Microsoft, IBM, and Amazon have gained the ability to access identifiable patient information as they partner with hospitals to store their data and develop treatment algorithms.
Although hospitals and tech partners have promised to strip data of names and other identifying details, critics have expressed concern about privacy. Federal privacy laws contain few consumer protections on patient data, according to Lisa Bari, MBA, MPH, a consultant and former lead for health information technology for the Centers for Medicare and Medicaid Services Innovation Center. “The data belongs to whoever has it,” she told The Wall Street Journal. This puts hospitals in a powerful position as brokers to tech companies trying to break into the $3 trillion health care industry.
For example, Providence, a Washington-based hospital system with data for approximately 20 million patient visits per year, has partnered with Microsoft to develop algorithms for the management of patients with cancer using doctors’ notes in patient medical records. The company initially planned to strip the records of personally identifiable information, but later realized it could not remove all of this information from physicians’ notes.
In another instance, in February 2019, Brigham and Women’s Hospital in Boston announced a 10-year agreement with IBM to develop artificial intelligence. Chief of General Internal Medicine and Primary Care David Westfall Bates, MD, MSc, said that the work would only use patient data that had been stripped of identifiable details.
Within its partnership with Seattle-based Fred Hutchinson Cancer Research Center, certain Amazon employees can access patient health information, but a spokesperson said the company doesn’t use personally identifiable data protected by HIPAA to improve or develop services.
There currently is no evidence of wrongdoing in these partnerships, and officials at the hospitals and companies maintain that they have safeguards in place to protect patients.