Senators. The 10 million Ascension Health identified patient records that were transferred in a BAA deal to Google [TTA 14 Nov 19], intended to build a search engine for Ascension’s EHR, continue to be looked into. They went to Google without patient or physician consent or knowledge, with major questions around its security and who had access to the data. A bipartisan group of senators is (finally) looking at this ‘maybe breach’, according to Becker’s. (Also WSJ, paywalled)

Short takes:  b.well scored a $16 million Series A for its software that integrates digital health applications for payers, providers, and employers. The round was led by UnityPoint Health Ventures….Lyft is partnering with Unite Us to provide non-emergency patient transportation to referred health appointments. Unite Us is a social determinants of health (SDOH) company which connects health and community-based social care providers….What happens if you’re a quarantined physician due to exposure to the COVID-19 virus? Use telehealth to connect to patients in EDs or in direct clinic or practice care, freeing up other doctors for hands-on care. 11 March New England Journal of Medicine….American Well is finally no more, long live Amwell. Complete with a little heart-check logo, American Well completed its long journey to a new name, to absolutely no one’s surprise. It was set to be a big reveal at HIMSS, but we know what happened there. Amwell blog, accompanied with the usual long-winded ‘marketing’ rationale They are also reporting a 10 to 20 percent increase in telehealth consults by patients (Becker’s)….Hospitals and health systems such as Spectrum Health (MI), Indiana University Health, Mount Sinai NY, St. Lukes in Bethlehem PA, and MUSC Health, are experimenting with COVID-19 virtual screenings and developing COVID-19 databases in their EHRs. The oddest: Hartford (CT) Healthcare’s drive-through screening center and virtual visit program. Is there an opportunity to cross-market with Wendy’s or Mickey D’s? After all, a burger and fries would be nice for a hungry, maybe sick, patient before they self-quarantine.

Google’s ‘Project Nightingale’–a de facto breach of 10 million health records, off a bridge too far?

Breaking News. Has this finally blown the lid off Google’s quest for data on everyone? This week’s uncovering, whistleblowing, and general backlash on Google’s agreement with Ascension Health, the largest non-profit health system in the US and the largest Catholic health system on the Planet Earth, revealed by the Wall Street Journal (paywalled) has put a bright light exactly where Google (and Apple, Facebook, and Amazon), do not want it.

Why do these giants want your health data? It’s all about where it can be used and sold. For instance, it can be used in research studies. It can be sold for use in EHR integration. But their services and predictive data is ‘where it’s at’. With enough accumulated data on both your health records and personal life (e.g. not enough exercise, food consumption), their AI and machine learning modeling can predict your health progression (or deterioration), along with probable diagnosis, outcomes, treatment options, and your cost curve. Advertising clicks and merchandising products (baby monitors, PERS, exercise equipment) are only the beginning–health systems and insurers are the main chance. In a worst-case and misuse scenario, the data modeling can make you look like a liability to an employer or an insurer, making you both unemployable and expensively/uninsurable in a private insurance system.

In Google’s latest, their Project Nightingale business associate agreement (BAA) with Ascension Health, permissible under HIPAA, allowed them apparently to access in the initial phase at least 10 million identified health records which were transmitted to Google without patient or physician consent or knowledge, including patient name, lab results, diagnoses, hospital records, patient names and dates of birth. This transfer and the Google agreement were announced by Ascension on 11 November. Ultimately, 50 million records are planned to be transferred from Ascension in 21 states. According to a whistleblower on the project quoted in The Guardian, there are real concerns about individuals handling identified data, the depth of the records, how it’s being handled, and how Google will be using the data. Ascension doesn’t seem to share that concern, stating that their goal is to “optimize the health and wellness of individuals and communities, and deliver a comprehensive portfolio of digital capabilities that enhance the experience of Ascension consumers, patients and clinical providers across the continuum of care” which is a bit of word salad that leads right to Google’s Cloud and G Suite capabilities.

This was enough to kick off an inquiry by Health and Human Services (HHS). A spokesperson confirmed to Healthcare Dive that “HHS’ Office of Civil Rights is opening an investigation into “Project Nightingale.” The agency “would like to learn more information about this mass collection of individuals’ medical records with respect to the implications for patient privacy under HIPAA,” OCR Director Roger Severino said in an emailed statement.”

Project Nightingale cannot help but aggravate existing antitrust concerns by Congress and state attorneys general on these companies and their safeguards on privacy. An example is the pushback around Google’s $2.1 bn acquisition of Fitbit, which one observer dubbed ‘extraordinary’ given Fitbit’s recent business challenges, and data analytics company Looker. DOJ’s antitrust division has been looking into how Google’s personalized advertising transactions work and increasingly there are calls from both ends of the US political spectrum to ‘break them up.’ Yahoo News

Google and Ascension Health may very well be the ‘bridge too far’ that curbs the relentless and largely hidden appetite for personal information by Google, Amazon, Apple, and Facebook that is making their very consumers very, very nervous. Transparency, which seems to be a theme in many of these articles, isn’t a solution. Scrutiny, oversight with teeth, and restrictions are.

Also STAT News , The Verge on Google’s real ambitions in healthcare, and a tart take on Google’s recent lack of success with acquisitions in ZDNet, ‘Why everything Google touches turns to garbage’. Healthcare IT News tries to be reassuring, but the devil may be in Google’s tools not being compliant with HIPAA standards.  Further down in the article, Readers will see that HIPAA states that the agreement covers access to the PHI of the covered entity (Ascension) only to have it carry out its healthcare functions, not for the business associate’s (Google’s) independent use or purposes.