Google was getting ready to publicly release more than 100,000 human X-ray images through a partnership with the US National Institutes of Health, before abandoning the plan last minute after the government agency raised privacy concerns, says a Friday report by The Washington Post.
The project, from 2017, was meant to show off Google's cloud computing and artificial intelligence capabilities. It was scrapped two days before the partnership was set to be announced, after the NIH called Google to tell the company some of the X-ray images still had identifiers like dates and distinctive jewelry.
There was a concern the project could run afoul of the Health Insurance Portability and Accountability Act, or HIPAA, the federal law regulating the security and privacy of certain medical information. Google said it was compliant with the law.
"We take great care to protect patient data and ensure that personal information remains private and secure," a Google spokesperson said. "Out of an abundance of caution, and in the interest of protecting personal privacy, we elected to not host the NIH dataset. We deleted all images from our internal systems and did not pursue further work with NIH."
The NIH didn't respond to a request for comment.
Google has been under intense scrutiny over its medical projects. Earlier this week, the search giant unveiled a partnership with Ascension, the second-largest health care system in the US, that collects patient information from millions of Americans. That includes data on lab results, diagnoses and hospitalization records, and also includes patient names and birth dates. The initiative drew criticism from politicians and has spurred a federal inquiry by the Office for Civil Rights in the Department of Health and Human Services.
Google is making a deeper investment in health services. Earlier this month, the search giant said it's buying Fitbit, a fitness tracker company, for $2.1 billion.
But the search giant has been criticized for its handling of patient information in the past. Two years ago, Google, the University of Chicago and an affiliated medical center struck a partnership that allowed the search giant to use patient data and health records in an attempt to improve predictive analysis. In July, Google, the university and the medical center were hit with a lawsuit after the medical center allegedly shared records with Google without stripping away identifiable information.
For the X-ray project, Google failed to vet the security of the data as it rushed to make the public announcement, the Post reported. The NIH eventually scrubbed the identifiable information and partnered with another big tech company, the cloud storage firm Box, for the X-ray project. In a statement, Box said the partnership complied with the law.
"The NIH and many other leading healthcare organizations use Box for secure content management and collaboration in the cloud," Box said, "taking advantage of our compliance standards, such as HIPAA, and advanced privacy controls."