Physicians recite the Hippocratic Oath during their commencement ceremony as they’re graduating from medical school. This oath represents their commitment to the core principle of medicine – to “first, do no harm.”
Today, healthcare delivery is increasingly more holistic, data-driven, and inseparable from digital technology. As such, the security of healthcare data and systems requires a similar moral compass.
The Human Dimension of Cybersecurity
Cybersecurity is often seen as a technical discipline involving firewalls, encryption, and access controls. It’s depicted in pop culture as the hooded vigilante pounding away on their keyboard, a swath of zeros and ones streaming across their screen, before announcing every security professional’s favorite phrase: “I’m in!”
In reality, behind every system we safeguard are patients who depend on our diligence – individuals whose medical records must remain private, whose treatments rely on the availability of accurate data, and whose trust is fundamental to the integrity of care.
The consequences extend far beyond compliance: Downtime can delay care. A breach can expose personal stories that were never meant to be public.
It’s important to remember that in our industry, these are not just technology problems, but directly related to human outcomes. When we talk about sinister things like zero day attacks, ransomware, logic bombs, botnets, and polymorphic malware, the jargon can quickly obscure a key objective underpinning our security efforts. That is, we have a duty to “do no harm” to those who trust us as custodians of their data.
The Cybersecurity Hippocratic Oath is not about regulation, it’s about responsibility. It asks us to remember that our actions, from designing secure architectures to enforcing policies, carry ethical weight.
A Modern Oath for Cyber Professionals in Healthcare Interoperability
The Cybersecurity Hippocratic Oath in Healthcare Interoperability would fittingly not be written on papyrus, but more likely in a text file and would follow the same themes as the original which has stood the test of time. It would probably include the following statements:
- I pledge to uphold the CIA triad, protecting confidentiality, integrity, and availability.
- I will defend privacy, applying least privileged access, monitoring capabilities, and using and sharing information only for its intended purpose.
- I will identify vulnerabilities and risks and hound my highly skilled colleagues to address them through automated and procedural mechanisms.
- I will log and observe traffic with intent and purpose (ensuring PHI is not captured), alert where appropriate, and investigate anomalies which may threaten our mission.
- I will treat my third parties with the same scrutiny that I treat my organization, while always being mindful of controls documented in audit reports and HIPAA compliance.
- I will continuously question the way we do things.
- Above all, I will ensure that my actions in defense of security recognize that security is about people, not just technology, and to do no harm.
To learn more about 1upHealth’s security posture, please visit our Trust Center.