In 2017, Google was two days away from posting 112,000 chest X-rays taken of more than 30,000 patients on public servers before last-minute privacy concerns put a stop to the project.
The X-rays were part of a program conducted with the National Institutes of Health to see if Google’s machine learning tools could be used to better identify disease markers using visual information.
The X-rays were collected at a government research hospital in Bethesda, Maryland where a large number of clinical research studies were being conducted.
In 2017, Google was working with the NIH to collect more than 112,000 chest X-rays for a machine learning project meant to train computers how to identify visual disease markers
According to a new report in The Washington Post, based on emails obtained through a Freedom of Information Act request, Google and NIH began collaborating on the project in the summer of 2017 and were hoping to reveal findings from the project at an artificial intelligence conference in Hawaii on July 21.
The X-rays were analyzed by Google’s TensorFlow, an open source machine learning software that was developed by the Google Brain Team in 2015.
NIH staff worked to make sure each X-ray was cleared of any personally identifying information, as the X-rays were planned to be hosted on Google’s public servers at the start of the conference.
Two days before the conference was to begin, NIH staffers alerted Google that several dozen chest X-rays they’d previously cleared still had information attached they feared could be used to identify the patient, including dates and distinctive jewelry.
Around the same time, lawyers at Google raised concerns about the company’s potential liability for sharing the X-ray data.
Google and the NIH were going to announce their joint project at a conference on July 21, 2017, but two days before the conference was to start, NIH staffers raised concerns that some of the X-rays still had personally identifying information on them
The NIH has authority to share medical information with external consultants for research projects providing patients have signed waivers, but it’s unclear whether that authority would have allowed Google to publish the X-rays on public servers.
Google’s lawyers were worried the X-rays might be protected under the Health Insurance Portability & Accountability Act.
After learning of the NIH’s concerns, Google decided to delete the X-ray files from its servers and told the NIH it wouldn’t continue with the X-ray program.
Google’s lawyers also raised concerns that the NIH program may expose them to liabilities under HIPAA
In an internal post-mortem following the cancellation, Google concluded the company had moved too quickly with the project and hadn’t spent enough time legally vetting it before scheduling a public announcement.
‘We take great care to protect patient data and ensure that personal information remains private and secure,’ Google’s Michael Moeschler told The Washington Post about the project.
‘Out of an abundance of caution, and in the interest of protecting personal privacy, we elected to not host the NIH dataset.’
‘We deleted all images from our internal systems and did not pursue further work with NIH.’
Earlier this month,an even larger health data collection program at Google was revealed.
Called Project Nightingale, the initiative saw the company collecting names, birthdates, and hospital records from tens of million of people in 21 states across America.
A Google spokesperson said the project was legal.
According to a report in the Wall Street Journal, the project was meant to improve the company’s artificial intelligence initiatives and give personally-tailored healthcare recommendations to patients.
According to the report, neither doctors nor patients were aware of the data collection program.
The news broke just days after Google announced a bid to buy FitBit, the popular fitness tracker, whose devices track a range of biometric data, including heart rate, blood pressure, weight, and the number of steps taken in a day.
