Verily's COVID-19 Screening Website Leaves Privacy Questions Unanswered

One week after Alphabets Verily launched its COVID-19 screening website, several unanswered questions remain about how exactly the project will collect, use, and retain peoples medical information.

Verily, a healthcare data

subsidiary of Google's parent company Alphabet, has until now operated its Project Baseline as a way to connect potential participants with clinical research. Now, after a confused roll-out, Verilys Baseline COVID-19 Pilot Program screening and testing website allows users to fill out a multi-question survey about their symptoms and, if they are eligible, directs them to testing locations in a few counties in California.

After a letter from Congress and multiple blog posts, press statements, and not one but two FAQs from Verily, users still do not have enough information about how using this service will affect their medical privacy. So, we have a few questions of our own.

Why does using the site require a Google account?

While the United States is in dire need of more testing, individuals access to this critical health service should not hinge on whether or not they have created an account and shared information with the worlds biggest advertising company.

But you cant use the Verily screening website without a Google account: users must either log into their existing Google account, or create a new one, before filling out the screening survey. Verily representatives have claimed this is necessary to authenticate users and contact them during the screening and testing process. However, Verily has not explained why a Google account is uniquely suited to identifying patients, or why the project cannot use other less invasive forms of identification.

What will Verily do with your information?

Verily assures users that the medical information they input as part of the screening service will not be linked with their Google account data without separate or explicit consent. However, the screening websites FAQ page says that information may be shared with certain service providers engaged to perform services on behalf of Verily, which includesyou guessed itGoogle.

Verily also assures users that their information will not be used for advertising. What Verily will use that information for, however, is broad and unclear. Its privacy policy lists commercial product research and development, as a potential use, and the Project Baseline FAQ lists similarly vague uses, including to provide insights about your health, conduct and publish research on health and disease, and build new tools, technologies, products, and partnerships related to health and disease. Without explicit written documents memorializing these data use protocols, users have little reassurance that Verilys uses of their health data will be tailored, appropriate, or privacy-protective.

Who is Verily sharing data with?

Verily states that it will not share any information with insurance or medical providers, which is a good start. However, Verily outlines other potential recipients of users information:

The information you choose to provide during the screening process or testing process may also be shared with the healthcare professionals at the specimen collection sites, the clinical laboratory that processes specimens, the California Department of Public Health, and potentially other federal, state, and local health authorities, as requested or mandated for public health purposes.

While Verily has beenclearer about the healthcare professionals and labs it partners with, it does not detail what other federal, state, and local health authorities include. What is Verilys relationship with the U.S. government? Would ICE, for example, have access to user data under any circumstances? The only thing that's clear here is that Verily is lumping federal, state, and local public health agencies into one undifferentiated mass, and that is unacceptable.

Verily also fails to provide more information about its relationship with the California Department of Public Health. Is there a written Memorandum of Understanding that lays out how data will flow between Verily and state health authorities?

Instead of FAQs and a privacy policy filled with vague predictions of how information may be shared, the public needs detailed documentation of how each of these relationships could play out.

Does using this service opt you in to Verilys Project Baseline?

In addition to Project Baseline, where the COVID-19 screening site is hosted, Verily has its Baseline Platform, Baseline Registry, and Baseline Community.

After completing the screening survey on the website, users are asked if they would like to participate in Verilys Baseline Community, which spokespeople have told the press will enable you to participate in creating new knowledge that is critically important to the health of all of us in the face of the COVID-19 pandemic. Statements go on to say that participation in Baseline Community is completely voluntary, and imply that users information is shared with California public health authorities regardless.

Its unclear how these various Verily services intersect with the screening website, and how those relationships may or may not change in the future. Concerns about such internal relationships are especially critical given Googles healthcareambitions and previous scrutiny in this area.