By John W. Jones, Esq.
The Internet has given providers the ability to deliver health care in a more efficient and cost-effective manner. It also provides patients with some degree of privacy and convenience as certain services, such as the prescribing of medication, can be accomplished without the patient ever having to leave her home. Whether it is due to the perceived consumer privacy or the convenience of on-line transactions, Internet pharmacies are flourishing.
In today’s high-tech world, physicians are linking to clinical databases, formulary systems and electronic care management systems to deliver care. Some are teaming up with on-line pharmacies and prescribing medication to patients over the Internet and across state lines. As with any emerging industry, prescribing drugs on-line present certain legal and ethical challenges for physicians, including licensure, privacy and security, liability, informed consent and patient confidentiality. The federal government also has expressed concern over these transactions.
Generally, states require that a physician be licensed in the state in which she practices. Unfortunately, there is not much consistency among the states. Some states require a license to be obtained in each state the physician provides services and others issue special licenses to out-of-state physicians to practice in their state. These requirements can significantly limit a physician’s ability to prescribe medication over the Internet. A California physician, for example, who wants to prescribe medication to patients in the rural areas of Pennsylvania via the Internet will have to comply with these requirements or fall within an exception. Otherwise, she may be faced with licensure discipline.
Privacy and Security
As of April 14, 2003, covered entities, including physicians, have certain privacy and security obligations under the privacy regulations (Privacy Regulations) of the Health Insurance Portability and Accountability Act of 1996 with respect to protected health information. The Privacy Regulations impose certain requirements on a physician’s use or disclosure of protected health information. Additionally, the Security Standards (Security Standards), for which physicians have a compliance date of April 20, 2005, require them to implement certain administrative, physical and technical safeguards to protect electronic protected health information.
Prescribing drugs on-line and transferring patient data electronically would certainly implicate the Privacy Regulations and Security Standards. In an era when medical information can be accessed by unauthorized persons or “hackers,” perfect security is non-existent and misdirected transmissions occur with some frequency, the transmission and storage of this information creates significant concerns for physicians under state and federal law.
Standard of Care and Liability
The risk of malpractice liability may be greater with Internet prescribing. The Federation of State Medical Boards policy on Internet prescribing provides that the prescribing of medications by physicians based solely on an electronic medical questionnaire clearly fails to meet an acceptable standard of medical care. Although the physician-patient relationship is not always precisely defined in an on-line setting, it is clearly established upon the diagnosis and treatment of a patient, which typically occurs after an on-line questionnaire is completed by the patient and the physician communicates with and prescribes medication to the patient.
The physician-patient relationship imposes certain obligations and responsibilities on the physician and gives certain rights to the patient (even though the parties may never meet face-to-face). Once this relationship is forged, claims could arise from a physician’s diagnosis and treatment based on incomplete patient information (obtained as a result of the on-line questionnaire), flawed data, transmission errors and failing to obtain informed consent and properly evaluate a patient prior to the prescribing of medication. In an effort to assist physicians to safely and securely prescribe medications to patients over the Internet, on June 19, 2003, the American Medical Association (AMA) House of Delegates adopted certain on-line prescribing guidelines.
The AMA guidelines regarding Internet prescribing provide that before prescribing any medications on-line, physicians should obtain medical history information and perform a physical examination of the patient. This necessitates a face-to-face interaction to establish the physician-patient relationship. Prescribing medication based solely on on-line questionnaires or consultations would not satisfy the minimum standards of medical care.
Aside from utilizing a secure network and complying with state licensure laws, the AMA proposed that the following additional safeguards be adopted by physicians who prescribe medication on-line:
· Engage in an adequate dialogue with patients about treatment options, risks and benefits.
· Follow-up with patients as necessary and appropriate.
· Maintain an updated medical record that is readily available to the patient, as well as other health care professionals (upon patient consent).
· Include the electronic prescription information in the patient’s medical record.
· Clearly disclose physician-identifying information on the Internet, including physician’s name and practice address and any financial interest she may have in any of the products prescribed.
Informed consent for certain medical procedures such as surgery is a well-established legal doctrine. In many jurisdictions, a physician is required to obtain full, knowing and voluntary informed consent from a patient for certain non-emergency procedures, including surgery. The purpose of informed consent is to permit patients to participate fully in the medical decision-making process. Informed consent results where the physician gives the patient a description of the procedure and explains the risks, benefits and alternatives that a reasonably prudent patient would need to consider in making an informed decision as to whether or not to undergo the procedure.
Given the risk of exposure to liability for unauthorized disclosure, invasion of privacy and breach of confidentiality inherent in prescribing medication on-line, physicians should take certain precautionary measures, including obtaining the voluntary informed consent of the patient. Specifically, physicians should inform and educate their patients regarding the risks and benefits inherent in Internet prescribing; the type of personal health information that may be gathered, permitted transmissions (such as prescription refills), when alternate forms of communications would be more appropriate; persons authorized to access and use the patient’s information; and the security measures utilized to protect such information. This should be documented in a written agreement between the parties, signed by the patient and included in the medical record. Once the patient has been advised of the risks and benefits, she can make an informed decision as to whether or not to engage in such practice.
Physicians have long had an ethical and legal duty to protect the confidentiality of patient communications and information. In Pennsylvania, for example, it constitutes unprofessional and immoral conduct for a physician to reveal personally identifiable facts of a patient obtained as a result of the physician-patient relationship, unless the patient has consented to the disclosure or the disclosure is otherwise authorized or required by statute. This confidentiality standard applies irrespective of the form in which the confidential information is transmitted. Therefore, a physician who prescribes medication over the Internet and communicates with her patients through this medium (the contents of which contain personally identifiable facts of the patient) has a duty to protect those communications and such personal information from disclosure absent patient consent or some statutory authority or mandate.
Accordingly, physicians should take precautions to secure electronically transmitted patient-related information, including, at a minimum, developing an office policy regarding the confidentiality of such information, obtaining the patient’s written consent prior to the release of such information to a third party, maintaining a confidentiality notice on such communication and educating office staff and patients on the appropriate uses of such information.
On-line pharmacies are required to be licensed in the jurisdictions in which they operate. Generally, these pharmacies should have obtained an operating license or other approval from the state board of pharmacy. Government agencies, including the Food and Drug Administration (FDA) and Drug Enforcement Agency, are concerned about the access the Internet provides to counterfeit prescription medications. Although the FDA does not generally regulate pharmacies, it does monitor the misbranding of pharmaceutical agents, which includes those items sold to the public without a label from an unlicensed pharmacy. The FDA monitors the sale of such medication and has uncovered several unlicensed sites selling counterfeit drugs.
Greater scrutiny of these sites is occurring at the federal level. On March 1, 2004, the White House released a drug plan to crack down on Internet pharmacies. The Plan calls for an interagency program aimed at reducing the use of banned substances as well as prescription drug abuse. Physicians should be wary of unscrupulous prescription pharmacy sites and engage in thorough due diligence of the site before forming any relationship for the prescribing and sale of prescription medications over the Internet.
On-line pharmacies arguably offer the benefits of convenience, enhanced efficiency and decreased costs. These same benefits, however, create serious legal challenges and potential liability for the unwary physician. Physicians need to be cognizant of the legal issues presented by on-line prescribing, as well as the ethical considerations associated with the physician-patient relationship forged over the Internet.
John W. Jones, Esq. is a member of the Health Care Services Group at Pepper Hamilton LLP in Philadelphia, Pennsylvania.