The data changing hands in the new data-driven healthcare partnership between Google and St. Louis-based health system Ascension runs the gamut from patient names and birth dates to lab results and previous hospitalizations. The duo may have its sights set on using this information to personalize care and lower costs, but data privacy alarms are going off everywhere, raising questions about who really owns patient medical records and whether the benefits of sharing patient data outweigh the risks to the patient/consumer.


But what really are the potential benefits here? Applying the insights extracted from this narrow data set might not be enough to truly impact patient health. Collecting and combining data from outside sources—like those that reveal social determinants of health—could help, but even then, it’s not a slam dunk. Data alone can’t make health improvements happen. Actionable insights are nothing unless they’re acted upon.


Data has the power to transform healthcare, ushering in care delivery improvements, cost reductions and better health outcomes. But to get there, we need to leverage more complete data sets; learn how to turn insights into actions in provider settings and behavioral change throughout patients’ lives; and, perhaps most importantly, sort out the data privacy issues—and it would behoove the industry to do the sorting before regulators do.

Google’s deal with Ascension, dubbed “Project Nightingale,” reportedly started aggregating patient data from data centers spread across the U.S. into Google Cloud without telling patients and physicians, according to The Wall Street Journal. For Ascension, it was likely viewed as a standard data infrastructure upgrade to enable better care delivery, but for patients and regulators, it raised concerns that patient data would be exposed to risk. Most patients can sit comfortably because the partnership’s reach extends only as far as the edges of Ascension’s own patient population. Ascension and Google claim that the data-informed tools exclusively will be reserved for Ascension doctors, but if the model works, the potential for Google-aided partnerships to make a broader impact on healthcare could be enticing. Would that make Ascension patients the test subjects? Google potentially could be thinking along these lines, and laying the foundation to develop the tools to scale and open the door to similar deals with other health systems. Will society allow it? It’s a lot easier to put progress before privacy when your own data privacy isn’t in question.


First, let’s look at what’s behind this deal’s patient privacy issues. Most notably, patients and physicians weren’t notified about the plan to transfer patient data outside the health system. Both Google and Ascension believe that they’re operating within the legal parameters of HIPAA, but a federal regulator isn’t so sure. On an individual level, there are concerns about the 150 Google employees who have been granted access to this data—including personal information like names and dates of birth. What if the data is mishandled? And let’s face it: People have good reason to be worried. Google doesn’t have the best track record when it comes to data privacy, with recent issues like the Google+ user data mishap and ongoing antitrust investigations.


We can’t forget that Google already has data on us, and lots of it. Google handles more than 63,000 internet searches per second, with the average person responsible for three to four searches each day. Google’s “free” email service has a not-so-hidden cost: your personal information. Then there’s the mountains of GPS and location services data associated with Google Maps. Google also recently acquired Fitbit and all of the data collected by its fitness trackers.


With so many data-producing transactions within reach, the search giant certainly has an opportunity to match a patient’s health data to her online behavior, and her health and wellness goals. The deal with Ascension doesn’t allow this type of data matchmaking, but a future partnership could pave the way. And if not Google, maybe we’ll see Amazon make a play to match its treasure trove of shopping behavior data against pharma’s list of prescription drug customers. For a more complete picture of consumer health, Amazon would need to look only as far as the types of food that people select at Whole Foods or the OTC medications regularly added to their carts. Big tech could soon be playing the role of big brother in monitoring our health-related behaviors, with or without consumers’ explicit buy-in. Would that be creepy, or good for society?


Although the proper collection and analysis of data associated with social determinants like access to food and housing still eludes industry leaders, the potential to use this information to improve health outcomes is enticing. If we had a mechanism in place for matching patient records with SDOH data, would we see health systems step in to address patients’ social needs? Let’s say that Google uncovered a social need (like housing) that’s standing in the way of better care. Could Ascension get involved, or is there an avenue to partner with an entity that could? Would Ascension take a cue from UnitedHealth Group’s pilot program that provides housing for homeless people to contain costs and improve care?


When it comes to controlling healthcare costs, it’s not enough to tap pure medical care data because medical care drives just 11% of the health variation in the US. That leaves other factors like SDOH, genetics and behaviors accounting for a whopping 89% of health outcomes. To achieve the greatest value, we need to establish links between a wide variety of patient data from both inside and outside of the clinical setting. That’s a much bigger undertaking than the Google/Ascension partnership. And, of course, a more comprehensive data integration approach would inevitably exacerbate the privacy issues, and that’s something that the tech and healthcare industries should tackle before regulators impose a blanket shutdown in the name of patient privacy protection.

Healthcare data partnerships are increasingly common, and there has been a lot of action in this space lately. Geisinger and IBM have developed a tool to predict a patient’s sepsis risk, informed by the health system’s electronic medical record data. Blue Health Intelligence and the Health Care Cost Institute have joined forces to produce insights that tackle healthcare costs. Allscripts and Norwell Health are co-developing an AI-fortified EHR with a mechanism for clinician feedback. Louisiana-based Ochsner Health System tapped into an AI-based predictive health tool that Epic Systems built with Microsoft. This isn’t Google’s first foray into healthcare data either: Mayo Clinic inked a 10-year partnership to store its data in Google Cloud and gain access to AI and other tech tools.


This is all the more reason for the tech and healthcare industries to address the data privacy issue now. There’s a lot of potential value for the healthcare system as a whole that can be derived from effective data partnerships, but that value will remain out of reach if patient privacy becomes an even more formidable hurdle. And it might, if consumers and regulators start pushing back.


Beyond privacy, another big question is how the insights will get turned into action. Google can’t implement patient-related actions and health systems continue to have a hard time influencing patient behavior once patients leave hospital property. Motivating behavioral change is hard, and the industry isn’t spending enough time connecting healthcare insights to outcomes—but it should.