Today I want to tell you why I think that health related applications on the internet should have not only some "Good Housekeeping Seal of Approval" but should also take an oath similar to the one I took when I graduated from medical school.
On it's face, there will likely be 3-4 camps reading this. One will automatically dismiss this as the "Web services" aren't providing diagnosis or treatment. My counter to them is that I said "similar to" the hippocratic oath I swore to. We'll call it the HippocraticWeb oath.
The second camp of people will say "This is a fantastic idea but aren't there services like this that certify web content?" My answer to them is that this is not a certification of web content. Further, we all know those services like HONcode that certifies trustworthy information. Instead this will act as a code of ethics which the consumer of the health service will understand to mean a reputable business who has taken an oath which will work in the interests of the consumer.
The third camp will say "Shouldn't the government be doing this?" My answer is: It hasn't. And how could one government govern the world and the internet? That is foolish. Instead, the web should do as those in the professions have done. Govern themselves with codes of honor and oaths which are publicly available. And no I don't mean "Don't be evil"
I mean a certifiable oath that speaks about the actions of the business housing your health and medical data. I mean an oath that governs corporate decision making about whom to sell or share your data with. Not in a way that will make them the most money, but in a way that protects you, the person. After all, you paid to have access to your data, whether that be an LDL cholesterol, a blood pressure, a REM sleep cycle, a whole genome or what have you.
Why do we need such a code?
In my Nature Biotech piece I explain the dilemma with using web services for health purposes. Corporate interests are not designed primarily for the benefit of customers. They are primarily designed for the benefits of the corporation, whether that be 23andMe who just made a hash of an unnanounced TOS change (In this way there should be an offset to consumer.Which 23andSerge finally came around to because of public outcry)
Or it be flagrant sharing of your data without your permission through privacy leaks or hacking. (IMHO Insurers should have given millions of dollars back to members for their leaks and gaffes)
Why? Health companies have to do this already. But where does that money go? Further, how do I know that someone will do the right thing with my data when there is a breach? This Oath would allow the best of class to accept responsibility for their actions.
Don't think it doesn't happen? Check it out here. And this exempts companies like 23andMe or Livestrong.com. Why. Because they are not governed by HIPAA or HiTECH!
I am not proposing further regulation here. All I am asking for is that these businesses purporting to help us maximize our health "Man Up" so to speak and all swear an Oath, The HippocraticWeb Oath.
The HippocraticWeb Oath
I swear by that which I hold most sacred, that I will fulfill according to my ability and judgment this oath and this covenant:
I will apply reasonable measures to protect the welfare of the customers whose information I keep; I will keep in mind that this data they have granted me access to is theirs. Should I wish to own this, I will compensate the customer fairly.
I will neither use this data as means of blackmail or coercion of customer. Nor will I engage in business with a company who has or intends to.
I will not use the information in a legal proceeding unless receiving subpoena and properly notifying the customer of such request. In reasonable and fair time frame to the customer.
I will not change terms or service, business plans or custodians of data without giving proper notice to affected customers, allowing them time to air grievances prior to making the business decision.
What I may see or hear in the course of business in regard to the life of customers, which on no account one must spread abroad, I will keep myself holding such things shameful to be spoken about.
If I fulfill this oath and do not violate it, may it be granted to me to enjoy life and art, being honoured with fame among all men for all time to come; if I transgress it and swear falsely, may the opposite of all this be my lot inclusive of compensation to my customers.That's it. Who would be averse to having something like this? It is a simple statement ensuring that the people who have access to your data will use it properly and compensate you if the transgress.
If you believe in what I am proposing please email me steven(dot)murphy(at)Greenwichdocs(dot)com I am currently working out how to implement this very important piece of trust into corporate ethic and standards when it comes to health and medical companies that provide health and medical services over the internet. This company should not be owned or part of any corporate consortium to "Get out in front" of this. Rather it should be a non for profit headed by a well balanced board of advisors. So, are you interested?
Warmly,
Steven A.R. Murphy MD
p.s. That 4th camp is full of people like me!