Dinerstein vs Google: A case study for the WHO

Publikation: Bidrag til bog/antologi/rapportKonferencebidrag i proceedingsForskningfagfællebedømt

Standard

Dinerstein vs Google: A case study for the WHO. / Corrales Compagnucci, Marcelo; Gerke, Sara; Minssen, Timo.

Ethics and Governance of Artificial Intelligence for Health: WHO Guidance. Geneva : World Health Organization, 2021. s. 38.

Publikation: Bidrag til bog/antologi/rapportKonferencebidrag i proceedingsForskningfagfællebedømt

Harvard

Corrales Compagnucci, M, Gerke, S & Minssen, T 2021, Dinerstein vs Google: A case study for the WHO. i Ethics and Governance of Artificial Intelligence for Health: WHO Guidance. World Health Organization, Geneva, s. 38. <https://www.who.int/publications/i/item/9789240029200>

APA

Corrales Compagnucci, M., Gerke, S., & Minssen, T. (2021). Dinerstein vs Google: A case study for the WHO. I Ethics and Governance of Artificial Intelligence for Health: WHO Guidance (s. 38). World Health Organization. https://www.who.int/publications/i/item/9789240029200

Vancouver

Corrales Compagnucci M, Gerke S, Minssen T. Dinerstein vs Google: A case study for the WHO. I Ethics and Governance of Artificial Intelligence for Health: WHO Guidance. Geneva: World Health Organization. 2021. s. 38

Author

Corrales Compagnucci, Marcelo ; Gerke, Sara ; Minssen, Timo. / Dinerstein vs Google: A case study for the WHO. Ethics and Governance of Artificial Intelligence for Health: WHO Guidance. Geneva : World Health Organization, 2021. s. 38

Bibtex

@inproceedings{60f8815746fc43c5bd1ccc52c52948c5,
title = "Dinerstein vs Google: A case study for the WHO",
abstract = "Google announced a strategic partnership with the University of Chicago and the University of Chicago Medicine in the USA in May 2017. The aim of the partnership was to develop novel machine-learning tools to predict medical events such as unexpected hospital admissions. To realize this goal, the University shared hundreds of thousands of “de-identified” patients{\textquoteright} records with Google. One of the University{\textquoteright}s patients, Matt Dinerstein, filed a class action complaint against the University and Google in June 2019 on behalf of all patients whose records were disclosed.Dinerstein brought several claims, including breach of contract, against the University and Google, alleging prima facie violation of the US Health Insurance Portability and Accountability Act. According to an article published in 2018 by the defendants, the patients{\textquoteright} medical records shared with Google “were de-identified, except that dates of service were maintained in the (...) dataset”. The dataset also included “free-text medical notes”. Dinerstein accused the defendants of insufficient anonymization of the records, putting the patients{\textquoteright} privacy at risk. He alleged that the patients could easily be re-identified by Google by combining the records with other available data sets, such as geolocation data from Google Maps (by so-called “data triangulation”). Moreover, Dinerstein asserted that the University had not obtained express consent from each patient to share their medical records with Google, despite the technology giant{\textquoteright}s commercial interest in the data.The issue of re-identification was largely avoided by the district judge, who dismissed Dinerstein{\textquoteright}s lawsuit in September 2020. The reasons given for dismissal included Dinerstein{\textquoteright}s failure to demonstrate damages that had occurred because of the partnership. This case illustrates the challenges of lawsuits related to data-sharing and highlights the lack of adequate protection of the privacy of health data. In the absence of ethical guidelines and adequate legislation, patients may have difficulty in maintaining control of their personal medical information, particularlyin circumstances in which the data can be shared with third parties and in the absence of safeguards against re-identification.",
author = "{Corrales Compagnucci}, Marcelo and Sara Gerke and Timo Minssen",
year = "2021",
language = "English",
isbn = "978-92-4-002921-7",
pages = "38",
booktitle = "Ethics and Governance of Artificial Intelligence for Health",
publisher = "World Health Organization",
address = "Switzerland",

}

RIS

TY - GEN

T1 - Dinerstein vs Google: A case study for the WHO

AU - Corrales Compagnucci, Marcelo

AU - Gerke, Sara

AU - Minssen, Timo

PY - 2021

Y1 - 2021

N2 - Google announced a strategic partnership with the University of Chicago and the University of Chicago Medicine in the USA in May 2017. The aim of the partnership was to develop novel machine-learning tools to predict medical events such as unexpected hospital admissions. To realize this goal, the University shared hundreds of thousands of “de-identified” patients’ records with Google. One of the University’s patients, Matt Dinerstein, filed a class action complaint against the University and Google in June 2019 on behalf of all patients whose records were disclosed.Dinerstein brought several claims, including breach of contract, against the University and Google, alleging prima facie violation of the US Health Insurance Portability and Accountability Act. According to an article published in 2018 by the defendants, the patients’ medical records shared with Google “were de-identified, except that dates of service were maintained in the (...) dataset”. The dataset also included “free-text medical notes”. Dinerstein accused the defendants of insufficient anonymization of the records, putting the patients’ privacy at risk. He alleged that the patients could easily be re-identified by Google by combining the records with other available data sets, such as geolocation data from Google Maps (by so-called “data triangulation”). Moreover, Dinerstein asserted that the University had not obtained express consent from each patient to share their medical records with Google, despite the technology giant’s commercial interest in the data.The issue of re-identification was largely avoided by the district judge, who dismissed Dinerstein’s lawsuit in September 2020. The reasons given for dismissal included Dinerstein’s failure to demonstrate damages that had occurred because of the partnership. This case illustrates the challenges of lawsuits related to data-sharing and highlights the lack of adequate protection of the privacy of health data. In the absence of ethical guidelines and adequate legislation, patients may have difficulty in maintaining control of their personal medical information, particularlyin circumstances in which the data can be shared with third parties and in the absence of safeguards against re-identification.

AB - Google announced a strategic partnership with the University of Chicago and the University of Chicago Medicine in the USA in May 2017. The aim of the partnership was to develop novel machine-learning tools to predict medical events such as unexpected hospital admissions. To realize this goal, the University shared hundreds of thousands of “de-identified” patients’ records with Google. One of the University’s patients, Matt Dinerstein, filed a class action complaint against the University and Google in June 2019 on behalf of all patients whose records were disclosed.Dinerstein brought several claims, including breach of contract, against the University and Google, alleging prima facie violation of the US Health Insurance Portability and Accountability Act. According to an article published in 2018 by the defendants, the patients’ medical records shared with Google “were de-identified, except that dates of service were maintained in the (...) dataset”. The dataset also included “free-text medical notes”. Dinerstein accused the defendants of insufficient anonymization of the records, putting the patients’ privacy at risk. He alleged that the patients could easily be re-identified by Google by combining the records with other available data sets, such as geolocation data from Google Maps (by so-called “data triangulation”). Moreover, Dinerstein asserted that the University had not obtained express consent from each patient to share their medical records with Google, despite the technology giant’s commercial interest in the data.The issue of re-identification was largely avoided by the district judge, who dismissed Dinerstein’s lawsuit in September 2020. The reasons given for dismissal included Dinerstein’s failure to demonstrate damages that had occurred because of the partnership. This case illustrates the challenges of lawsuits related to data-sharing and highlights the lack of adequate protection of the privacy of health data. In the absence of ethical guidelines and adequate legislation, patients may have difficulty in maintaining control of their personal medical information, particularlyin circumstances in which the data can be shared with third parties and in the absence of safeguards against re-identification.

M3 - Article in proceedings

SN - 978-92-4-002921-7

SP - 38

BT - Ethics and Governance of Artificial Intelligence for Health

PB - World Health Organization

CY - Geneva

ER -

ID: 273287554