The decision was made during the 2017 joint project conducted with the National Institutes of Health (NIH), when Google was moving quickly into health care, acquiring medical data from millions of patients. An anonymous source familiar with the project said that although Google and the NIH worked together to remove all identifying information from the X-rays, Google was rushing to meet a self-imposed deadline and did not give these privacy issues proper attention.
Publication of the X-rays was part of a showcase of the medical potential of Google’s cloud and AI tools. Datasets similar to those collected by the NIH are essential to building new diagnostic tools involving machine learning, and Google had already been using similar datasets to predict heart disease risk by examining eye scans and detect breast cancer from biopsies.
However, the X-rays contained personal information of the patients, and Google only realized it after it was informed of this by the NIH. According to the Post, this information included “the dates the X-rays were taken and distinctive jewelry that patients were wearing when the X-rays were taken.”
“We take great care to protect patient data and ensure that personal information remains private and secure ... Out of an abundance of caution, and in the interest of protecting personal privacy, we elected to not host the NIH dataset. We deleted all images from our internal systems and did not pursue further work with NIH,” a Google spokesperson said.
Earlier this week, The Wall Street Journal revealed details on Google’s “Project Nightingale,” in which it collected medical data from millions of patients in 21 US states as part of a deal to improve the record-keeping system of the Ascension medical group, triggering a government inquiry into the project. The Department of Health and Human Services announced that it will “seek to learn more information about this mass collection of individuals’ medical records” to ensure Google has not broken federal law.