Davis Wright Tremaine LLP Davis Wright Tremaine LLP
Practice Areas - HIPAA/advisory bulletins
Home

Practice Areas: HIPAA
 

Legal Services

Related Practice Areas

Advisory Bulletins

Publications & Resources

HIPAA Search
 

 
News to Use
Recruiting
DWT in the Community
Seminars & Training
Bookstore
Lawyer Directory
Office Locations
Search & Site Map

Advisory Bulletin

The Brave New World of Health Care E-Commerce
[May 1999]

As Bill Gates said, "The Internet is friction-free." By that, he meant that the Internet creates uniquely efficient markets that provide goods and services to consumers with relatively low overhead and easy access. This essential advantage of the Internet is beginning to change the way we do business just as it has changed the way we communicate. It is estimated by various sources that consumers will spend $150 billion to $600 billion on goods and services through the Internet by the year 2000.

Health Care e-commerce is becoming one of the most lively sectors of the developing Internet economy, as a series of Internet-based health care businesses have recently gone public or received financing. However, the friction for many of these new businesses is that health care is one of the most regulated industries. One of the challenges of health care e-commerce is anticipating how health care regulatory laws, such as state corporate practice of medicine prohibitions, the federal anti-kickback statute and patient confidentiality laws, will be applied to the Internet.

There appears to be three primary types of existing health care e-commerce businesses, those that: (i) sell goods online, such as pharmaceuticals, (ii) provide health care information to patients or providers and (iii) deliver health care information software to providers. Each type of business faces unique regulatory issues.

Drug companies selling pharmaceuticals online must contend with strict FDA regulations that are often difficult to comply with in the Internet setting. For example, the FDA requires drug company advertisements to contain detailed disclosures, including information on possible side effects. Most online drug companies post their disclaimers and disclosures on their home page, but if a user enters one of the site's internal pages through use of a search engine or a hyperlink from another Web site, then the user may never see the disclaimer.

Drug companies must also be careful about providing links to other sites where the content may not be controlled. The FDA approves pharmaceuticals for a certain treatment and drug companies are prohibited from discussing "off-label" use of drugs. If a drug company sponsors or links to chat rooms in which the participants discuss off-label usage, the company may be violating FDA regulations.

Next, let's look at the growing number of online health care information companies. Some of these companies provide access to information regarding specific medical conditions, which is a natural evolution from the medical chat rooms that have developed spontaneously on the Web. Others go a step further and provide personalized medical information from doctors or laypersons based upon a questionnaire completed by the user. Some of these companies also sponsor on-line support and discussion groups on medical issues. Typically, these companies derive their revenues primarily from advertising, with drug companies as major advertisers.

These online health care information companies raise a number of regulatory issues. Unfortunately, few of them can be conclusively answered just yet. For example, it's a fine line between providing personalized medical information and practicing medicine. The information provided to users must be carefully tailored to ensure that the company is not deemed to be practicing medicine without a license or practicing without a license in a given state. If the company does use physicians to provide the information, the company may be violating state corporate practice of medicine prohibitions by providing professional services through a general business corporation. The company may also be subjecting itself to the laws of those states that have adopted laws regulating telemedicine, such as California.

Further complicating the analysis is the fact that an Internet provider may be subject to the jurisdiction of any state to which it directs marketing or other efforts. An Internet company may reduce its chances of being hauled into court in another state through the use of carefully crafted disclaimers and making its Web site a passive posting of information. The more interactive the site, the greater the risk of exposure to the laws of other jurisdictions. Few online health care information companies will want to be forced to comply with the often vague and contradictory requirements of the corporate practice, licensing and telemedicine rules of multiple states.

The federal anti-kickback statute may be implicated by the relationship between drug company advertisers and the Internet companies providing medical information. If advertising dollars or financial support provided by a drug company could be viewed as payments made with the intent of inducing the Internet provider to recommend the drug company's products to its users (and if those drugs are covered by Medicare or Medicaid), then the relationship should be carefully reviewed for compliance with the anti-kickback statute. For the reasons noted above, an Internet company may also be required to comply with anti-kickback laws of various states, which are often broader than the federal anti-kickback statute, applying to all payors.

If an Internet provider of health care information hosts discussion groups regarding medical conditions, care should be taken to ensure that the groups are appropriately moderated. A company may expose itself to potential liability if it sponsors or endorses discussion groups that disseminate erroneous medical information. Some health organizations have begun to develop voluntary guidelines for the conduct of Internet health information providers, such as the Health on the Net Foundation's Code of Conduct for Medical Web Sites, at www.hon.ch/HONcode/Conduct.html.

Another type of Internet business allows providers to access or interface with software products available on the company's Web site platform. The software may assist the provider in a variety of management functions, such as "data mining" a hospital's patient records for information regarding drug utilization, which may then be utilized by a pharmacy benefit manager to help the hospital manage pharmacy costs. All Internet companies involved in the transmission of patient medical information must be sensitive to compliance with state laws governing confidentiality of medical records. There are many types of encryption software available today, providing varying levels of protection. A level of encryption that may be generally viewed as acceptable in a commercial setting may not be viewed as adequate to protect patient confidentiality.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) promises to provide more definitive guidance in this area, mandating the use of standard transactions, standard identifiers, security and other provisions by the year 2000 for health plans subject to HIPAA. Internet health care providers should develop their business model with an eye on the proposed HIPAA regulations relating to Internet transactions.

While a relatively small but growing number of health care companies are doing business primarily over the Internet, a vast number of health care organizations have established Web sites. Even a garden variety Web site may present unforeseen risks. If your Web site contains hyperlinks to other sites, care should be taken in the description of those sites, the use of the other sites' logos or trademarks and the nature of the links.

Linking to an internal page of another site may cause the user to bypass disclaimers, copyright notices or advertising that are only on the site's home page. Incorporating another company's logo or trademark into a link may lead to a charge of trademark infringement or dilution. Because the law of the Internet is still in its infancy, many issues remain to be resolved and new issues appear at every turn. Thus far, the Internet has been a fairly freewheeling (some would say anarchic) medium. Even large companies in highly regulated industries, such as health care, have established Web sites with few safeguards to reduce potential liabilities. It's advisable for businesses to take steps to minimize the legal risks associated with e-commerce from the outset. In light of the volume of business that is beginning to flow through the Internet and the number of Internet-based lawsuits that are now being filed, it appears that the days of relatively unregulated e-commerce are coming to an end.

return to Advisory Bulletins main page

 
Davis Wright Tremaine LLP
Home | Practice Areas | News To Use | Recruiting | DWT in the Community
Seminars & Training | Bookstore | Lawyer Directory | Office Locations | Search & Site Map
Davis Wright Tremaine LLP Davis Wright Tremaine LLP
return to Advisory Bulletin main page