According to the suit filed on Wednesday night on behalf of patients whose data was included in the partnership and filed in US District Court for the Northern District of Illinois, the agreement to study the application of machine learning to health care violated privacy laws governing the sharing of medical information.
“While tech giants have dominated the news over the last few years for repeatedly violating consumers’ privacy, Google managed to fly under the radar as it pulled off what is likely the greatest heist of consumer medical records in history,” the lawsuit alleges.
The original collaboration was aiming to study how artificial intelligence (AI) could be used to improve health care by enabling doctors to make better predictions and decisions about their patients. Google says that its AI can lower health care costs and ultimately save lives.
The lawsuit claims the hospital didn’t properly anonymize the patient data shared with Google as required by the 1996 Health Insurance Portability and Accountability Act (HIPAA). The filing alleges that dates included in the health records could easily be used by Google, in combination with its vast stores of user data, to identify the patients, noting that Google “has in its possession detailed geolocation information that it can use to pinpoint and match exactly when certain people entered and exited the University’s hospital.”
Ashley Heher, a spokeswoman for the University of Chicago Medical Center, said the center has complied with all privacy and health laws, cited by the Hill.
“The Medical Center entered into a research partnership with Google as part of the Medical Center’s continuing efforts to improve the lives of its patients,” she added. “That research partnership was appropriate and legal and the claims asserted in this case are baseless and a disservice to the Medical Center’s fundamental mission of improving the lives of its patients. The University and the Medical Center will vigorously defend this action in court.”
"We believe our healthcare research could help save lives in the future, which is why we take privacy seriously and follow all relevant rules and regulations in our handling of health data," Google spokesman Jose Castaneda said in an emailed statement. "In particular, we take compliance with HIPAA seriously, including in the receipt and use of the limited data set provided by the University of Chicago.”