Winter, 2000
By Nicolas Terry, LL M
Professor of Law, Center for Health Law Studies
Saint Louis University
Saint Louis, MO
Cybermedicine is an umbrella term describing the transition of key medical services to the web. A much broader concept than telemedicine, cybermedicine includes marketing, relationship creation, advice, prescribing and selling drugs and devices, and, as with all things in cyberspace, levels of interactivity as yet unknown. The potential benefits of cybermedicine are obvious: creation of a highly efficient national market for health services, instantaneous access to medical services without travel or lines in waiting rooms, and seamless integration of support services such as gatekeeping, patient records, inpatient scheduling and prescription fulfillment. Less obvious are some of the serious legal issues that arise. As providers shift into cyberspace, the health law system faces challenges to its traditional approaches to regulation, quality assurance and confidentiality.
Cybermedicine is already a billion dollar industry, even though very few of its products have reached the market-place. Least visible are companies such as Healtheon that are pioneering heavily integrated "backend" systems for the health industry. Such systems electronically process claims, patient data and prescription information; exchanging such data among managed care organizations, hospitals, physicians, pharmaceutical companies and other suppliers. More visible are so-called vertical portals, web sites structured to appeal to narrow, particular subsets of web users. Vertical portals aimed at physicians feature clinical information and specialty interaction, while selling advertising, books and continuing medical education services. Vertical portals aimed at patients marry consumer-oriented health information to online consultations, prescription drug fulfillment, and related services and products. Examples include ADAM, Mayo Clinic's Oasis and DrKoop. Some portal sites, such as Healtheon's WebMD and the AMA-led consortium's site, feature both patient and physician areas.
For health lawyers, the most immediate concerns are licensure-related. Health-care professionals are regulated by state-based licensing systems. Yet cyber-space is oblivious to such "real world" jurisdictional demarcations or limitations. Current generation cybermedicine sites deliver "advice" in one of three ways: generalized textual content or "frequently asked questions" (FAQs), open forums for discussions, and personalized interactive sessions (by chat or e-mail) with site "experts."
In most states, the question will arise as to which, if any, of these activities involve the practice of medicine and so implicate licensure and, ultimately, unlicensed practice. The answer may be relatively simple in the case of a one-to-one interaction between physician and patient that leads to prescribing a drug. However, more generalized interactions are far harder to characterize. A related issue has arisen regarding the practice of pharmacy across state lines and, specifically, web-based pharmacies. For example, Illinois and Kansas specifically regulate electronic transactions and are attempting to prosecute out-of-state pharmacies and associated medical professionals. This kind of activity also implicates federal regulation and enforcement by the FDA and DEA. The FDA is working with various state agencies and regulatory bodies to develop more national policies and solutions
For the average physician, the first indication of problems with web-based information was when a patient arrived for an appointment carrying a pile of printouts and demanding specific treatments or drugs. Now, concern is growing over the quality of advice that is published on the web. 1 Under federal law, Internet service providers and those who web-publish content provided by others generally are immune from liability. 2 As a result, cybermedicine sites that merely aggregate or link to the content of others are unlikely to be liable for negligent medical advice. However, cybermedicine sites that create their own content will have liability exposure. No doubt these sites will rely on various tort and constitutional law decisions that traditionally have protected authors and publishers. However, those decisions may not apply in cases where direct relationships between health professionals and patients have been established or where a site delivers highly targeted or personalized content. Overall, cybermedicine sites will confront extremely complex risk management issues. For example, malpractice insurance typically is written on a state-by- state basis suggesting considerable difficulties for physicians practicing in cyberspace.
Health lawyers may also be forced to change their concept of the medical mal-practice defendant. In the real world, health law frequently differentiates physicians, institutions and manufacturers, often applying discrete legal rules to them. However, cyberspace frequently obscures the nature of the underlying business. For example, is the patient's advice coming from a doctor or a drug company? Furthermore the transition to cyberspace may radically change the traditional (and traditionally regulated) health business models. Business models that were once disaggregated (for example, doctor and pharmacy) may be re-formed as integrated on-line cybermedicine suppliers. Equally, services (for example, sale and delivery of a prescription drug) that traditionally have been integrated may be disaggregated.
Already cyberspace activities of healthcare providers and pharmaceutical companies are impacting the liability rules that apply to their real world activities. Malpractice law typically has viewed physicians as independent contractors for whom health institutions such as hospitals or managed care organizations (MCOs) are not vicariously liable. As a result, it is the doctor not the healthcare institution who is the primary defendant when substandard medical care is practiced on the hospital's patient. However, fiercely competitive MCOs now are filling the web with increasingly holistic images of their services. Thus, the tightly integrated provider models that are appearing in cyberspace likely will lead to more instances of institutional liability for malpractice. 3
Second, pharmaceutical companies that traditionally distanced themselves from direct contact with patients now actively promote their products directly to end-users using the web providing increasingly rich data about their products. 4 The application of strict products liability law to prescription drugs has been subject to the so-called "learned intermediary" doctrine. This rule pro-vides that the manufacturer is under a duty to warn only the physician intermediary, not the patient. It has essentially immunized the pharmaceutical manufacturer in most failure-to-warn cases. The shift to direct-to-consumer marketing and the provision to patients via the web of vast quantities of information previously only available to physicians appears to be influencing the liability construct. For example, in the recent case of Perez v. Wyeth Laboratories Inc., 5 the New Jersey Supreme Court severely restricted the reach of the learned intermediary rule in a case brought against the manufacturer of Norplant.
Fully integrated electronic systems bring great efficiencies, but pose a threat to patient privacy. While communications between doctor and patient must be secure and encrypted, legal implications go far beyond data integrity. The parties to these electronic exchanges must be assured of the identity of the other parties - a concept at odds with the vaunted anonymity of cyberspace communications. The patient must be assured that his advisor is actually a licensed physician, while the physician must be sure that his morphine-seeking patient is a terminal cancer patient and not a recreational user. The first ameliorative step in this context has been the Intel-AMA initiative to provide for digital credentialing that will allow physicians and patients to establish who is at each end of Net connection prior to exchange of confidential health information.
It must be appreciated that cybermedicine technology itself is in its infancy. As E-services and related hardware mature, patients are likely to have home-based cybermedical appliances, networked devices that facilitate remote services such as diagnosis and treatment. The entry into the cybermedicine market of responsible, well-established entities hopefully signals an end to an unregulated period of illegal prescriptions and suspect advice. However, just as health professions must retool to handle the challenges of cybermedicine, so must the legal rules that were designed for the pre-industrialized healthcare industry be re-fashioned for the information age.
© Nicolas P.Terry. All Rights Reserved
Footnotes
1 Biermann JS, et al. Evaluation of cancer information on the Internet. Cancer 1999;86 (3):381-90.
2 (47 USC § 230(C)(1))
3 See, e.g., Kashishian v. Port, 481 N.W.2d 277 (Wis. 1992).
4 FDA/CDER, Guidance for industry: Consumer-directed broadcast advertisements <www.fda.gov/ cder/guidance/1804fnl.htm> August 1999.
5 (734 A.2d 1245 (N.J. 1999))
Further reading
Terry NP. Cyber-malpractice: legal exposure for cybermedicine. Am J Law Med 1999;25(2-3): 327-66.
in collaboration with
Dartmouth-Hitchcock Medical Center
The opinions expressed in the journal, Lahey Clinic Medical Ethics,
belong to the individual contributors and do not represent the institutional position
of Lahey Clinic on any subject matters discussed.
