E-health not immune from existing regulations

While the regulatory landscape of e-health is only just beginning to take shape, hospitals and other health care entities are running a serious risk if they believe regulations capable of being applied in this area have not yet been created. In fact, many aspects of e-health are more than adequately addressed within the existing regulatory framework, experts warn.

"The myriad legal and regulatory requirements applicable to the face-to-face delivery of health care also apply to the virtual delivery of health care and related services through the Internet," warns health care attorney Bernadette Broccolo of Gardner Carton in Chicago.

Health care attorneys say most government enforcement of this area has focused on prescription drugs sold on-line.

But that may change. Timothy Delaney, unit chief of the FBI’s health care fraud unit, recently pointed to the bureau’s cyber crimes division as one of the FBI’s new initiatives. "We have not quite figured out, if it is a health care provider and they are billing over the Internet, if that is a cyber crime or health care fraud," he says.

Health care attorneys say that is just the point. "A lot of people believe that because this is e-commerce, the basic rules don’t apply, but the important point is that they do," says Edward Kornreich, a health care attorney with Proskauer Rose in New York City.

According to Kornreich, all of the fundamental principles regarding licensure and tax exemption and, most importantly, compliance with Stark and the anti-kickback statute apply to e-health.

"The most important thing to understand about e-commerce is that, although there are a lot of rules that will become clearer over time, just because you are in an e-commerce setting does not mean that the traditional rules do not apply," he explains.

According to Broccolo, failing to take the full spectrum of legal and regulatory issues into account early in the design phase of the web site-development process, as well as throughout the ongoing operation and maintenance of the site, may give rise to the need for significant design changes and expose the organization to the risk of adverse regulatory action.

Broccolo says these issues and the corresponding liability risks must be carefully managed through web site disclaimers, terms, and conditions of use, consents, privacy, and various other policies.

Numerous questions remain unanswered, however. Whether the interaction between the provider and the individual gives rise to a patient/provider relationship is one of them, says Broccolo.

"An interaction involving consultation, diagnosis, or advice may give rise to a cyber’ relationship that carries all the associated ethical and legal obligations, regardless of whether payment occurs," she asserts. "A more passive interaction, such as an individual viewing educational information, may not."

Provider-patient interactions in chat rooms carry a significant risk that the information being provided will be viewed as medical advice and that the information will be misunderstood and misapplied, she adds.