University of Chicago Implicated in Lawsuit Over Data Breach
The University of Chicago Medical Center in 2017 announced that it was creating a partnership with Google to use data from patients’ electronic medical records to try to make better predictions and advance artificial intelligence in medicine.
"Beginning in 2017, Google set in motion a plan to make its most significant play in the healthcare space. This plan had two key components: (1) obtain the Electronic Health Record (“EHR”) of nearly every patient from the University of Chicago Medical Center from 2009 to 2016; and (2) file a patent for its own proprietary and commercial EHR system that wouldn’t be published until well after it had obtained hundreds of thousands of EHRs from the University."
The EHRs contained deeply personal information such as records revealing not only a person’s height, weight and vital signs, but whether they suffer from diseases like AIDS, cancer, sickle cell, depression, sarcoidosis, or diabetes, or went through a medical procedure like an abortion, transplant, or mastectomy.
It continues with, "The University promised in its patient admission forms that it would not disclose patients’ records to third parties, like Google, for commercial purposes. Nevertheless, the University did not notify its patients, let alone obtain their express consent, before turning over their confidential medical records to Google for its own commercial gain. The University also engaged in a cover up to keep the breach out of the public eye so as to avoid the public backlash. The cover up is particularly egregious because the University had a legal duty to inform its patients and the authorities of the unauthorized transfer of their medical records to Google."