por
John R. Fischer, Senior Reporter | July 05, 2019
The University of Chicago Medical
Center is accused of illegally sharing
personal patient information with
Google
The University of Chicago Medical Center and Google may soon be headed to court over allegations of violating federal privacy law.
A class action lawsuit filed by Edelson P.C. on behalf of plaintiff Matt Dinerstein accuses the hospitals of sharing patient health records with the internet giant, which allegedly used information such as datestamps and free-text notes, to create its own EHR management system.
“Only months after the transfer was complete did it become public that the datestamps, along with free-text notes data, were only provided by the University, and not by any other hospital working with Google,” Dinerstein
told Cook County Record. “That’s not simply a coincidence or a failure to persuade on the part of Google. Rather, the reason no other hospital, including the other health care providers partnering with Google, provided this type of information is because it would be a prima facie violation of HIPAA to share or even receive medical records in this form.”
The university’s patient admission forms prohibit the disclosure of records to third parties for commercial uses, according to the suit. Google and UC are said to have lied that the records did not contain individual patient information due to including “detailed datestamps” and “copious free text notes,” and that most “hospitals, researchers and health care providers alike” denied Google’s effort, as it violated the Health Insurance Portability and Accountability Act (HIPAA).
The University of Chicago Medical Center denies all allegations. “The claims in this lawsuit are without merit. The University of Chicago Medical Center has complied with the laws and regulations applicable to patient privacy," a spokesperson told HCB News in a statement. "The Medical Center entered into a research partnership with Google as part of the Medical Center’s continuing efforts to improve the lives of its patients. That research partnership was appropriate and legal and the claims asserted in this case are baseless and a disservice to the Medical Center’s fundamental mission of improving the lives of its patients. The University and the Medical Center will vigorously defend this action in court.”
It goes on to say that using geolocation information, “Google — as one of the most prolific data mining companies — is uniquely able to determine the identity of almost every medical record the university released,” and that it planned to obtain the EHRs of nearly every UC Medical Center patient from 2009 to 2016 and then “file a patent for its own proprietary and commercial EHR system that wouldn’t be published until well after it had obtained hundreds of thousands of EHRs from the university.”