There has been a lot of interest around Google's collaboration with Ascension, so the company is trying to explain how it handles your personal health information.

"Google has spent two decades on similar problems for consumers, building products such as Search, Translate and Gmail, and we believe we can adapt our technology to help. That’s why we’re building an intelligent suite of tools to help doctors, nurses, and other providers take better care of patients, leveraging our expertise in organizing information, "said Dr. David Feinberg, Head of Google Health.

"One of those tools aims to make health records more useful, more accessible and more searchable by pulling them into a single, easy-to-use interface for doctors. Ascension is the first partner where we are working with the frontline staff to pilot this tool," he added.

Health information is complex—there are misspellings, different ways of saying the same thing, handwritten scribbles, and faxes. Healthcare IT systems also don’t talk well to each other and this keeps doctors and nurses from taking the best possible care of you. Policymakers and regulators across the world (e.g., CMS, HHS, the NHS, and EC) have called this out as an important issue. Feinberg says that Google is "committed to help, and it’s why we built this system on interoperable standards."

To deliver such a tool to providers, the system must operate on patients' records. Feinberg says that Google's work "adheres to strict regulations on handling patient data, and our Business Associate Agreement with Ascension ensures their patient data cannot be used for any other purpose than for providing our services—this means it’s never used for advertising."

To ensure that Google's tools are safe for Ascension doctors and nurses treating real patients, members of the company's team might come into contact with identifiable patient data. Because of this, Google has stricted controls for the limited Google employees who handle such data:

• Google says it develops and tests its system on synthetic (fake) data and openly available datasets.
• To configure, test, tune and maintain the service in a clinical setting, Google says that "a limited number" of screened and qualified Google staff may be exposed to real data. These staff undergo HIPAA and medical ethics training, and are individually and explicitly approved by Ascension for a limited time.
• Google has also technical controls to further enhance data privacy. Data is accessible in a strictly controlled environment with audit trails—these controls are designed to prevent the data from leaving this environment and access to patient data is monitored and auditable.
• Google will further prioritize the development of technology that reduces the number of engineers that need access to patient data (similar to our external redaction technology).

The company also participates in external certifications, like ISO 27001, where independent third-party auditors come and check Google's processes, including information security controls for these tools.