HIPAA, Medical Privacy and Project Nightingale

HIPAA and Medical Privacy

The Wall Street Journal and several medical sources reported recently that Google and Ascension, a nonprofit considered to be the second largest health system in the U.S. have entered into a project “to collect and crunch the detailed personal-health information of millions of people across 21 states.”  See “Googles ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans”” WSJ, November 11,2019.  This project and others likely to come from various sources raise the issue how much privacy are Americans willing to exchange for potential better health results.   

By now most Americans are probably familiar with the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, if not otherwise then at least through the regularly received privacy notices received from providers stating their privacy policies.  The privacy policies typically indicate they expect to share information with related businesses and other circumstances where information will be provided to outside organizations.   If you read the notices you realize that the expected group of organizational recipients is fairly broad.  Google and Ascension’s initiative is thought by some to go beyond  conditions laid out in HIPAA or alternatively that HIPAA might potentially need to be modified somewhat to deal with new technologies and conditions.  While Google asserts that action has been taken to protect the private individual data of patients, the data under consideration would include lab results, doctor diagnoses and hospitalization records, among other categories.

According to the Wall Street Journal article, Google wants to design new software underpinned by advanced artificial intelligence and machine learning that zeroes in on individual patients to suggest changes to their care.  In other words by accumulating data and combining this information with artificial intelligence  Google and Ascension expect to improve outcomes, reduce costs and save lives.  Id. This analysis would indicate that the individual patient as well as the group of which he or she is a member would benefit.

  I have myself had occasion to see how this kind of information system can work when health care providers share information.  One example, Epic, several months ago announced a massive data compilation effort intended to gather de-identified patient information from participating systems.  The intent is to improve health care decisions.  See “Epic to gather records of 20 million patients for medical research,” https://www.healthdatamanagement.com/news/epic-to-gather-records-of-20-million-patients-for-medical-research.   A further result of the information gathering process can be the ability of patients to log into their charts and obtain information, for example, to obtain test results online.

A patient being released from rehab may need placement in a longer term nursing home setting.  If the rehab or hospital needs to share information to allow the nursing home to make a decision this information can be available seamlessly to them through one or more systems containing megadata regarding the patient.   

All of this might raise a related question on an individual level.  I have often asked the question what was the purpose of HIPAA in the first place.  Surely Congress was not considering for a project as massive in its reach as national legislation the question whether individuals were able to access other individual’s medical information.  When we look at the massive data files that are accumulated and shared among hospitals, insurers, and health care providers generally it seems clear that the reason for HIPAA is to allow sharing of megadata and to provide rules regarding this. 

On the other hand from the perspective of an attorney representing individuals dealing with the health care system as we do, HIPAA is frequently used as an excuse to deny individuals access to health care information that may be desperately needed to complete forms, obtain care, make medical decisions, and obtain reimbursement from insurers for loved ones.  For this reason among others we as elder law attorneys urge individuals to have Health Care Powers of Attorney appointing agents to act on their behalf when they become disabled.  Health Care Powers should specifically reference HIPAA.  A Living Will alone without this reference does not accomplish the same result. With a Health Care Power this gives their Agent access to information needed to move forward.

We also strongly recommend Financial Powers of Attorney to complete the picture.  While many plan their Wills, lifetime planning has become a critical element especially with people living longer through serious and chronic illnesses.

About the Author Janet Colliton

Esquire, Colliton Law Associates, P.C. Janet Colliton has practiced law for over 38 years, 37 of them in Chester County, Pennsylvania, a suburb of Philadelphia. Her practice, Colliton Law Associates, PC, is limited to elder law, Medicaid, including advice, applications and appeals, and other benefits planning including Veterans benefits, life care and special needs planning, guardianships, retirement, and estate planning and administration.

follow me on:

Leave a Comment: