“First, do no harm.”
Those four words, and the Hippocratic oath of which they are a part, have served as an ethical guide for medical practitioners for centuries. While the oath itself has evolved over the years — a more modern one was coined by Dr. Louis Lasagna in 1964 — it hasn’t been updated since then and its application to modern health technology has stagnated.
The oath is anchored in medical ethics with four broad principles: autonomy, non-maleficence, beneficence, and justice. Its goal is to protect the health and privacy of patients above all else.
But it’s not 1964 anymore, and digital communications, social media, and the ease of person-to-person connections have dramatically changed how people shop, learn, work — and how medicine is practiced.
It’s now time to consider a modernized Hippocratic oath that will guide medical providers and the medical community at large to ensure adherence with the four core principles. What’s needed is a digital Hippocratic oath that reflects the realities of the digital age, ensuring that patients can trust how clinicians and others are using and sharing their health information and ensuring that all those who touch patient data protect it.
The development of the digital Hippocratic oath must extend to the broader health ecosystem with a commitment to protect patient privacy and data via the Health Insurance Portability and Accountability Act (HIPAA) and beyond. This oath must also anticipate the impact of the 21st Century CURES Act, which requires vendors of electronic health records to certify functionality that allows physicians the ability to connect any third-party app to patient data without any costly interfaces. Importantly, with greater access comes greater responsibility.
In addition to greater access, the use of modern technologies and proliferation of digital health tools have the potential to foster remarkable improvements in innovation, care delivery, and transparency. They allow patients more visibility into their data and give providers a broader picture of patient care. But they also open up the opportunity for more entities to misuse patient health data, both intentionally, as in selling it, or unintentionally, as with data leaks. And thanks to modern developments like social media, the scale at which data can be disseminated is immense — for better or worse.
The confluence of government mandates and modern technologies necessitates that the digital Hippocratic oath consider all of the touch points — people and systems — at which personal health data may be accessible, as well as the possibility for unintended consequences or the misuse of that data. Ideally, the oath serves as an ethical compass that guides data sharing, integration, and technical processes. It transcends the provider-patient relationship, as patient data are shared beyond doctors’ office file cabinets to digital patient care platforms, technology companies, app developers, and patients themselves.
Ensuring data privacy and the ethical use of health data is a collective action that applies to the entire health care ecosystem. We believe the responsibility for defining it should begin with health systems, as the main providers of care, but must involve the totality of the health care ecosystem.
Graphite Health, the company one of us (R.R.) works for, has embraced its own version of a digital Hippocratic oath for all decisions, and is advancing a broader conversation about how members of the extended medical community can live up to these principles. Graphite is using the same four-principle structure of the original Hippocratic oath, but with updated definitions to reflect the ethical responsibilities of providing care in the modern world:
- Autonomy: We will allow patients to decide how their data is used.
- Beneficence: We will make health care easier to access, understand, and use.
- Non-maleficence: We will protect and secure patient data.
- Justice: We will ask, “What would I want for my own patient care and for my family?” for all decisions.
A key element in upholding the principles of the digital Hippocratic oath is requiring health systems and the external vendors they work with — especially tech companies and app developers — to adopt it. The medical community at large must commit to engaging with organizations that agree to follow this ethical compass and that believe in the ultimate goal of better serving communities and the people within them.
Embodied in this ideology must be definable requirements. For instance, instead of having third-party developers or vendors who want to work with one or more Graphite members recite an oath out loud, Graphite will require them to agree to follow the code of conduct and other requirements before receiving a certificate that all participating health systems can view. Such an action should make the code enforceable by the Federal Trade Commission, should our partners mislead customers in failing to adhere to it.
Some may wonder why all of this is needed, since the digital Hippocratic oath is essentially a form of consumer protection for data. The problem is the way some industry actors treat patient data today — and the way they’re rewarded for using data. There have been too many high-profile examples of third-party vendors using health data in ways that patients didn’t expect when they entered information into an app.
Take the women’s health app Flo, which helps women track their reproductive cycles, a highly intimate form of health data. The New York Times reported in 2021 that the company shared users’ intimate personal data with third parties. And more recently, when IBM sold off its Watson Health business, a little-known asset included in the deal was MarketScan, a vast database that includes detailed health information on some 270 million Americans. Type “health data for sale” into a search engine and it becomes immediately obvious how much of a commodity personal health data has become.
It’s no wonder that just 11% of patients said that they trust Big Tech with their data.
At the same time, however, there is great value in having a complete picture of personal health to help keep patients healthy and safe, and digital tools can make health care more convenient and more effective. So the medical community must consider how to do that safely, securely, and with patients’ best interests — not profits — as the top priority.
It starts with trust. Trust should be the bedrock of every patient’s experience. And it is only through trusting relationships that clinicians can provide the best care. After all, even the best digital health tools will fail if patients aren’t willing to use them. That’s why the medical community must prioritize protecting patient data, first by agreeing that patients are not products, and second by bringing the Hippocratic oath into the 21st century. Although any time is the right time to focus on patient trust, it’s even more important now as digital health app developers work to meet the requirements outlined in the 21st Century CURES Act.
Ries Robinson is CEO of Graphite Health, and chief innovation advisor at Presbyterian Healthcare Services. Aneesh Chopra, the cofounder and president of CareJourney, was the first chief technology officer of the United States.