Google should explain why it's collecting mass amounts of health care data on U.S. citizens and ensure the information isn't being taken without permission, said Sen. Steve Daines, R-Mont., in a letter to Google CEO Sundar Pichai Thursday.
In a letter obtained by Fox News, Daines highlights Google's "Project Nightingale," which has the company collecting health data on millions of Americans without sharing the goals of the project.
"While I recognize the value of partnerships that are aimed to personalize medical treatment, reduce health care costs, and improve patient outcomes, one of my top priorities in Congress is upholding the privacy rights of Montanans, and all Americans," Daines wrote.
Google has teamed up with Ascension, a nonprofit health care provider, to create a centralized database of personal health information of Americans in 21 states. The data includes patient history, names, lab results, and diagnoses, among other things. The Department of Health and Human Services has launched an investigation through its civil rights division and is seeking answers from the big tech giant.
HHS launched the probe on Tuesday and "would like to learn more information about this mass collection of individuals' medical records with respect to the implications for patient privacy under [the Health Insurance Portability and Accountability Act of 1996 or HIPAA]," director Roger Severino said in a statement to the Wall Street Journal.
Daines wrote that reports of the HHS investigation underscore the importance of scrutinizing the tech company's possession and use of personal medical information. Daines argued that innovation must be tempered in favor of constitutional rights.
"In light of these reports, I am concerned about how patient information is being collected and stored and believe it is critical that we ensure sensitive health data is handled properly and lawfully," he wrote. "In order to balance the innovation needed to reduce health care costs and provide the best service to patients with the constitutional right to security and privacy of their personal data, I believe there should be severe scrutiny regarding how private health records are utilized."
Daines then listed his concerns one by one and asked Pichai for direct answers on each of them. The Montana Republican asked what steps Google is taking to protect patient health information, what security protections are in place to counterbalance a breach, and demanded to know how Google intends to use the data they collect.
"Why is it necessary for Google to collect and store personally identifiable information to design software as part of Project Nightingale?" Daines asked. "Among the millions of patient records collected by Google through Project Nightingale, are any of these patients children? If so, how many?"
He also asked if patients were even aware of their participation in the program and if consent waivers were ever issued and signed.
"Following completion of the partnership with Ascension, how will Google ensure its employees no longer have access to Ascension health records?" Daines asked.
Fox News reached out to Google and was directed to their blog post about their partnership with Ascension.
"Back in July, on our Q2 earnings call, we announced 'Google Cloud’s AI and ML solutions are helping healthcare organizations like Ascension improve the healthcare experience and outcomes.' Our work with Ascension is exactly that," the post reads.
"A business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers. These organizations, like Ascension, use Google to securely manage their patient data, under strict privacy and security standards. They are the stewards of the data, and we provide services on their behalf."
The document also states Google is following strict federal guidelines when it comes to patient privacy and vows to only use the information it gathers to provide health care services.
"To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data," the post reads.