When a whistleblower revealed the details of Project Nightingale, a collaboration between Google and the Ascension health system, he or she also surfaced critical flaws in the ways that health care and tech work together.
As part of the deal, Ascension, a nonprofit Catholic hospital system that operates in 21 states, gave Google access to millions of patient records, including names and birth dates. The goal of Project Nightingale was to build new tools that help doctors extract key information from patients’ medical records and deliver more targeted medical treatments. It would also make it possible for doctors to spend more time with patients and less time combing through endless layers of electronic health data.
The problem was that the hospital system gave Google access to this mountain of data without the knowledge of doctors or patients. After the news broke, stories emerged questioning compliance with privacy laws and whether Google had plans to monetize the data it received. Lawmakers have voiced similar concerns.
This isn’t an isolated incident. There have been other hiccups over the years as tech and health care have increasingly gravitated towards one another. Think IBM Watson, Memorial Sloan Kettering’s alliance with Paige.AI, and the fall of Outcome Health. These gaffes are exacerbating an already frayed trust between the public and the tech industry.
We must act now, before new regulatory barriers and other problems arise that set digital health back for years. We are calling on those working in our respective industries to change our ways. We must lead by example to fully realize the potential of health care technology partnerships to improve both the outcomes and experience for patients and clinicians.
Culture compromise
The cultures of tech and health care are fundamentally different, so it’s easy to see why collaborations between the two run into trouble. Tech is about working fast, in secrecy, with a small set of designers and engineers. It aims to create buzz, sell a vision, and get a product to market as quickly as possible. It recognizes that even though a product may not be perfect right away, iterative work can make it better.
Health care moves at a more measured pace, mainly because patients’ lives are at stake. Developing a new medicine requires proving its efficacy and safety, which often takes decades and billions of dollars. It requires exposing the results and data to the scrutiny of peers and regulators. It’s about putting patients first and developing something that works and is safe, even if it takes longer.
Despite these fundamental differences, there are opportunities for tech and health companies to develop tools that complement traditional medical care by guiding patients to the right treatment, detecting health problems earlier, and much more. There’s so much to gain if this is done well. And yet, we must overcome the friction that occurs when we work with one another.
This friction is understandable. Tech wants health care to move faster. Health care wants tech to slow down. Tech wants health care to buy its vision. Health care wants that vision backed up by evidence, not hype. This tension is stifling the progress of digital health. There have been too many examples of tech running roughshod over the principles of medicine. Startups like Theranos and uBiome, to name two, crashed and burned after misleading investors, regulators, and customers about their capabilities.
Tech within health care, as a result, has lost credibility with the public, and even companies playing by the rules will be met with skepticism. The resulting “trust vacuum” has the potential to create additional barriers to progress and stall projects even before they get off the ground.
On the health care side, there are countless examples of an industry that, unless pushed, has been slow to adopt innovations in digitization and information technology. Even with the widespread adoption of electronic health records (which required a governmental mandate to achieve), different health systems still can’t effectively share data. As a result, health care is far behind other industries in integrating cutting-edge digital technologies.
We need to compromise. Health care needs to be more willing to partner effectively with tech and embrace a more iterative development style. Developing a digital tool in a rapid, iterative fashion requires a significant change in health care’s culture. But that’s a good thing. Health care could quickly learn what digital health tools work and get them into patients’ and clinicians’ hands.
Tech, on the other hand, needs to appreciate and respect the culture of health care and its mission to help patients achieve better health. Startups must generate evidence that their products improve outcomes. They and their financial backers need to be willing to invest in those studies. And, uncomfortable as it might be, tech companies must be open and honest about what they’re doing. Earning — and keeping — the public’s trust has to be just as important as anything else they do.
Honesty must be tech’s policy
The use of data in health care is fundamentally different than it is in other industries, such as retail. Most retail consumers accept that, by signing up for a frequent shopper card at their local supermarket or clothing store and receiving its associated discounts, they will be entered into a database and targeted with personalized ads.
But take this approach to medicine and it’s an entirely different story. Say a patient sees a doctor and during the visit provides him or her with personal information. If that information is later used to sell the patient new products, it would feel like a moral transgression — to both patient and provider. This possibility is one reason for the public outrage over the Google-Ascension deal. After the news broke, Google’s assurances that the data were being used only for good weren’t enough. The damage was done.
Patients aren’t just consumers. They trust their clinicians and the health care system with their lives. Tech companies need to treat this trust with respect. Tech needs to shed its stereotypical secrecy and be honest — even to the point of overcommunicating — if the goal is establishing trust. Tech can’t confuse the vision for its products with the reality of what they are and what they have (and haven’t) proven. Tech companies must be upfront with health care providers about a product’s stage of development and what they hope to achieve. If tech needs to use patient data to make digital health tools, the parties involved have a moral and legal obligation to let patients know what is happening and why.
Patient data is an incredibly valuable asset: It is the fuel for creating intelligent tools that could make health care better and cheaper. There are ways to manage this information safely and ethically. But that message must be explained more clearly going forward, and health and tech companies must do a better job respecting and alleviating the concerns people have — even before they have them.
Tech and health companies should be as transparent as possible at all points. If they feel like they can’t be, it’s time to ask, “Why not?” Stories like the Google-Ascension deal must prod us to redouble efforts toward transparency.
When health and tech companies decide to work together, we should commit to a digital health “Hippocratic oath.” Let’s proactively tell patients, the broader public, and every employee within our own organizations what we’re doing and why. Let’s say to everyone exactly how patient data will be used, how it will be protected, and how our work might benefit people in the long run. And let’s promise, publicly, that the data won’t be used for any other reason than to benefit patient care.
We don’t pretend any of this is easy, but it’s essential that we persevere to optimize the marriage of health care and technology. Our patients and the public deserve nothing less.
Thomas M. Maddox, M.D., is a cardiologist, professor of medicine, and executive director of the Healthcare Innovation Lab at Washington University School of Medicine in St. Louis and BJC HealthCare. Simon MacGibbon is the CEO and co-founder of Myia Health.
The authors might want to consider this paper published by Woods et al in early 2019 in Journal of Medical Information Research, advocating for a similar Hippocratic oath: https://www.jmir.org/2019/3/e12568/
If tech is to be successful in health care, physicians need to be incorporated into the leadership structure, even if it means slowing down the process.
Here’s a clause for the new Oath, “Identifiable patient data cannot be leaked to insurance companies, employers or other interested parties without the specific consent of the patient.”
For the record, HealtheConnections and the entire SHIN-NY enterprise in New York guards patient data at the highest level and resists offers to open the treasure chest.
Tech likes to disrupt industries. The health care industry, while in need of improvement, will be very resistant to disruption, partly to protect entrenched interests, yes, but also to protect patients and patient care.
Thank you, Dr. Green for sharing this article.
It is truly evident that no good has come from any of this intrusive data collection. The tech industry is looking for data they can monetize, not to benefit humanity. Plenty of physicians used their positions to market and propagandize for these tech corporations at the expense of their patients. Our government refuses to regulate, tax or reign in these greedy unregulated corporations.
We have already seen what they have done with this data, and illegal attempts to get access to even more, have not been treated as criminal acts. Their has been a gold rush to get control of health data, and the healthcare industry sided with corporate greed, over the lives of patients.
Interesting article and a long overdue idea. The same should be true for all aspects of computing, how about AI, or financial transactions. It feels like laws just aren’t enough. Who would you regard as the modern day Hypocrates to write the oath? Is it something that would emerge from an Adboard? If so count me in! HONcode and GDPR are good places to start.
Something else which keeps the medical world in check is Continued Medical Education but in computing this isn’t required for all disciplines, it is more informal or self taught. How might this be made a part of the oath?
This article raises some interesting counter points, do you feel it is true?: http://blognjn.blogspot.com/2010/06/a-hippocratic-oath-or-hypocratic-oath.html
Patients are excluded from health care. According to HIPAA, anything relating to payment, operations, treatment, and research is none of the patient’s business. Since everything can be called treatment, this excludes patients from most everything relating to their health care. Health care entities like it this way because they can operate in secret. Even though I don’t think HIPAA can legally strip patient of their rights, many patients do not know the entire purpose of HIPAA. Patients should have full access to their medical records and patients should control who can view and use their medical data. Entities are making millions from medical data while many patients struggle to even get medical care because they cannot afford it. A major medical event could result in bankruptcy. Health care entities have been operating in secret for so long that it would be impossible to expect them to operate in any other way when it comes to medical data. The patient does not count.