A former Alphabet executive is accusing the company's health tech subsidiary Verily of systematically violating patient privacy laws and then covering it up. Ryan Sloan claims he was fired after reporting that Verily used health data from over 25,000 diabetes patients without authorization, breaching federal HIPAA protections. The whistleblower lawsuit, quietly filed last year but just surfaced, survived Verily's attempt to dismiss it this week.
The bombshell allegations paint a picture of corporate negligence at one of Google's most ambitious health ventures. Sloan, who served as chief commercial officer of Verily's diabetes division Onduo from 2020 to 2023, claims he discovered the violations in January 2022 alongside the unit's general counsel Julia Feldman. According to court documents filed in San Francisco federal court, their investigation revealed "extensive violations" spanning four years.
The breaches weren't minor oversights. Verily allegedly used protected patient information in research studies, marketing campaigns, press releases, and national conferences without proper authorization. The violations affected patients who accessed Verily's Onduo diabetes program through major corporate clients including Walgreens Boots Alliance, Quest Diagnostics, Delta Air Lines, and Highmark Health.
"Between January and March of 2022, internal investigators at Verily confirmed multiple breaches of fourteen separate HIPAA Business Associate Agreements," the filing states. Under federal healthcare privacy laws, companies must notify affected parties within 60 days of discovering a breach. Instead, Verily "decided to delay the decision of notifying the covered entities" and continued contract negotiations with clients "without revealing that a HIPAA breach had recently occurred."
The cover-up allegations are particularly damning. During a contract renewal negotiation with Highmark Health in August 2022, Verily allegedly "represented that it was in compliance with HIPAA at all times, while knowingly concealing that a HIPAA breach had occurred," according to the lawsuit. That same month, the company terminated Feldman and another employee who knew about the breaches.
When Sloan pressed his concerns with Lisa Greenbaum, Verily's then-chief revenue officer, in October 2022, she allegedly defended the decision not to disclose the breaches, saying it would "negatively affect public relations." Greenbaum has since moved to health tech company as chief commercial officer.
