Google Nearly Made 100,000 X-rays Public Before Privacy Concerns Buried Project

cyber security
According to a new report that was published today, there are some big concerns surrounding Google's efforts to further expand its reach into the healthcare sector. The report, which comes to us via The Washington Post, says that Google was on the verge of making over 100,000 chest X-rays of patients public before having to back down over serious privacy concerns.

Back in 2017, Google partnered with the National Institutes of Health (NIH) to analyze 112,000 chest X-rays from over 30,000 patients. According to the Post, many of these patients were afflicted with some form of lung disease. Google's aim was to host these images publicly, then use TensorFlow machine learning to identify specific markers that could allow doctors to diagnose lung disease in future patients. 

Google was tasked with removing all personally identifiable patient data from the X-rays -- with the help of the NIH -- but employees working on the efforts were under pressure to meet a July 21st, 2017 deadline. It was on that date that Google was set to publicly announce the project and its advances in article intelligence in the healthcare sector. 


Two days before the scheduled announcement, however, Google was warned that of the 112,000 X-rays procured, dozens still included personally identifiable information. The Post states that some of the information included scan dates, and "distinctive jewelry" that could be used to identify a person. Once Google's lawyer's caught wind of the snafu and potential violations of HIPAA, the company purged all of the X-rays from its servers and ended the project.

"We take great care to protect patient data and ensure that personal information remains private and secure,” Google spokesman Michael Moeschler explained in a statement to the Post. “Out of an abundance of caution, and in the interest of protecting personal privacy, we elected to not host the NIH dataset. We deleted all images from our internal systems and did not pursue further work with NIH.”

All of this could be simply dismissed as a small slip-up that involved just a handful of records out of over 100,000 – and one that we might add was caught before serious damage could be caused -- but these lapses will carry even more significant weight going forward considering that Google has launched Project Nightingale. With Project Nightingale, Google has been mining patient medical data in collaboration with Ascension in over 2,600 hospitals and medical facilities. In total, Google has access to medical records of tens of millions of Americans.

"By working in partnership with leading healthcare systems like Ascension, we hope to transform the delivery of healthcare through the power of the cloud, data analytics, machine learning, and modern productivity tools—ultimately improving outcomes, reducing costs, and saving lives," said Tariq Shaukat, President, Google Cloud when announcing the partnership.

Given Google's privacy and security lapses in the past with cloud data, many Americans are rightfully concerned about it having access to sensitive medical records.