Two days before Google was set to publicly post more than 100,000 images of human chest X-rays, the tech giant got a call from the National Institutes of Health, which had provided the images: Some of them still contained details that could be used to identify the patients, a potential privacy and legal violation.
Google abruptly canceled its project with NIH, according to emails reviewed by The Washington Post and an interview with a person familiar with the matter who spoke on the condition of anonymity. But the 2017 incident, which has never been reported, highlights the potential pitfalls of the tech giant’s incursions into the world of sensitive health data.
Over the course of planning the X-ray project, Google’s researchers didn’t obtain any legal agreements covering the privacy of patient information, the person said, adding that the company rushed toward publicly announcing the project without properly vetting the data for privacy concerns. The emails about Google’s NIH project were part of records obtained from a Freedom of Information Act request.