Google said that any personalized data will only be seen by select staff that "undergo HIPAA and medical ethics training, and are individually and explicitly approved by Ascension for a limited time." It also uses audits that are "designed to prevent the data from leaving this environment," and added that patent data access is "monitored and auditable."

Our Business Associate Agreement with Ascension ensures their patient data cannot be used for any other purpose than for providing our services—this means it's never used for advertising. We've also published a white paper around how customer data is encrypted and isolated in the cloud.

Furthermore, Google said patient data is only used by Google Health to provide services, and "never used for advertising." It has also published white paper showing how customer data is encrypted and isolated in the cloud.

Congress wasn't convinced, however. In a letter to Google, four Democratic leaders said the agreement was "disturbing," particularly because Ascension hadn't notified patients about the partnership. The group demanded more information via briefings by December 6th.

The report arrived shortly after Google announced that it was buying Fitbit, meaning it could receive significantly more consumer data in the areas of health and fitness. Consumer confidence in Google isn't exactly sterling, and scientists are concerned that Project Nightingale will erode consumer trust. "At some point, all of the research will get a bad name," Swiss bioethicist Effy Vayena told Nature. "With these incidents, we undermine public trust to this whole enterprise. We have to be really careful."