Who would you trust with your most personal health information?
Your doctor? Almost definitely. Your spouse or partner? Probably. Your wider family and friends? Maybe. Your employer? If necessary.
But Google? That's the question many American have been asking over the past week, as it emerged in the Wall Street Journal that the medical data of tens of millions of patients is being transferred to Google from one of the US’s largest healthcare providers.
Ascension is a St Louis, Missouri-based Catholic non-profit organisation that operates a chain of 2,600 healthcare facilities, including 150 hospitals across 21 US states.
It is also involved in clinical and network services, venture capital investing and biomedical engineering among other activities.
Under so-called "Project Nightingale", which began last year, Ascension is sharing records of up to 50 million patients with Google.
Lab results, doctor diagnoses and other records are reported to be among the data and the information is not anonymised - names and dates of birth are also said to be included.
150 or more employees at Google have access to the records, it was reported, while a further 150 people are working on the project on the Ascension side.
Why has Ascension given Google the information?
In a blog post Google said that it is moving Ascension’s infrastructure to Google Cloud, the company’s cloud computing service, in an effort to modernise the healthcare provider’s infrastructure.
Second, Google said Ascension will be using its G Suite productivity tools, to enable employees to communicate and collaborate in real-time.
And finally, Google intends to develop and build new tools for Ascension to support "clinical quality and patient safety", using artificial intelligence and machine learning technology.
In other words, tools that could help Ascension’s doctors and nurses more quickly and easily access relevant patient information.
Google said it is being paid for the work, although it has not said how much or whether it is charging for all of it.
But the move is being seen as a big effort by Google to gain a foothold in the healthcare industry, particularly through the storage and management of patient data, an aspiration it has alluded to in the past.
Media reports have suggested that some of those working on the project are unhappy that patients have not been told about the situation and are concerned about possible breaches of data privacy laws.
But Google said all of the work adheres to industry-wide regulations regarding patient data "and comes with strict guidance on data privacy, security and usage.
"To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data."
Those seem like strong reassurances and only time will tell whether Google and Ascension are indeed complying with all their obligations, as the activities come under intense scrutiny from regulators and others in the US.
But regardless of whether they are compliant or not, the question remains, will the words of comfort be sufficient to calm worried and annoyed patients about the ever creeping tentacles of tech companies over medical privacy?
People are understandably skeptical about tech companies motives when it comes to data collection, and when that is sensitive information relating to health, the reasons for concern are heightened.
Google already has history in this area.
Two years ago, the transfer of 1.6m patient records from the Royal Free Hospital in London to Google’s AI arm, DeepMind Health, was called out as having an inappropriate legal basis by Britain’s data watchdog.
And don’t forget, it recently announced that it is buying wearable fitness tracker manufacturer, Fitbit.
However, Google is not alone in pushing hard in the exciting and quickly evolving area of AI and health.
Apple is rapidly expanding its healthcare initiatives - one only has to look at the way its Watch is evolving for evidence.
It has also just launched three health studies in the US that will use a research app along with iPhone and Watch to gather data on women’s health, heart and movement and hearing.
It is a double-edged sword.
On the one hand, medical advances of the present and the future are increasingly being driven by technology, particularly AI and machine learning tools running in the cloud.
Big data analytics is being used to improve many diagnostic and treatment options at an incredible pace.
Few would argue that is a bad thing. But to build those new tools, healthcare and technology companies require data, and huge amounts of it.
Building robust data protection and privacy safeguards into such processes is therefore of paramount importance.
Patient consent and information is also key.
Fortunately, we in Europe have robust rules in this regard in the EU’s General Data Protection Regulation (GDPR) which came into force in May last year.
Does that mean that Google (or indeed others) could not do here what it is doing in the US with Ascension?
Google wouldn’t comment on whether it is engaged in anything similar here or not.
Sources say they have heard of tech companies offering services to health service providers in Ireland, but nothing like in the Google case.
"My understanding is that since GDPR its not possible, unless a patient has explicitly consented to it," said Professor Brian Caulfield, director of the SFI-funded Insight Centre for Data Analytics.
He was surprised by the Google/Ascension case in the US, particularly that the data was not anonymised.
"If a lot of Google’s tools and technology were applied to a dataset of that sort there is a lot we could learn and that could be used for the public good," he said.
"To my mind we shouldn’t be scared as individuals of sharing our data with honest actors who are trying to leverage the power of big data to make our lives better."
But the question in such circumstances, Professor Caulfield added, is what is the trade-off?
"Are we willing to cede control of our data to derive the benefit?" he pondered.
The Data Protection Commission (DPC) has already been exploring these types of issues in relation to Genomics Medicine Ireland, a privately owned but State-backed company that plans to collect the DNA of hundreds of thousands of people in order to find new treatments and diagnostics.
Sources close to the DPC said in cases such as the Google/Ascension one, the commission would expect to hear from those involved before such a project was established.
Protection standards would also be higher in such a scenario, because of the sensitivity of the data concerned - a legal basis would be required for gathering, processing and storing the data.
Transparency would also be key - everyone whose data was involved would have to know what was happening, the source said.
What does the HSE think about all of this and has it ever shared patient data with a tech company in this way?
It said it has strict information security policies and procedures in place to ensure information about patients is safe, whether it is held in paper or electronic format, and is bound by confidentiality and the data protection laws.
"We are committed to ensuring that patients’ information is secure with us and with the third parties who act on our behalf," it said in a statement.
"We have a number of security precautions in place to prevent the loss, misuse or alteration of patients’ information. All staff working for the HSE have a legal duty to keep information about patients confidential and staff are trained in information security and confidentiality."
The health service also said that personal data can only be processed fairly, lawfully and in a transparent manner and that data can only be obtained for specified, explicit, lawful, and legitimate purposes, and cannot be further processed in any manner incompatible with those purposes.
The responses from some of the bigger private hospital groups here to the same questions were a little clearer.
The Bon Secours Group said that because of GDPR there would not be any sharing of patient data by its hospitals with third parties and it has no such interactions with technology companies.
The Mater Private Group said it is currently not in any collaboration with a tech company on anything similar to the Google/Ascension partnership.
The Private Hospitals Association said such issues were a matter for individual hospitals.
Clearly though, this is an issue which is only going to grow in significance over the coming years and so too will the debate around it.
Coincidentally, German Chancellor Angela Merkel suggested during the week that Europe needs to seize control of its data from Silicon Valley tech giants, by developing its own platform to manage data and reduce reliance on US cloud services run by companies like Google, Microsoft and Amazon.
But such developments will not happen overnight.
In the meantime, hospitals, patient advocates, tech companies, data protection authorities and Government will, if they haven't already, have to formulate and implement policies around the matter.
Personal privacy is a fundamental right which has to be protected. But if we want to improve our health care standards and develop new diagnostic tools and medicines, then we will have to decide what level of data we are willing to share, and crucially with who.
Comments welcome via Twitter to @willgoodbody