Digitizing and sending medical data to Google sounds like a bad idea


wp header logo 242.png
wp header logo 242.png

Recent events have brought big tech’s involvement in healthcare back into focus. The fatal shooting of UnitedHealthcare CEO Brian Thompson sparked widespread debate about the US for-profit healthcare industry. Its parent company, UnitedHealth Group, was responsible for the largest healthcare data breach in US history, but another major corporation holds a vast amount of US healthcare data.

Google has access to hundreds of millions of US patient records through partnerships and collaborations in the healthcare industry. The latest Health Connect app update, now in the Android 16 developer preview, expands this by adding support for uploading your own medical records. Google isn’t immune to data breaches and is facing scrutiny following its recent leak, making us question if uploading sensitive medical data is safe.

While digitizing medical data could revolutionize healthcare, systemic inefficiencies, weak security measures, and a lack of trust in big tech make it risky. These vulnerabilities expose patients to data theft, scams, fraud, and exploitation. If patients can’t trust healthcare companies like UnitedHealth Group to safeguard sensitive health data, why should they believe digitizing and uploading healthcare data to a big tech company like Google is a good idea?

Related


What is Health Connect and how do I use it?

What you need to know about the local Android service that connects all your fitness apps

How Google gains access to healthcare data

A photo of the Google Pixel 9 Pro's Health Connect Menu with out-of-focus trees in the background.

Google’s Project Nightingale made headlines in 2019 for collecting healthcare data through a partnership with Ascension. This data included names, diagnoses, lab results, and hospitalization records. The data-sharing agreement complied with HIPAA’s business associates provisions, which permit third-party data sharing to improve operations. However, the lack of patient approval made the agreement controversial.

Similarly, Google’s DeepMind accessed 1.6 million NHS patient records in the UK through a partnership with the Royal Free London NHS Foundation Trust. The project sought to improve early kidney disease diagnosis using Google’s AI and machine learning. However, the data-sharing agreement was later found to violate UK privacy regulations due to a lack of patient consent.

With the release of the first developer preview of Android 16, we learned that Google’s Health Connect app would add support for uploading medical records. This update allows individuals to digitize, upload, and organize their healthcare data from their phones or favorite fitness trackers. The update focuses on immunization records, but future updates may include lab results, medications, and more. Users must grant permission for apps to access this data, which will be available through Google’s new APIs.

Data breaches and dangerous scams

Reuters report on the UnitedHealth Group's 2024 data breach

UnitedHealth Group’s data breach in February 2024 highlights the vulnerabilities within the healthcare industry and the critical risks of compromised medical data. Hackers exploited weak security protocols to access names, insurance details, Social Security numbers, and medical records. This type of stolen information is valuable and dangerous. It allows scammers to target individuals directly.

If you think this data breach may have impacted your information, visit the UnitedHealth website for information on what to do.

Scammers often use social engineering tactics to manipulate their targets emotionally and steal money or information. In an already broken system, where fighting health insurance companies for basic care is routine, and a single hospital visit can lead to bankruptcy, scam victims are vulnerable to such manipulation. When dealing with serious conditions and navigating a healthcare system that can feel like it doesn’t care if you live or die, it’s easy to mistake scammers for another exploitative element of the system.

Healthcare-related data breaches are more common than many realize. The Department of Health and Human Services (HHS) publishes summaries of breaches involving the records of 500 or more patients. According to the HIPAA Journal, 4,419 breaches were reported between October 2009 and December 2021, with incidents increasing every year.

4,419 breaches were reported between October 2009 and December 2021, with incidents increasing every year since.

Stolen data allows scammers to target victims more effectively. The FTC reported a 14% increase in fraud losses from 2022 to 2023, with consumers losing over $10 billion in 2023. However, many scam victims do not report when it happens. According to the Global Anti-Scam Alliance’s annual report, international scammers stole over $1 trillion globally in 2024.

The consequences of healthcare data breaches can extend beyond financial harm. Stolen records can disrupt victims’ access to healthcare services, while attacks on providers can delay critical treatments and endanger patients’ lives or long-term health. Companies in the healthcare industry and Google have shown they can’t keep our data safe, so is uploading medical data worth the risk?

The benefits could outweigh the risks

A person is standing on stage during Google I/O in front of a big screen with the words "Health Connect" written underneath the logo of the service on a white background

Despite these risks, digitizing medical data and using Google’s advanced search and AI capabilities could revolutionize healthcare if implemented responsibly. Tools like Google’s Health Connect app updates, Google Cloud Healthcare Data Engine, and fine-tuned medical domain large language model (LLM) Med-PaLM 2 have the potential to benefit patients. Based on my experience, I believe these tools would have been invaluable when I needed them the most.

After undergoing a routine blood test in late 2015, I received an alarming call from a doctor. They informed me that my blood levels were significantly lower than normal and my blood cells had some abnormalities. That marked the beginning of a two-year journey through the healthcare system to find the cause. During that time, I visited doctors weekly across three hospitals in two states, saw over 20 specialists, and underwent hundreds of tests.

I quickly discovered how challenging it was to organize my medical data and navigate the US healthcare system. Multiple online portals that couldn’t communicate with each other added to the difficulty. To manage this, I digitized everything. I maintained spreadsheets to track test results, logged phone calls, and had an evolving document to share with new doctors to keep them informed.

I also researched every unfamiliar medical term I encountered so that I could communicate effectively, something Med-PaLM 2 could have assisted with. Without these efforts, I might never have recovered, as my condition was complex enough to be considered for submission to the Undiagnosed Disease Network (UDN). I wish a system had been available to make the process easier.

Related


Health Connect and GoogleLM could revolutionize lifelong healthcare

Here’s how two Google apps might revolutionize healthcare

I understand that not everyone can manage this, especially when dealing with the exhaustion of a potentially life-threatening condition. I largely attribute my success to the systems I created for easily searchable digitized medical data, a method for ensuring my doctors had the most up-to-date information without waiting for their systems to sync, and a way to communicate complex medical ideas effectively.

Cloud platforms with robust APIs and AI-driven tools offer the potential for easy access to medical information and the ability to translate clinical language into terms anyone can understand.

Cloud platforms with robust APIs and AI-driven tools offer the potential for easy access to medical information and the ability to translate clinical language into terms anyone can understand. Training AI systems requires large, diverse datasets, which digitized healthcare data can provide. However, these advancements rely on trust. In today’s climate, trusting a mega-corporation to implement the best safeguards is increasingly difficult.

A broken system stands in the way

Google's keynote address on its DeepMind project

DeepMind and digitized medical data could revolutionize healthcare, but the broken US healthcare system and its for-profit model create an easy opening for exploitation and public distrust. Often, healthcare companies, not individuals, digitize and share this data, and past behavior shows they prioritize profits over protecting patient information. Scammers thrive in this environment, exploiting stolen healthcare data for identity theft, financial fraud, and blackmail.

Tech companies like Google won’t fix the system, but their powerful advancements in AI, cloud infrastructure, APIs, and systems for searchable content have the potential to improve it. This technology could be transformative if healthcare providers, tech companies, and policymakers prioritize strong encryption, safeguards, and regulations. Uploading our fitness data isn’t as big of a deal, and Health Connect now supports scheduled exports. However, the systemic issues within the US healthcare system continue to leave sensitive patient data vulnerable. Without significant reforms, digitizing and sending sensitive medical data to Google will continue to sound like a bad idea, and for good reason.

source