By Edward F. Shay, Esq.
Health care on the Internet has diversified and grown exponentially in the past two or three years. As health care on the Internet continues to evolve from fairly static first generation information sites toward third generation interactive health management programs online, courts, regulators and private accrediting entities are struggling to apply existing law to a new medium and to develop new law when needed. However, despite the Internet’s efficiency as a communication medium which lends itself to some health care transactions, most health care transactions on the Internet involve information as a commodity rather than a service. Thus, to date, the legal response to health care on the Internet primarily reflects the regulation of information as a commodity.
Not surprisingly, physicians have been cautious about embracing the Internet. Recent AMA studies shows the physician user numbers have grown but “skepticism” is still the word of choice to describe physician attitudes to the role of the Internet in their practices. To the extent that physicians do use the Internet, the AMA study shows that they too use it as a source of information and not as a dynamic management tool.
First generation health care uses of the Internet have been passive informational applications which describe a host of products, services and resources available from health care vendors of every type. They are the online equivalent of magazine advertising. Many leaders of this type of application have been online for three or four years, a virtual epoch in Internet time. Illustrative among an abundance of examples are:
- The Washington State Medical Society and HealthDirector.com which have teamed to develop a fully searchable online directory of the Society’s membership.
- Betweenrounds, AstraZeneca’s webzine on managed care.
- Drkoop.com, the wildly popular online site for all types of health information.
- The Mayo Clinic at Mayo.edu, a highly polished example of a web site for an academic medical center.
Second generation health care uses of the Internet have been proliferating as the Internet has become a vehicle for E-commerce innovators conducting an array of transactions which involve electronic data interchanges (EDI), including enrolling for health insurance, paying health insurance claims, or purchasing prescription drugs. Second generation examples include online pharmacies such as:
The second generation of health care online also uses the Internet as a shared platform for EDI transactions as seen in any of the following:
- CareInsight has partnered with New York area plans and providers to allow health plan members to chose physicians, schedule appointments, check claims status, view lab results and renew prescriptions.
- Healtheon/WebMD and IDX now offer what is described at the first end-to-end Internet health care company connecting physicians and consumers.
- Neoforma.com, Pharmabid.com, and other online auctions are beginning to reshape the traditional lines of supply distribution in health care.
Second generation online activity has evolved beyond the passive phase of the first generation to an interactive stage, but only to the extent that transactions exchange fairly neutral information which do not require the exercise of clinical judgment.
As technology continues to evolve, there are indications that the Internet will be used in complex health management programs, an emerging third generation of health care use of the Internet. Some third generation examples are as follows.
- Nokia and Johnson and Johnson have agreed to capitalize LifeChart, a company which will offer diabetes disease management online by enabling diabetic subscribers to electronically transmit their glucometer readings to an online database which can be accessed and monitored by their doctors or pharmacists.
- Lifestream Technologies, Inc. claims the first FDA approval of a regulated diagnostic device transmitting results over a secure Internet site to permit physicians to provide their patients with personalized results in minutes.
- Medtronic has joined with Microsoft and IBM to capitalize Medtronic.com, a site devoted to online management of cardiovascular disease.
- A secure real-time online clinical data repository accessible to individuals and their providers being offered and expanded upon by H2i.com.
Most third generation developments seek to manage clinical information and may set the stage for the exercise of clinical judgment. It is likely that this use of the Internet will present the hardest challenges to those who regulate health care on the Internet.
Whether an Internet transaction is to find a medical staff member on a medical center’s website, or to order a gross of latex gloves, the health care related transaction itself involves a commodity as opposed to the laying on of hands or the exercise of clinical judgment. Thus, most of the recent legal developments applicable to health care on the Internet involve consumer protection, information integrity and limiting the Internet to an information commodity role.
The Legal Response
As health care has moved decisively onto the Internet, regulators, courts and legislators have moved cautiously to fashion law applicable to this new medium for health care. Among regulators, the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) have recently intensified their scrutiny of health care activity on the Internet. The Department of Health and Human Services through proposed regulations on security and privacy will soon regulate use and disclosure of individually identifiable health information on the Internet.
The FDA and Online Pharmacies
The FDA recently announced an Internet action plan to address what it sees as a significant threat to public health posed by illegal prescribing and dispensing of pharmaceuticals on the Internet. Since the mid-1990s, the FDA has been monitoring illegal activity on the Internet. It has intercepted and prosecuted cases involving illegal bodybuilding drugs, abortion kits and HIV home testing kits. In addition, the FDA has conducted extensive discussions with other stakeholders in online sales and advertising of drugs. Based on the advice it has gathered and its experience with violative, online sites, the FDA has developed an action plan with the following five elements.
Customize and expand its enforcement efforts by:
- Establishing priorities including sale of unapproved new drugs, health fraud, and sales on the Internet without prescriptions.
- Increasing data acquisition through acquiring a sophisticated search engine and upgrading other data capabilities.
- Coordinating, assessing and evaluating enforcement opportunities through use of an internal screening committee which will aim for maximum deterrent effect.
- Increasing its enforcement presence by reallocating existing resources from other activities.
Identify other federal agency partners such as:
- Department of Justice
- Customs Service
- Postal Service
Towards this end, the FDA has announced that it is developing partnering arrangements with these agencies.
Pursue a parallel course of private sector partnering. This initiative will include continued consultation with a wide array of interest groups.
Develop talk papers, articles for its Consumer Magazine and information for the FDA web site to implement a general plan of public outreach.
Consider Internet specific legislation and regulation on which it will comment. The FDA believes that its legal authorities were never intended to cope with the Internet and the unique problems and potential it presents.
The FTC and Online Scams
Much health care activity on the Internet rests upon the integrity of information which is itself a commodity. The Federal Trade Commission becomes involved in health care on the Internet as a long time advocate of consumer protection which includes regulation of false or misleading health care information. The FTC relies upon its authority under the Federal Trade Commission Act to prevent practices which are deceptive or unfair in interstate commerce. This authority gives the FTC authority over misleading or deceptive claims. As an example, the FTC has stated that it could enforce against an online pharmacy which misrepresents its privacy practices and uses medical information about its customers in a manner contrary to privacy representations.
Some examples of recent FTC enforcement include consent orders against:
- An online vendor of magnetic field therapy who claimed it was effective in treating cancer, diabetic ulcers, arthritis and joint conditions.
- An online marketer of shark cartilage offered as a cure for cancer.
- An online vendor of fatty acid derived from beef tallow who claimed that it would cure most forms of arthritis.
The FTC has targeted Internet health fraud through its recently announced Operation Cure.all enforcement program, the occasion for the above summarized actions. This initiative was aimed largely at quackery and bogus claims made on the Internet. In cases involving medical practice, the FTC has stated that it looks to state licensing boards who have traditionally regulated the professions.
DHHS and Making Health Care Information Secure
Mandated by the Health Insurance Portability and Accountability Act of 1996, DHHS is enacting rules applicable to most electronic transactions including health care information on the Internet. The rules will implement sweeping new mandates in electronic health information for: standardization of EDI claims transactions, detailed information and computer security practices, and privacy policies for protected health information.
The Department of Health and Human Services has published proposed rules on:
- Standardized electronic transaction formats and codes.
- Unique identifiers for providers and employers.
- Standards for electronic signatures.
- Complex requirements for information security.
- Intricate privacy rules to underpin the security rules.
By definition, transmitting or storing any individually identifiable information on the Internet must comply with the proposed rules.
State Officials and the Exercise of Clinical Judgment
As the Internet has become an increasingly popular vehicle for health care E-commerce, traditional state regulators are issuing new rules and applying old ones. Again, the commodity regulators are the leaders in addressing concerns about health care on the Internet. For example, state pharmacy boards are examining whether online pharmacies are properly licensed and meet the rules applicable to all pharmacies. Also, several state attorneys general are enforcing existing rules relating to prescribing for drugs ordered over the Internet. Several cases have emerged in state court of the past year in which physicians have been enjoined from prescribing drugs for patients they have not seen and examined.
The significance of these cases involving the failure of a physician to visualize patients prior to prescribing drugs is quite important to the development of health care on the Internet, especially to interactive health management Internet sites. The visualization requirement draws a clear line between that which is a commodity and health care as a service involving the exercise of clinical judgement. Thus, online vendors seek to provide online case management and disease management may see the scope and effectiveness of these initiatives limited by state laws licensing medical practice.
While legal authorities have focused initially on consumer fraud and abusive circumstances involving health care on the Internet, private sector trade groups have initiated accreditation programs to lend credibility to Internet based health care activity. Although purely voluntary, some accreditation initiatives may delay or soften the impact of future regulation. Examples reflect the evolution of health care activity on the Internet and include:
- The HON Code of Conduct, initiated by the Health On the Net Foundation, embodies eight principles including but not limited to the website author’s credentials, specification of the currency of clinical documents offered, preserving confidentiality of data, source references and disclosure of funding and support sources for a website.
- The EHNAC Accreditation Criteria have been established by the Electronic Healthcare Network Accreditation Commission. The EHNAC criteria apply to value added networks and to health information clearinghouses which engage in EDI. Accredited entities connected to the Internet must use firewalls for system integrity, encryption for transmitting health care data, methods of authentication of trading partners and adequate bandwidth for business needs.
- The VIPPS accreditation program has been established by the National Association of Board of Pharmacy for online pharmacies. Accredited online pharmacies must agree to adhere to VIPPS criteria and program requirements, maintain all appropriate state and federal licenses in good standing, post information about the pharmacy on the VIPPS website, allow inspections of their operations and display the VIPPS approval seal. While many VIPPS criteria are familiar to any type of pharmacy operation, several speak to the unique characteristics of dispensing online. Security, authentication of messaging and confidentiality of data are examples.
Growth of health care on the Internet and the application of legal controls to it are largely driven by the commodity nature of the health care activities involved to date. Missing from the phenomenon thus far and critical to its future success is the medical profession. While some surveys purport to demonstrate that physicians are rapidly embracing the Internet, others portray physicians and consumers as wary of the integrity of Internet information and concerned about its reliability.
Clearly, much of the laying on of hands will remain an intimate face to face encounter between doctor and patient. Whether physicians can be convinced that third generation health management initiatives on the Internet can add real value to the practice of medicine remains to be seen.
Edward F. Shay, Esq., is a partner in the Health Law Department of Saul, Ewing, Remick and Saul, LLP, a mid-Atlantic law firm.