Four Democratic leaders of the House Energy and Commerce Committee on Monday sent letters to Google and Ascension requesting briefings and information related to the search giant’s partnership with the health system.
The committee chair and heads of three relevant subcommittees requested briefings on the data partnership, codenamed project Nightingale, by Dec. 6.
The agreement to collect and analyze health data received swift backlash from lawmakers and privacy advocates concerned about sensitive patient information after it was made public last week following a report from the Wall Street Journal.
In a press release posted hours after the Journal report, Google said Ascension – the country’s largest health nonprofit, which operates over 2,600 care centers – was using Google’s cloud services to “securely manage their patient data, under strict privacy and security standards.”
“While we appreciate your efforts to provide the public with further information about Project Nightingale, this initiative raises serious privacy concerns,” Reps. Frank Pallone (D-N.J), Anna Eshoo (D-Calif), Diana DeGette (D-Co.) and Jan Schakowsky (D-Ill.) wrote in the letters to the CEOs of each company.
“For example, longstanding questions related to Google’s commitment to protecting the privacy of its own users’ data raise serious concerns about whether Google can be a good steward of patients’ personal health information. Additionally, despite the sensitivity of the information collected through Project Nightingale, reports indicate that employees across Google, including at its parent company Alphabet, have access to, and the ability to download, the personal health information of Ascension’s patients.”
Lawmakers requested information on what data is being shared, how it is being used, to what extent employees of each company can access the information and how the data is being protected.
“We are happy to cooperate with any questions about the project,” a Google spokesperson said in a statement to The Hill. “We believe Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage.”
Ascension did not immediately respond to request for comment on the letters.
—Updated at 8:56 p.m.