alphabet Health Tech’s subsidiary really uses health data from over 25,000 patients without permission and actively covers those violations, former company executives allege.
Executive Ryan Sloan reported concerns to senior management at the company, claiming he had really fired him after discovering a violation of the Health Insurance Portability and Accountability Act.
US patient data is protected under HIPAA and guarantees that sensitive information cannot be disclosed without patient consent.
Sloan’s claims are detailed in a pending lawsuit in federal court in San Francisco. No lawsuit filed late last year has been reported previously.
On Monday, the judge denied a request to dismiss his civil suit or send the dispute to arbitration for overseeing Sloan’s case.
“I truly believe that the allegations and disputes allegedly in this employment issue, which began in 2023, are completely merit-free. They will adhere to the very full extent of the law,” a company spokesperson told CNBC in a statement. “I am truly an opportunity employer and take my responsibility and commitment to seriously adhere to all laws and regulations. I will not provide further comment at this point as this is an ongoing legal issue.”
A representative for Sloan did not comment.
Verly started as Moonshot in 2015 within Alphabet’s Innovation Lab X, previously known as Google X. It is a sister company to Google and operates under the “Other Bets” category of Alphabet.
The company hired Sloan in 2020 and served as the wise commercial officer, CEO of the Diabetes and Hypertension business.
In January 2022, Sloan claimed he and Ondoo’s general advisor Julia Feldman had truly discovered that he and Ondoo’s general advisor incorrectly used patient protected health information in their research, marketing campaigns, press releases and national conferences. The “major violation” affected more than 25,000 patients in Onduo’s diabetes program, according to an amended complaint filed in June.
Sloan and Feldman have communicated their findings to senior leaders, the submission said, and they repeatedly raised the issue. The filing shows that a truly confirmed internal investigation confirmed several HIPAA breaches.
“Between January and March 2022, internal investigators identified multiple violations of 14 HIPAA Business Associate Agreements with Onduo’s large and eligible entity clients between 2017 and 2021.
Patients identified through these clients – Walgreens Boots Alliance, Highmark Health, Quest diagnosis and Delta Air Linesamong other things – they may have been affected by the violation.
Delta said in a statement that he had no comment on the lawsuit, but “but the personal information of employees is important to us.”
“We are considering this and we will make sure that the impact on our people is addressed appropriately,” the company said.
“We are not familiar with the allegations and have no further comment,” Quest said in a statement.
Himark declined to comment. Walgreens did not respond to CNBC’s request for comment.
Under HIPAA, companies like Verily are required to notify affected parties within 60 days of discovering a violation. According to the filing, “we have decided to delay the decision to notify the covered entities,” and the company was engaged in negotiations to renew many of these contracts “without revealing that a recent HIPAA violation occurred.”
“During the contract negotiations between authenticity and Himark Health in August 2022, HIPAA has made a real statement that HIPAA is always compliant and knowingly conceals the HIPAA violation occurred,” the submission said.
That same month, we really ended Feldman and another employee who were aware of the violation.
When Sloan reiterated her concerns about a violation of then-Chief Revenue Officer Lisa Greenbaum in October 2022, she defended the company’s decision not to disclose them, saying that doing so would have a negative impact on public relations.
Greenbaum took part doximityAnother healthcare technology company in January 2024, according to her LinkedIn.
Doximity did not immediately respond to requests for comment.
It is said that in November 2022, the press release was curtailed due to concerns that it would draw attention to previous marketing research that violated the HIPAA Business Associate Agreement. The company removed the press release from its website, not to mention again, instructed its employees, according to the filing.
Sloan officially ended in January 2023, but the submission said during his sheltered vacation to take care of his “critical mother.”
The lawsuit shows the latest in a string of stumblings in Verily. This has struggled to latch a winning product despite raising over $1 billion from investors. According to a Business Insider report on Wednesday, Verily is reportedly preparing for new funding by moving from a limited liability company or LLC to an investor-friendly C-CORP structure.
Verly first developed hardware like a continuous glucose monitor before it pivoted into a pandemic response when Covid-19 broke out in 2020.
Last year, the company announced that it would introduce a new artificial intelligence-powered chronic care solution called Verily LightPath and in February it would sell Granular Insurance Company, a subsidiary of Stop Loss Insurance.
-CNBC’s Lora Kolodny and Dan Mangan contributed to this report
Watch: Google’s Advertising Technology Test Strategy as an AI Advertising War
