Sundar Pichai, CEO of Google, speaks to the media before the opening of the Berlin representation of Google Germany in Berlin on January 22, 2019. Carsten Koall | Getty Images News | Getty Images

Google has waded into a privacy flap over a partnership with Ascension, a major U.S. hospital network, to collaborate on tools that help make sense of information about patients and help doctors search the medical record. The deal was first disclosed by a Wall Street Journal piece, which explained that 150 Google employees already have access to data on tens of millions of patients without their knowledge or consent. However, it's not clear that the deal represents a major privacy risk. According to six people familiar with the scope of the agreement and an internal Ascension email seen by CNBC, the two companies signed an industry-standard agreement that allows the hospital to share protected health information with Google as long as this information is used only for treating patients. These people asked for anonymity because they were not authorized to discuss the deal with the media. The email also notes that the deal was part of a larger agreement between the companies that included Ascension's use of Google's G Suite set of productivity tools, which competes with Microsoft Office 365. At the same time, one person familiar said some Ascension employees were concerned that some tools that Google is using to import and export data were not compliant with HIPAA privacy standards and that concerned employees did not receive satisfactory answers from Google on this front. Google did not comment on these particular complaints. But it said that it has a wide variety of Google Cloud products that enable compliance with HIPAA — the set of rules that govern how health information is transferred and shared — including some of the products mentioned by the concerned employees. The flap comes as Google makes aggressive strides into the $3.5 trillion health sector, recently agreeing to acquire fitness tracker company Fitbit and announcing a deal with Mayo Clinic. The medical industry is notoriously sensitive when it comes to privacy and security, and Google faces an uphill battle to prove that it can be trusted when it makes the bulk of its money through advertising, which relies on extensive use of customer data.

How the deal came together

Several of the people said the project came together after Ascension spent millions of dollars on a data warehouse project that pulls together clinical information across its patient population. Ascension and Google started their discussions about eight months ago on a set of so-called population health and analytics software to analyze health information in aggregate, and they referred to the broader scope of the work under the code name "Nightingale." On the Google side, the goal was to develop tools to make it easier for doctors to pull up specific patient data in a medical record. David Feinberg, Google Health's vice president, referred to this capability in vague terms at a recent industry conference. The tool, according to a source familiar and screenshots viewed by CNBC, makes it easier for a doctor to look up a specific patient to look at recent test results, medications and more. A Google spokesperson confirmed that it is developing tools "that they could use to help doctors and nurses improve patient care" but did not share further information.