"The data involved in Project Nightingale encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth."
Again, I highly doubt the authenticity of that... because if they did, just for the sake of giving it to them... they would be in violation of federal law.
If however, they did something like, Hey we are going to host our data on Google Cloud, and pushed it up to their machines there, that’s not “giving the data to google”...
My bet there is a LOT more to this, that is being reported, because the fines that that would be faced here, would put them out of business if they just handed over data arbitrarily.
Sure there is a LOT more to this than is being reported.
Also from the article:
“But privacy experts said it appeared to be permissible under federal law. That law, the Health Insurance Portability and Accountability Act of 1996, generally allows hospitals to share data with business partners without telling patients, as long as the information is used ‘only to help the covered entity carry out its health care functions.’”
That’s the huge loophole in HIPAA and pretty much makes anything permissible as long as those functions can be demonstrated.