In this articleGOOGL your favorite stocksCREATE FREE ACCOUNTOmar Marques | Lightrocket | Getty ImagesAlphabet's health subsidiary Verily used the health data of more than 25,000 patients without authorization and actively covered up those violations, a former company executive alleges.
The executive, Ryan Sloan, claims Verily fired him after he discovered breaches of the Health Insurance Portability and Accountability Act, or HIPAA, and reported his concerns to the company's senior management.Patient data in the U.S.
is tected under HIPAA, which ensures the sensitive information cannot be disclosed without a patient's consent.Sloan's allegations are detailed in a pending lawsuit in federal court in San Francisco.
The suit, which was filed late last year, has not been previously reported.On Monday, the judge overseeing Sloan's case denied a request by Verily to dismiss his civil complaint, or to send the dispute to arbitration."Verily believes the allegations and contentions alleged in this employment matter that was commenced in 2023 are completely without merit.
Verily will defend itself to the full extent of the law," a company spokesperson told CNBC in a statement.
"Verily is an equal opportunity employer, and takes its responsibility and commitment to abide by all laws and regulations seriously.
As this is an legal matter, Verily will not be viding further at this time."Representatives for Sloan did not .Verily started as a moon shot in 2015 within Alphabet's innovation lab X, formerly known as Google X.
It's Google's sister company and operates under Alphabet's "Other Bets" category.The company hired Sloan in 2020 to serve as the chief commercial officer of its diabetes and hypertension , Verily Onduo.In January 2022, Sloan alleged that he and Julia Feldman, Onduo's general counsel, discovered Verily had imperly used patients' tected health information in its re, marketing campaigns, press releases and national conferences.
The "extensive violations" affected more than 25,000 patients in Onduo's diabetes gram, according to an am complaint filed in June.
Sloan and Feldman informed senior Verily leaders of their findings, the filing said, and they repeatedly raised the issue.
An internal investigation at Verily confirmed several HIPAA breaches took place, according to the filing."Between January and March of 2022, internal investigators at Verily confirmed multiple breaches of fourteen (14) separate HIPAA Associate Agreements with large, covered entity clients of Onduo between 2017 and 2021," the filing said.Patients who accessed Verily Onduo through these clients – which include Walgreens Boots Alliance, Highmark Health, Quest Diagnostics and Delta Air Lines, among others – may have been affected by the breaches.
Delta said in a statement that it doesn't have a on the suit, "but our employee's personal information is important to us.""We are looking into this and will make sure any impact to our people is appriately addressed," the company said.Quest said in a statement that, "We are not familiar with the allegations and have no further ."Highmark declined to .
Walgreens did not respond to CNBC's requests for .Under HIPAA, companies Verily are supposed to notify impacted parties no later than 60 days after discovering a breach.
Verily "decided to delay the decision of notifying the covered entities," according to the filing, and the company engaged in negotiations to renew many of those contracts "without revealing that a HIPAA breach had recently occurred." "During a contract negotiation between Verily and Highmark Health in August of 2022, Verily represented that it was in compliance with HIPAA at all times, while knowingly concealing that a HIPAA breach had occurred," the filing said.
That same month, Verily terminated Feldman and another employee who was aware of the breaches.When Sloan reiterated his concerns the breaches to Lisa Greenbaum, Verily's then chief revenue officer, in October 2022, she allegedly def the company's decision not to disclose them and said that doing so would negatively affect public relations, the filing said.Greenbaum joined Doximity, another health-care nology company, as chief commercial officer in January 2024, according to her LinkedIn.
Doximity did not immediately respond to CNBC's request for .In November 2022, Verily allegedly suppressed a press release out of concern that it would draw attention to previous marketing studies that violated its HIPAA Associate Agreements.
The company removed the press release from its website and instructed employees not to mention it again, according to the filing.
Sloan was officially terminated from Verily in January of 2023, while on tected leave to care for his "critically ill mother," the filing said.
The lawsuit marks the in a series of stumbles at Verily, which, despite raising more than $1 billion from investors, has struggled to latch onto a winning duct.
Verily is reportedly transitioning from a limited liability company, or an LLC, to an investor-friendly C-Corp structure to prepare for a fresh round of funding, according to a report from Insider on Wednesday.Verily originally developed hardware continuous glucose monitors before pivoting to pandemic response when Covid-19 broke out in 2020, then switched directions again to focus on precision health in 2022.
The company introduced a new artificial intelligence-powered chronic-care solution called Verily Lightpath last year, and announced it was selling its stop-loss insurance subsidiary, Granular Insurance Co., in February.— CNBC's Lora Kolodny and Dan Mangan contributed to this report.Don’t miss these insights from CNBC Nobel winner Joseph Stiglitz has a warning for bond investorsAs traditional 60/40 portfolios get riskier, BlackRock says investors should rethink their allocationsGoldman adds Walmart to September 'conviction list.' Here's who else made the cutNvidia retail buyers are getting exhaustedWATCH: Google’s ad trial strategy as AI advertising war loomswatch now3:0203:02Google's ad trial strategy as AI advertising war loomsCheck