Google and the 2,600-hospital Ascension health system are collaborating on an effort—dubbed Project Nightingale—that puts identifiable patient data in the hands of the tech giant’s engineers for use in projects on machine learning (ML) and augmented intelligence (AI), often called artificial intelligence.

Google and Ascension say the activities, first reported by Rob Copeland of The Wall Street Journal, are covered by a business associate agreement, which is a long-standing, and legal, way for health care providers to share identifiable data with third parties under the Health Insurance Portability and Accountability Act (HIPAA).

The third parties may only use the data for certain purposes and must protect it as HIPAA requires. Failure to do so can result in direct liability for the business associate. The Department of Health and Human Services’ Office of Civil Rights has announced that it will seek to learn more to ensure that HIPAA protections were fully implemented.

My latest for the AMA. The whole shebang.