Hospitals give tech giants access to detailed medical records


The hospitals have granted

Microsoft Corp.,

International business machines

Corp. and Inc.

the ability to access identifiable patient information under agreements to process millions of health records, the latest examples of the growing influence of hospitals in the data economy.

This breadth of access was not always explained by hospitals and technology giants when the agreements were closed.

The scope of data exchange in these and other recently reported agreements reveals a powerful new role played by hospitals, as brokers of technology companies competing in the $ 3 billion healthcare sector. The rapid digitization of health records in recent years and the privacy laws that allow companies to exchange patient data have positioned hospitals as the principal arbiter of how such confidential data is shared.

“Hospitals are massive containers of patient data,” he said.

Lisa Bari

Consultant and former leader of health information technology for the Center for Innovation of the Centers for Medicare and Medicaid Services.

Hospitals can share patient data as long as they comply with federal privacy laws, which contain limited consumer protections, he said. “The data belongs to who has it.”


What benefits and disadvantages do you see for technology companies that gain access to patient health records? Join the conversation below.

Microsoft and Providence, a hospital system in Renton, Washington, with data from approximately 20 million patient visits per year, are developing cancer algorithms by using the doctor’s notes in the patient’s medical records. The notes have not been stripped of personally identifiable information, according to Providence.

And an agreement between IBM and Brigham and Women’s Hospital in Boston to jointly develop artificial intelligence allows the hospital to share personally identifiable data for specific requests, said the people involved in the agreement, although so far the hospital has not done so and There are no current plans to do so, according to hospital and IBM officials.

Microsoft Executive

Peter Lee

In July, he described how his company would use Providence patient data without identifying information for algorithm development. In a December statement, he said that patients’ personal health data remains under Providence’s control and declined to comment further.

B.J. Moore,

The Providence information director said that the executives involved in that agreement initially planned to use data without information that would identify the patients; Then they discovered that they couldn’t remove everything from the doctors’ notes. “I had no intention of cheating,” he said.

Brigham and Women’s announced a 10-year agreement with IBM in February 2019.

David Westfall Bates,

The head of general internal medicine and primary care at the hospital said last year that the initial work would use data deprived of names and other identification details. In December, Dr. Bates said he had not publicly commented on IBM’s ability to access identifiable data, but that Brigham and Women would follow federal privacy rules if it did.

“Responsible data management is critical to our mission,” an IBM spokeswoman said.

The Fred Hutchinson Cancer Research Center in Seattle granted certain Amazon Web Services employees access to health information that identifies individual patients, a

Fred Hutchinson

said the spokesman. Hutch trained and tested the Amazon Web Services software designed to read medical notes.

An AWS spokeswoman said it does not use personally identifiable data protected by federal privacy laws to develop or improve its services.

The digitalization of medical records, laboratory results and patient diagnoses has created a booming market in which technology giants seek to store and process data, with the potential for innovative discoveries and lucrative products.

There are no indications of irregularities in the agreements. Company and hospital officials say they have safeguards to protect patients. Hospitals control the data, with privacy training and close monitoring of technology employees with access, they said. Health data cannot be combined independently with other data from technology companies.

But recent revelations that

Alphabet Inc.

Google has the ability to take advantage of personally identifiable medical data about patients, reported by The Wall Street Journal, has raised concerns among lawmakers, patients and doctors about privacy.

The Wall Street Journal also recently reported that Google has access to more records than were revealed in an agreement with the Mayo Clinic. Mayo officials say the agreement allows the hospital system in Rochester, Minnesota, to share personal information, although it has no current plans to do so. “It was not our intention to deceive the public,” he said

Cris Ross

May’s chief information officer.

Dr. David Feinberg,

Google Health chief said that Google is one of the many companies with hospital agreements that allow to share personally identifiable medical data to test products used in treatments and operations. Typically, companies do not disclose their use of such data, said Dr. Feinberg. “We don’t hide it.”

Amazon, Google, IBM and Microsoft compete for hospital businesses in the cloud storage market, in part by offering algorithms and technological features. To create and launch algorithms, technology companies are reaching separate agreements to access medical records data for pilot research, development and product projects.

The Health Insurance Portability and Accountability Act, or HIPAA, allows hospitals to send confidential information to business partners related to health insurance, medical devices and other services. The law requires hospitals to notify patients about the use of health data, but they do not have to ask for permission.

Data that can identify patients, including the name and Social Security number, cannot be shared unless such records are necessary for treatment, payment or hospital operations. Agreements with technology companies to develop applications and algorithms can fall under these broad umbrellas. Hospitals are not required to notify patients about specific offers.

“The patient has no absolute control. They don’t have much control,” he said.

Ellen Wright Clayton,

Professor of Biomedical Ethics at the University of Vanderbilt.

According to HIPAA, hospitals should disclose as little as possible about patients under the agreements. But in some cases, the minimum amount that technology companies need can be all in patient records.

Ascension, a Catholic chain with 150 hospitals in 20 states and the District of Columbia, is testing whether Google’s technology can accurately search and retrieve all information from a single patient, a widely known challenge that frustrates doctors and patients.

“By definition, this means that the” minimum “data set necessary for the creation of this capacity is the complete longitudinal record of medical care” for each patient, he said.

Eduardo Conrado

The head of strategy and innovation of Ascension.

Hospitals involved in the agreements say that the use of data is reviewed by the research ethics review boards or data usage committees, which may include compliance, law, technology, medicine and other experts.

Mayo’s data team will investigate future data requests for projects with Google, testing how much data to share, Mayo’s said

Lois krahn

A member of the data team. “We are a tremendously prudent and conservative organization,” he said.

Hospitals can also obtain financial gains from some agreements. The technology companies’ agreements with Providence, Mayo and Brigham and Women include intellectual property rights for hospital contributions to new products.

Some hospitals are saying no to technological agreements.

“We are not giving data to anyone,” he said

Jim Beinlich,

director of data information for Penn Medicine, the health system of the University of Pennsylvania. Penn Medicine stopped a possible research pilot with Microsoft in response to public concern over the Ascension agreement with Google. Hospital executives are drafting policies, such as how to inform patients about data exchange.

“We don’t have all the written road rules,” he said.

Write to Melanie Evans at

Copyright © 2019 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8



Please enter your comment!
Please enter your name here