It's 2019. Do you know where your private health data is?

In the clutches of Google, quite possibly, according to a new report (at least, if you're one of tens of millions of Americans living in 21 U.S. states and the District of Columbia).

It's all thanks to Project Nightingale, a venture from Google and health care giant Ascension that began last year but has just been revealed, according to The Wall Street Journal.

"A complete health history."

Among the data the nation's second-largest health care giant reportedly is sharing with the most prominent division of its third-largest tech company:

  • lab results;
  • doctor diagnoses,;
  • hospitalization records, among other categories;
  • patient names and dates of birth.

In other words, according to the Journal, it all "amounts to a complete health history."

Most concerning, perhaps, is that none of the "tens of millions" of patients whose health data was shared with Google were informed of the plan, nor were their doctors. (However, about 150 Google employees have access to "much of the data.")

Google's purpose: "in part, to design new software, underpinned by advanced artificial intelligence and machine learning, that zeroes in on individual patients to suggest changes to their care," according to Rob Copeland? of the Journal.

"Your health information belongs to you."

Separately, of course, Google also recently announced it will acquire Fitbit for $2.1 billion, which means it will have access to other health data for more than 25 million active users.

I say "separately" in that it's a different deal. Google, like all the big tech companies, has an interest in getting more strongly into health care. 

Google tried this before, in a way, with Google Health, which lasted from 2008 to 2011. That was a very different product and its intended purpose was different.

Its homepage is long gone, but I found a trace of it on the Internet Archive. Here's an interesting line from it:

"We believe that your health information belongs to you, and you should decide how much you share and whom you share it with."

The reporting Monday would suggest the company is now taking a different view. However, the Journal also reported that "privacy experts" said Project Nightingale doesn't seem to violate federal law:

"[T]he Health Insurance Portability and Accountability Act of 1996, generally allows hospitals to share data with business partners without telling patients, as long as the information is used 'only to help the covered entity carry out its health care functions.'"

Either 19 or 21 states.

The focus on software and AI to improve patient care shows there's a positive intent behind this whole thing, even if the idea of your information being used without your knowledge is worrisome.

On Monday, after the story broke in the Journal (months after Google and Ascension started working together), Ascension issued a 435-word statement confirming at least part of the deal: 

"Ascension, one of the nation's leading nonprofit health systems, is working with Google to optimize the health and wellness of individuals and communities, and deliver a comprehensive portfolio of digital capabilities that enhance the experience of Ascension consumers, patients, and clinical providers across the continuum of care."

I reached out to both Google and Ascension separately for comment or additional confirmation. Neither company got back to me -- even to answer a question about which states Ascension actually operates in.

Both the Journal story and Ascension's website say it's 21 states plus Washington, D.C., but the website only actually lists 19 states plus D.C.

For what it's worth, those states are Alabama, Arkansas, Florida, Georgia, Illinois, Indiana, Kansas, Kentucky, Louisiana, Maryland, Michigan, Minnesota, Mississippi, Missouri, New York, Oklahoma, Tennessee, Texas, and Wisconsin.