Guiding Principles
Statement of Guiding Principles for Ethics in Digital Health
A set of 10 Guiding Principles resulting from two seminars comprised of cross-sector representatives.
1. The products of digital health companies should always work in patients’ interests.
Digital health companies should work with care providers, insurance companies, regulators, and governments to ensure their products are:
- part of an eco-system that enables effective, affordable access to high quality health services
- never used to discriminate, persecute or deny necessary care
2. Sharing digital health information should always be to improve a patient’s outcomes and those of others.
Digital health companies receive consent from patients for information to be shared. They recognize that consent represents only a broad statement of trust by the patient. They acknowledge their absolute duty of care with respect to the use of patient information.
3. “Do no harm” should apply to the use and sharing of all digital health information.
Digital health companies are alert to the risks of malicious use of health information and unintended consequences of well-intentioned uses. They adopt safeguards to anticipate and mitigate these risks.
4. Patients should never be forced to use digital health products against their wishes.
Patients’ use of digital health products should be voluntary and with a positive mindset.
5. Patients should be able to decide whether their information is shared, and to know how a digital health company uses information to generate revenues.
Patients should be aware that their shared information will be used for many purposes. They should know who has the duty to care for their digital health information and how that organization gets paid when they use it.
6. Digital health information should be accurate.
Digital health products should maintain high standards of data quality, reproducibility, and integrity. Validation methods should be auditable and transparent to ensure that high standards are being reliably met.
7. Digital health information should be protected with strong security tools.
Digital health products should meet state-of-the-art security standards. Patients should be able to know how well companies are performing against those standards.
8. Security violations should be reported promptly along with what is being done to fix them.
Within ten (10) business days of detection (or sooner if required by law), digital health companies should inform affected patients of any breach, potential consequences and steps taken to mitigate risk.
9. Digital health products should allow patients to be more connected to their caregivers.
The information created by digital health products should strengthen the voice of patients and their families in care decisions. That information should help educate and inform patients, improving communication and trust with health care professionals.
10. Patients should be actively engaged in the community that is shaping digital health products.
Digital health companies should provide patients with tools to easily express their opinions, provide their feedback, and communicate their needs in timely, professional ways.