Inside Google Cloud
Our partnership with Ascension
Editor's note: This blog post was amended to include FAQ on 11/12/19.
Today, we’re proud to announce more details on our partnership with Ascension, one of the nation’s leading non-profit health systems, to support them with technology that helps them to deliver better care to patients across the United States. There’s been a good deal of speculation on this partnership, so we want to make sure everyone has the facts.
First: What is the work we’re doing with Ascension? Back in July, on our Q2 earnings call, we announced “Google Cloud’s AI and ML solutions are helping healthcare organizations like Ascension improve the healthcare experience and outcomes.” Our work with Ascension is exactly that—a business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers. These organizations, like Ascension, use Google to securely manage their patient data, under strict privacy and security standards. They are the stewards of the data, and we provide services on their behalf.
Our work with Ascension focuses on three things:
Shifting Ascension’s infrastructure to the cloud: The partnership will modernize Ascension’s infrastructure, enabling them to migrate their on-premise data warehouse and analytics environments to their own private and secure Google Cloud environment. Key elements of this work will focus on network and system connectivity, data integration, privacy and security, and compliance.
Using G Suite productivity tools: This will enhance Ascension employees’ ability to communicate and collaborate securely in real time, supporting interdisciplinary care and operations teams across Ascension sites of care.
Extending tools to doctors and nurses to improve care: We aim to provide tools that Ascension could use to support improvements in clinical quality and patient safety.
Second: What about patient data? All of Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and come with strict guidance on data privacy, security and usage. We have a Business Associate Agreement (BAA) with Ascension, which governs access to Protected Health Information (PHI) for the purpose of helping providers support patient care. This is standard practice in healthcare, as patient data is frequently managed in electronic systems that nurses and doctors widely use to deliver patient care. To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data.
Finally: Some of the solutions we are working on with Ascension are not yet in active clinical deployment, but rather are in early testing. This is one of the reasons we used a code name for the work—in this case, “Nightingale.”
It’s understandable that people want to ask questions about our work with Ascension. We’re proud of the important work we’re doing as a cloud technology partner for healthcare companies. Modernizing the healthcare industry is a critically important task, with the ultimate result not just digital transformation, but also improving patient outcomes and saving lives.
Updates as of 11/12/19
We continue to receive questions from media, policy makers, healthcare providers, and others on our work with Ascension. This FAQ below addresses details around the project and how we protect patient data. For more information on Google’s approach to privacy, please visit our privacy web page.
Q: What did Google and Ascension announce this week?
A: Ascension, one of the nation’s leading non-profit health systems, is working with Google to optimize the health and wellness of individuals and communities through technology. The goal of the partnership is to enhance the experience of patients and clinical providers across the continuum of care, improving outcomes and saving lives.
Q: What is Ascension doing with Google technology?
A: In addition to moving its infrastructure to Google Cloud and its productivity software to G Suite, Ascension is also working with Google to pilot tools for doctors and nurses to use in patient care. Specifically, we are piloting tools that could help Ascension’s doctors and nurses more quickly and easily access relevant patient information, in a consolidated view.
Q: Was your work with Ascension a secret?
A: Our work with Ascension was not a secret. In fact, we first announced our partnership with Ascension in July, on our Q2 earnings call. And, as Ascension has stated, they informed acute care administrative and clinical leaders across their organization on the work, held enterprise-wide webinars, and briefed clinical leaders of their employed physician group in detail. In addition, Ascension directly engaged many front-line nurses and clinicians on the project.
Q: What does the name “Nightingale” come from?
A: It’s actually the code name that both parties are using for this project, nothing more. We use code names for many different things--customers, products, etc.
Q: How much was the deal?
A: We’re not disclosing any financials.
Q: Is Google charging for these services?
A: Yes. Google is delivering services as part of a commercial contract with Ascension, just like any other work we do with healthcare providers.
Q: Is this Ascension agreement unique? What else is Google doing in the healthcare space?
A: Google works with dozens of other healthcare providers. These organizations use our technology to help them organize their healthcare data and make this crucial information useful and secure.
Q: How do you ensure the privacy of patient data?
A: There are several key aspects of our approach with Ascension:
Data is logically siloed to Ascension, housed within a virtual private space and encrypted with dedicated keys.
Patient data remains in that secure environment and is not used for any other purpose than servicing the product on behalf of Ascension. Specifically, any Ascension data under this agreement will not be used to sell ads.
There are access logs for any individual who might come in contact with PHI in the process of helping Ascension configure and test tools, to ensure all policies are followed.
Finally, these systems are included in Google’s annual compliance audits for ISO 27001 certification and SOC2/3. These are procedures in which external auditors check that we have the systems and processes in place to guarantee access control, data isolation, logging, and auditing.
Q: Some media outlets have reported that BAAs did not exist between Google and Ascension, or were just recently signed. Is that true?
A: Absolutely not. We’ve had BAAs in place with Ascension from the very beginning of our work together.
Q: Do Google employees have access to Protected Health Information (PHI)? If so, why?
A: A limited number of Google employees have been approved by Ascension to potentially handle PHI, in order to provide the services to Ascension. Because every health system is different, and the data is very complex and non-standardized, we need to configure and tune our processing systems to ensure correct product operations and patient safety.
Q: Is any Ascension patient data combined with Google consumer data?
A: No. In accordance with HIPAA and the BAA we sign with our customers, patient data cannot be used for any other purpose than for provisioning the tools specific to the customer. Google ensures that the data is kept securely in accordance with the product’s HIPAA obligations and ISO certification (here).
Q: Does Google combine patient data across customers?
A: No. We are building tools that a single customer (e.g., a hospital or primary care group) can use with their own patients’ data. The data is siloed, access controlled, and auditable. We do not combine data across partners, and we would not be allowed to under our agreements or the law.
Q: Does Google have any response to the federal inquiry?
A: We are happy to cooperate with any questions about the project. We believe Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and comes with strict guidance on data privacy, security, and usage.