[BreachExchange] Google, U of Chicago hit with lawsuit over patient data sharing

Destry Winant destry at riskbasedsecurity.com
Fri Jun 28 10:36:19 EDT 2019


https://www.beckershospitalreview.com/legal-regulatory-issues/google-u-of-chicago-hit-with-lawsuit-over-patient-data-sharing.html

The University of Chicago Medical Center and Google were served with a
lawsuit on June 26 that alleges the hospital violated HIPAA by sharing
thousands of patients' records with the technology giant without
hiding date stamps or physicians' notes, according to The New York
Times.

Google partnered with the University of Chicago and its medical center
in 2017. The goal was to unlock data within patient records and
improve predictive analysis. Google has been exploring ways technology
can be used to read EHRs and help physicians identify medical
conditions.

"We believe our health care research could help save lives in the
future, which is why we take privacy seriously and follow all relevant
rules and regulations in our handling of health data," a Google
spokesperson told NYT.

The University of Chicago has denied the allegations of wrongdoing.

"The claims in this lawsuit are without merit," a university
spokesperson told NYT. "The University of Chicago Medical Center has
complied with the laws and regulations applicable to patient privacy."

The lawsuit claims that the University of Chicago Medical Center and
Google violated HIPAA because the records used for research included
date stamps of when patients checked in and checked out of the
hospital.

Google published a research paper last year that included EHR data
from University of Chicago Medicine patients from 2009 to 2016. The
records included patient demographics, diagnoses, procedures,
medication and other data. Google said it "de-identified" the records,
but "dates of services were maintained."

The lawsuit did not offer evidence that Google misused patient
information. The university has been accused of consumer fraud and
fraudulent business practices.

The lawsuit was filed on behalf of a former University of Chicago
Medical Center patient who visited the hospital on two occasions in
June 2015.


More information about the BreachExchange mailing list