On June 26, Google and the University of Chicago’s medical center were hit with a lawsuit over what Jay Elelson, founder of law firm Edelson PC, says he believes is the “most significant health care data breach case in our nation’s history.”
According to The New York Times, the lawsuit accuses the university of “sharing hundreds of thousands of patients’ records with the technology giant without stripping identifiable date stamps or doctor’s notes.” The lawsuit also, “accuses the university of consumer fraud and fraudulent business practices because it never received express consent from patients to disclose medical records to Google.”
The university denies the accusations, saying through spokeswoman Lorna Wong, “The University of Chicago Medical Center has complied with the laws and regulations applicable to patient privacy.”
The Health Insurance Portability and Accountability Act (HIPPA), was enacted in 1996 to protect patient privacy rights. Compliance demands that medical firms must “de-identify” all patient data before sharing information with other institutions. This includes “admission and discharge dates,” according to the Times.
The Times says because Google had access to those dates, the tech giant could use “information it already knew, like location data from smartphones running its Android software or Google Maps and Waze, to establish the identity of the patients in the medical records.”
This does not bode well for the privacy of the American people, considering Google “knows what you search for, where you are and what interests you hold,” according to the Times.