As health professionals, nurses, doctors, and even pharmacists are held to a high standard of making sure everything they do is above board. They can lose license for failing to comply with ethical guidelines. Even though software engineers in health IT have a far greater reaching impact on patients, no equivalent code of conduct exists for developers.
The National Institute of Health (NIH) recently granted the Mayo Clinic $142-million to create a biobank as part of the Precision Medicine Initiative Cohort Program. Aiming to enroll at least a million volunteers willing to share their health data in order to advance precision medicine, the program serves as a reminder of the security risks is health IT yet security in the health care sector continues to lag behind.
Collecting health data is moving fast, which begs the question should health IT programmers working on similar projects be held to the same ethical standards as doctors and other medical professionals?
In order to prioritize security in health IT, programmers should be required to take the Hippocratic oath just as health professionals do, especially as more biobanks are created.
"Software engineers and physicians need to work together to ensure the health and safety of patients first and the ingenuity of efficient health technology second," said Dr. Andrew Boyd, assistant professor in the department of Biomedical and Health Information Sciences at the University of Illinois at Chicago.
"Algorithms are literally impacting millions of lives, and there needs to be a better way to empower developers to say this might be legal but this isn't doing right by the patient," said Boyd. A strong advocate for developers being held to the same professional standards of ethics as health care providers, Boyd said that security in health IT is a huge concern.
The same conclusion was drawn from a study released by Independent Security Evaluators (ISE) earlier this year. Ted Harrington, executive partner, ISE said, "When I think about what our research demonstrated, it is that the fundamental business function in health care isn't consistent with the Hippocratic oath."
In all of the hallways of every hospital Harrington visited, it was clear that those who deliver the care follow this ethical practice in terms of interaction with patients, protocols, and sanitization to ensure that patients don't leave more sick than when they arrived.
"In a cyber context, there are so many ways in which a patient could suffer harm or fatality," Harrington said, which is why key parallels pertaining to threat modeling can be drawn between hospitals and biobanks.
"The primary assets that I would envision are protected by biobanks--repositories for human samples for use in medical research--could be compromised," Harrington said.
Sign up for Computerworld eNewsletters.