This chapter provides an overview of law relating to online and Internet medical practice, data protection, and consumer information privacy. It provides a comprehensive overview of federal (HIPAA) and state privacy laws, concluding that both those legal resources leave gaps in consumer protection and provide no real penalties for violating the laws. The authors educate the readers to the legal and data protection problems consumers will encounter in purchasing medical and health services on the Internet. Furthermore, the authors recount some actual case studies and follow those with expert advice for those Internet consumers who wish to be not merely informed, but also safe. The authors not only educate the readers to the lack of protection afforded to them but also advocate throughout the chapter that the United States must enact more federal protection for the consumer in order to deter privacy violations and punish criminal, negligent, and wilful violations of personal consumer privacy.
TopIntroduction
The practice of medicine is not immune from the information age. The use of the Internet, including e-mail, in medical practice is altering the traditional method of delivering medical care. Millions of Americans now rely upon the Internet as a primary source of medical information or education about their own symptoms, conditions, diagnoses, and treatments. The practice of telemedicine, consulting with another physician by using technology, is constantly evolving and expanding into areas never before imagined. Physicians are establishing their own Web sites and some few are now practicing medicine on the Internet.
The progression of the traditional practice of medicine in cyberspace has brought with it many issues related to privacy and online data protection. No longer is the physician-patient relationship limited to an in-person office consultation that carries with it the legal protections of doctor-patient privilege. Rather, the practice of medicine has evolved to include interactions that might not have ordinarily been considered a physician-patient relationship, and these contacts may stretch across both real and virtual boundaries. In fact, the interactions are, at times, both real and virtual, and the consumer-patient is now in a situation where it is difficult to identify exactly who is the party on the other end.
This chapter will provide an overview of the law relating to cybermedicine, medicine practiced without traditional in-person contact, and telemedicine, in terms of data protection and other legal complications related to licensing and a conflict of state laws. The chapter will examine the laws applicable to Web sites where medical diagnosis or the purchase of medical services (including prescriptions) is available. The chapter will discuss how the new methodology of acquiring medical care is at odds with traditional notions of state regulation and how current laws, both federal and state, leave many gaps related to any consumer protections or potential causes of action when privacy is compromised.
This chapter will proceed with an overview of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), an act promulgated to ensure privacy of health information as well as access to health care. It will review HIPAA’s application to medical practice conducted on the Internet. It will, in brief, discuss the plethora of sites available over which American citizens may purchase prescription drugs without a prescription from a licensed United States physician or merely through an overseas Web site with no physician to monitor the transaction. We then will examine current federal laws which are not set up to regulate these international transactions. The chapter will explore potential legal complications with personal data and privacy issues related to purchasing medical treatment or services on the Internet and describe what, if any legal recourse consumers might have when the outcome of an Internet medical transaction turns out to be undesirable. The chapter will posit some expert advice for consumers regarding using websites for medical purposes as well as protecting their own privacy. Lastly, this chapter advocates a federal law more punitive that HIPAA; one that regulates and protects patient information, medical transactions, and interactions on the Internet and deters violations of patient privacy by mandating significant fines and imprisonment for negligent or criminal and willful violations of that privacy.