Google (GOOGL  ) has once again come under the scanner for privacy issues, gathering detailed health information on 50 million American patients. The data stems from patients of St. Louis-based Ascension, and was divided among 40 data centers up until now. Now, Google and the Catholic nonprofit are moving the same data into Google's own cloud-computing system.

An anonymous whistleblower recently posted a video online containing a document dump of confidential files relating to the project, as he declared that he "must speak out about the things that are going on behind the scenes."

The problem is that Ascension, without notifying patients or doctors, started sharing personal and identifiable information on a plethora of its patients with Google, without even informing them. Some of the information includes names and dates of birth; lab tests; doctor diagnoses; medication and hospitalization history; and some billing claims and other clinical records.

The way this works is as follows: first, patients check into the doctor's office or senior care center. Then, after being examined, patients' data is fed into the hospital computers. Next, data instantly flows to Google's 'Project Nightingale' system. The system may suggest treatment plans, doctor or staffing changes, additional narcotics or may recommend that Ascension charge a higher fee for trying other procedures. All this happens without explicit patient knowledge.

"I'd like to hope that the result of my raising the lid on this issue will be open debate leading to concrete change," the whistleblower wrote. "Transfers of healthcare data to big tech companies need to be shared with the public and made fully transparent, with monitoring by an independent watchdog."

"The optics are bad. The legal argument is tenuous. Ethically, this is a bad strategy. They need to tell people what they are doing," said Ellen Wright Clayton, a professor of biomedical ethics at Vanderbilt University. If Google performs patient analysis using rogue data outside of the scope of the actual patient care, which the company may have intended to do given it was taking the data without anyone's knowledge, then this could mean big trouble for Alphabet, Inc.