August
2000
Issue:
Telehealth
and
the
Internet
The
Internet
has
changed
the
way
America
communicates,
plays
and
does
business.
Many
Americans
now
use
the
Internet
for
banking,
retail,
entertainment
and
business-to-business
exchanges.
Ironically,
the
health
industry,
one
of
the
least
computerized,
attracts
a
large
number
of
consumers
to
the
Internet
to
access
health-related
information.
Internet
health
consumers
should
be
aware
of
a
number
of
policy
issues
including
legal,
safety,
and
privacy
issues
that
they
may
face
each
time
they
visit
a
health-related
Web
site.
Discussion
The explosion of consumers on the Internet
has raised legal, privacy and security
issues for those seeking health-related
information on the Web. While the Federal
government has created a large number
of credible health-related Web sites,
private and/or nonprofit sites—offering
everything from general health information
to pharmaceutical sales to a health diagnosis
for a fee—have proliferated on the
Web over a very short period of time.
Currently, it is difficult for the average
consumer to determine whether practitioners
associated with a health Web site are
licensed, and whether or not personally
identifiable information will be shared
with others.
Consumers would also find legal jurisdiction
questions difficult to answer in the realm
of the Internet, which defies state or
other legal boundaries. For example, if
a consumer, located in state A sues a
practitioner, located in state B, who
gave advice via the Web to the consumer,
who has jurisdiction in this case? Does
the jurisdiction change if the interactive
consultation was accomplished via a two-way
teleconferencing unit? What happens if
the Web site was created and staffed outside
the United States? In addition to legal
questions, consumers using the Internet
for health-related information, diagnosis
or medication may unknowingly be providing
personally identifiable information to
a site that may not adequately protect
their privacy. In a large survey of Health
Web sites, Georgetown University’s
Health Privacy Project has found that
there is a wide discrepancy between consumers’
perception of privacy protection on health
Web sites and the actual protection provided.
What you need to know
- Some legal issues
- Safety and standards
- Consumer privacy issues
Links
Next Steps
The Office for the Advancement
of Telehealth will be working with the
Office of the Assistant Secretary for
Planning and Evaluation to identify privacy,
confidentiality, and security concerns
that are unique to Telemedicine practice
including “Web practice” to
identify the settings, situations and
practices that pose the greatest concerns.
OAT also hopes to highlight the implications
of telemedicine practice for privacy regulations
and vice versa.
Telehealth and the Internet,
July 2000
Over the past few years, the
explosive development, growth and use
of the Internet has dramatically changed
the way America communicates, plays and
does business. From 1991 to 1999, the
number of domain names with an Internet
Protocol address rose from almost zero
in 1991 to 45 million by 1999.
Another way to grasp this growth is to
realize that the number of households
online grew an astounding 250 percent
between 1995 and the end of 2000 from
12.7 million to an estimated 44 million,
according to International Data Corporation.
(Washington Post, May 17, 2000) From the
consumer's standpoint, the Internet offers
the ability to easily access a wealth
of health-related information, directly
interact with health care practitioners,
or purchase medications online.
According to the Federal Trade Commission
(FTC), “Consumer online searches
for health information are increasing
dramatically; it is predicted that 30
million Americans will seek health information
online by 2001.”(Federal Trade Commission,
Protecting Consumers Online: A Federal
Trade Federal Commission Report on the
First Five Years of Its Internet Law Enforcement
Program, December 1999.)
Legal Issues
Legal questions relating to health and
the Internet have emerged as more and
more consumers use the Internet. Several
years ago, the Department of Health and
Human Services introduced its Web-based
“healthfinder™,”
which provides search capabilities on
health information. Healthfinder™
includes links to other important government
health sources such as the National Library
of Medicine's MEDLINEplus,
the Centers for Disease Control, the Food
and Drug Administration, and the National
Cancer Institute, to name just a few of
the myriad Federal government health information
sources.
While the Federal government has made
credible health information more accessible
to consumers on the Web, private and non-profit
company Web sites have also proliferated.
These health-oriented Web sites range
widely from those providing general health
information to those selling pharmaceuticals
to those that provide a medical opinion
for a fee.
For any such Web site, consumers may
find it difficult to determine the “quality”
of the site. In this case, “quality”
is defined as the authenticity (proper
state license(s), appropriate credentials,
accreditation and certification) of the
health practitioners who have developed
health information, practice medicine,
provide opinions, sell pharmaceuticals
via the Web site, and the safety and efficacy
of the advice they provide.
Additionally, it may be difficult for
a consumer or state government to track
or determine whether or not particular
Web sites comply with states’ laws
pertaining to a physician’s or other
health practitioner’s interstate
practice. Theoretically, online health
practitioners who do not provide specific
medical advice or diagnosis would probably
not be deemed as practicing medicine across
state lines. Realistically, however, these
consultations can fall into large gray
areas.
Perhaps the bigger legal issue for many
states may be their ability to enforce
their own state health laws. For example,
if a consumer, located in state A sues
a practitioner, located in state B, who
gave advice via the Web to the consumer
(or via any other telemedicine conduit),
who has jurisdiction in this case? Does
the jurisdiction change if the interactive
consultation was accomplished via a two-way
teleconferencing unit? What happens if
the Web site was created and staffed outside
the United States? What recourse would
the consumer have if the Web site was
immediately taken down, but reconfigured
under a different address the next day?
These legal questions apply not only
to Web-based health consultations, but
also to companies that provide health
care consultations using any type of technology
across state boarders. For example, many
health insurance companies now provide
their clients with the option to consult
with a nurse over the telephone before
seeking face-to-face medical consultation.
Large health insurance companies with
a national base will often subcontract
to a company with a central office staffed
with nurses who field incoming nationwide
calls. Do these nurses need to be licensed
in every state in order to answer these
calls?
A recent Department of Health and Human
Services report, Wired for Health and
Well-Being, states:
“The extent and
nature of liability associated with
IHC (Interactive Health Communication)
applications are unclear. Providing
medical advice through IHC applications,
including Web sites, increases potential
liability for developers…. To
what extent the developers, sponsors,
content providers, or others involved
in the design and implementation of
the application will be liable for damages
is unknown. In the absence of precedents
in this area, future legal action and
case law may provide some clarity on
these issues.”
(Science Panel on Interactive
Communication and Health. Wired for Health
and Well-Being: the Emergence of Interactive
Health Communication. Washington, DC:
U.S. Department of Health and Human Services,
U.S. Government Printing Office, April
1999.)
Safety and Standards
Web site “quality” can refer
to more than just the legal licensure
or certification of a Web site’s
developers/practitioners, and can encompass
the safety and efficacy of what is being
provided over the Internet. For example,
there not only has been growing public
concern about the illegal sale of prescription
drugs over the Internet, but also concern
about pharmacists who rely only on online
questionnaires to sell legal pharmaceuticals
over the Internet. These pharmacists do
not require an initial consumer examination
from a practitioner, who has a relationship
with the patient. Consequently, the Administration
recently announced a proposal to allow
the FDA to verify the quality of online
companies that dispense prescription drugs.
This proposal, along with proposed legislation
for voluntary guidelines for health-related
Web sites, reflects a growing awareness
of the difficulties associated with consumer
evaluations of Internet sites.
In addition to these actions, the Federal
Trade Commission along with the Justice
Department, Federal Drug Administration
and other Federal Agencies have made unsubstantiated
health claims a law enforcement priority
as highlighted in Sidebar 1. The FTC’s
oversight and enforcement role in Internet
Commerce is illustrated in their June
1998 report, Privacy Online: A Report
to Congress.
Privacy and Security
Reassuring consumers about the protection
of their personally identifiable information
has been key to the success of the banking,
credit card, and retail industry, among
others, who have established important
e-commerce presence on the Internet in
the past few years. Despite the ubiquity
of online shopping, banking and auctions,
who has not worried about computer hackers
who can randomly steal information from
the unsuspecting? More insidious are the
instances in which identities are stolen
after a person’s social security
and other personal information has been
gathered or made public on the Internet.
There has been growing concern about
consumer privacy on the Internet over
the past few years. Thus, Congress has
responded by introducing a large number
of bills in the 105th and 106th Congress
that attempt to protect the privacy of
personal information collected from the
Internet. The Children's Online Privacy
Protection Act of 1998, which passed into
law, requires the Federal Trade Commission
(FTC) to prescribe regulations to protect
the privacy of personal information collected
from and about children on the Internet.
In May 2000, the FTC reversed its traditional
position on industry self-regulation and
issued a report that recommends, “Congress
enact legislation that, in conjunction
with continuing self-regulatory programs,
will ensure adequate protection of consumer
privacy online.” This legislation
would create a basic level of privacy
protection for consumer-oriented commercial
Web sites and would establish standards
of practice for the collection of information
online. It would also give the FTC the
authority to promulgate more detailed
standards pursuant to the Administrative
Procedure Act (http://www.ftc.gov/os/2000/05/index.htm#22).
Although most do not expect the 106th
Congress to pass such legislation in the
second session before an election, this
FTC recommendation highlights the rapidly
growing concern about consumer privacy
on the Internet.
Another important project specifically
focused on health privacy on the Internet
is the Health Privacy Project. Georgetown
University recently released its report
about the practice of privacy protocols
on Health-related Web sites. The report
can be found at http://ehealth.chcf.org,
and the five major findings are outlined
in Sidebar 2. These findings highlight
troubling inconsistencies between the
consumer perception of privacy protection
on the Web and the actual practice of
many companies that gather information
about the consumer without his or her
knowledge.
Next Steps
The Office for the Advancement of Telehealth
will be working with the Office of the
Assistant Secretary for Planning and Evaluation
to identify privacy, confidentiality,
and security concerns that are unique
to Telemedicine practice including “Web
practice” to identify the settings,
situations and practices that pose the
greatest concerns. OAT also hopes to highlight
the implications of telemedicine practice
for privacy regulations and vice versa.
Sidebar 1
Excerpt from FTC Report: Protecting
Consumers Online: A Federal Trade Commission
Report on the First Five Years of Its
Internet Law Enforcement Program
Health Claims.
The Commission has made the burgeoning
number of false or unsubstantiated health
claims online a law enforcement priority.
- Operation cure-all: The Commission
brought four cases against the marketers
of products such as magnetic therapy
devices, shark cartilage, and CMO (cetymyristoleate),
for their claims that these products
could cure a host of serious diseases,
including cancer, HIV/AIDS, multiple
sclerosis, and arthritis. All the companies,
which used Web sites to market the products
and recruit distributors, entered into
settlements with the Commission.
- FTC v. Slim America, Inc.: The defendants
were charged with falsely advertising
that their weight loss product would
produce dramatic weight loss results.
After a trial, the Court ordered the
defendants to pay $8.3 million in consumer
redress and ordered the individual defendants
to post multi-million dollar bonds before
engaging in the marketing of weight
loss or other products and services.
Sidebar 2
Five major findings from the
Georgetown University Health Privacy Project:
- Visitors to health Web sites are not
anonymous, even if they think they are.
- Health Web sites recognizes consumers'
concern about the privacy of their personal
health information and have made efforts
to establish privacy policies; however,
the policies fall short of truly safeguarding
consumers.
- There is inconsistency between the
privacy policies and the actual practices
of health Web sites.
- Consumers are using health Web sites
to better manage their health, but their
personal information may not be adequately
protected.
- Health Web sites with privacy policies
that disclaim liability for the actions
of third parties on the site negate
the point of their privacy policy.
|
