Skip to Main Content

A federal regulator is investigating whether the federal privacy law known as HIPAA was followed when Google collected millions of patient records through a partnership with nonprofit hospital chain Ascension.

The probe, first reported by the Wall Street Journal Tuesday night, was opened by the Department of Health and Human Services’ Office for Civil Rights. “OCR would like to learn more information about this mass collection of individuals’ medical records with respect to the implications for patient privacy under HIPAA,” Roger Severino, the office’s director, said in a statement to STAT.


The initiative, code-named “Project Nightingale,” gave Google the ability to analyze personal health information, including names and birth dates, compiled by Ascension, with the goal of helping deliver more personalized medical treatment. The Journal reported that patients and physicians were not informed of the project, though Ascension said that some clinicians and nurses were involved.

Unlock this article by subscribing to STAT+ and enjoy your first 30 days free!