There are multiple cases where we need to know that a patient community member with a history of being involved in patient-facing technologies needs to be deeply involved with the company behind the technology platform. That patient will sometimes need to invite other patients, caregivers, activists and/or experts to get involved and verify that a companies plans are valid.

Consider this requirement to be something akin to the IRB requirements involved with using human tests subjects.

Here are the rules for how patients should be treated by platforms in this role:

  • Patient Representatives must be included at the highest level board of reporting at your organization, usually either the Board of Directors or Board of Advisors level.
  • Patients must be paid a living wage if hired full time. If not hired full time, then for the portion of the time that they are hired, they must be paid 125% of a living wage rate.
  • Patients must have the access they need to understand how your organization works with patient data
  • All new product launches (anything which offers a new value proposition to the patient community) must be reviewed by the patient representative before launch
  • There must be at least 1 annual meeting regarding how your organization uses patient data, and the on that day, the patient representative will invite not less than 4 (and not more 8) other patients/experts/activists/etc to examine the privacy practices of your platform.
  • There can be no non-disclosure agreement that does not explicitly carve out the patient representatives right to go public with patient safety related information (including, of course, privacy and/or cybersecurity flaws in your product)
  • In general, with regard to the information that is provided to the patient representative regarding the use of patient data, there can be no substantial difference between the information that is provided to the CEO about this, and the patient representative. If the patient representative is surprised by information, then the CEO should be too.

What you can expect from your patient representative

  • They will be trained in the basic concepts of the scientific process, the rules for research on humans, the basics principles of privacy and cybersecurity.
  • They will show up on time and, assuming they are provided with the access and information they need to do their jobs, and assuming your organization not deceiving patients or doing other underhanded stuff. They will not create additional drama to how your organization runs.
  • They will be able to discuss intelligently the tradeoffs that are inherent in privacy and cybersecurity decisions.