Is there a sense of embarrassment in the background? Fortune reports that the Stanford University Libraries are taking the lead in organizing an academic/industry group to establish ethical guidelines to govern digital health. These grew out of two meetings in July and November last year with the participation of over 30 representatives from health care, pharmaceutical, and nonprofit organizations. Proteus Digital Health, the developer of a formerly creepy sensor pill system, is prominently mentioned, but attending were representatives of Aetna CVS, Otsuka Pharmaceuticals (which works with Proteus), Kaiser Permanente, Intermountain Health, Tencent, and HSBC Holdings.
Here are the 10 Guiding Principles, which concentrate on data governance and sharing, as well as the use of the products themselves. They are expanded upon in this summary PDF:
- The products of digital health companies should always work in patients’ interests.
- Sharing digital health information should always be to improve a patient’s outcomes and those of others.
- “Do no harm” should apply to the use and sharing of all digital health information.
- Patients should never be forced to use digital health products against their wishes.
- Patients should be able to decide whether their information is shared, and to know how a digital health company uses information to generate revenues.
- Digital health information should be accurate.
- Digital health information should be protected with strong security tools.
- Security violations should be reported promptly along with what is being done to fix them.
- Digital health products should allow patients to be more connected to their care givers.
- Patients should be actively engaged in the community that is shaping digital health products.
We’ve already observed that best practices in design are putting some of these principals into action. Your Editors have long advocated, to the point of tiresomeness, that data security is not notional from the smallest device to the largest health system. Our photo at left may be vintage, but if anything the threat has both grown and expanded. 2018’s ten largest breaches affected almost 7 million US patients and disrupted their organizations’ operations. Social media is also vulnerable. Parts of the US government–Congress and the FTC through a complaint filing–are also coming down hard on Facebook for sharing personal health information with advertisers. This is PHI belonging to members of closed Facebook groups meant to support those with health and mental health conditions. (HIPAA Journal).
But here is where Stanford and the conference participants get all mushy. From their press release:
“We want this first set of ten statements to spur conversations in board rooms, classrooms and community centers around the country and ultimately be refined and adopted widely.” –Michael A. Keller, Stanford’s university librarian and vice provost for teaching and learning
So everyone gets to feel good and take home a trophy? Nowhere are there next steps, corporate statements of adoption, and so on.
Let’s keep in mind that Stanford University was the nexus of the Fraud That Was Theranos, which is discreetly not mentioned. If not a shadow hovering in the background, it should be. Perhaps there is some mea culpa, mea maxima culpa here, but this Editor will wait for more concrete signs of Action.