The Internet and information technology are transforming our society with breathtaking speed. Industries are being created and made obsolete. New professions are emerging while others are being cut out of the equation.
The impact of the Internet on the healthcare industry is no different. New technologies, new markets, new communities, new science emerge daily. It is an extraordinary time to be engaged in healthcare.
Consider all that's happening around us, and then we'll consider what it will take for all this activity to continue in the public interest and within existing bounds of propriety.
First of all, can we even control the way healthcare IT is advancing? It's only part of a broader revolution in which different technologies are converging at a speed that makes planning difficult, if not impossible. Moore's Law, that the power and speed of information technology doubles every 18 months, has held true for more than a decade.
Your 56K modem gives way to digital subscriber lines (DSL) which give way to cable modems and T-3 lines. New ways to transmit data over those lightning-fast lines permit convergence of video and content.
Technology explosion. Medical information, inaccessible until recently to even the most sophisticated consumer, becomes available to anyone at whatever level of sophistication they desire. Using remote sensors married to online medical records supported by disease-management knowledge banks drawing on comprehensive data warehouses, patients won't need to visit the hospital or doctor's office. They'll be able to receive world-class diagnostic and therapeutic care at home.
The future holds much more. Bio-engineered technologies will converge with IT. Internal bio-electrical sensors will continuously monitor body function, reporting highly accurate data to disease management technologies. New computer chips will allow smaller, faster devices permitting clinicians to carry wireless palm-sized devices continuously linked to the Internet, allowing instant access to patient records, detailed images and evidence-based therapeutic strategies.
All this paints a bright future for healthcare. But none of this will happen without government regulation.
The soon-to-be-released administrative simplification standards required by the Health Insurance Portability and Accountability Act of 1996 are more than a checklist of things to do under penalty of law. The interoperability required for different technologies to communicate will be impossible without these standards.
High stakes. The financial commitment and payback will both be substantial. The expense of designing, developing and deploying Web-based healthcare systems will be immense. The commerce that results from this deployment will generate huge flows of revenue. But the openness of the Internet already invites abuse. Regulatory restraints will be essential.
Public anxiety about the confidentiality of personal medical information is significant and largely justified. The California HealthCare Foundation investigated the privacy policies of almost two dozen healthcare Web sites and found that many of the practices did not measure up (the report is available at www.chcf.org).
HIPAA privacy regulations (which can be tracked at www.aspe.gov) should balance the protection of our most private information while permitting valuable medical data to be captured for the advancement of science and medical knowledge.
All healthcare enterprises, real or virtual, should carefully review their privacy policies and practices, not only to comply with public policy but also to build the public confidence that will be essential if e-healthcare is to reach its full potential.
Providers who are reputable recognize that unscrupulous e-healthcare sites may threaten the safety of even sophisticated online consumers of healthcare goods and services. For example, the Food and Drug Administration's Web site (www.fda.gov) lists unlicensed pharmacies that send drugs to consumers without prescriptions. Obviously the FDA and other state and federal regulators want to control and eliminate such abusive practices.
Regulatory minefield. The Web, as flexible as it is, respects no political boundary, which makes regulatory enforcement more difficult. Still, we are seeing international cooperation. In the enforcement of pharmaceutical distribution laws, for example, the U.S. and Thailand recently cooperated to shut down an illegal Thai-based online pharmacy.
But faraway threats and future regulatory issues aren't the only sources of Internet-based fallout to be wary of. E-healthcare ventures are already attracting attention from enforcers of existing laws against healthcare fraud and abuse, especially with the amount of money being poured into such ventures. Increasingly the question being asked is, "Can they do that?"
Healthcare Internet entrepreneurs frequently are astounded by the regulatory minefield in which they find themselves. As government funds flow into e-healthcare ventures, it is clear that laws against fraud and abuse will be enforced. Anti-kickback laws, physician self-referral laws, beneficiary inducement laws and others will be applied.
A few hypothetical examples:
* A hospital provides Web sites to its affiliated physicians. Each Web site has the hospital's logo on its home page. The hospital hires a vendor to establish and maintain the physician Web sites. The vendor furnishes "data mining" services for the hospital and reports the results.
This scenario might be an illegal kickback scheme. The free Web site appears to be a payment to the physician. The hospital may be seeking to induce the referral of patients by giving its physicians the Web sites. That would be illegal. Or, it may be nothing more than marketing the hospital to the physicians' patients.
* A physician sells ads and links her Web site to an online pharmacy. The pharmacy may compensate the physician in several ways, including flat fees, a percentage of online sales or rewards based on Web traffic volume -- for example, "hits" on the pharmacy's linked site. This may amount to a kickback scheme if the pharmacy is making payments for referrals. Or, it may be that the physician is in effect recommending the site by virtue of the ads' size and placement or the fact that there are no other pharmacies listed.
Application of the so-called Stark physician self-referral law would have to be considered. Does the supplier/provider furnish designated health services? Does the physician have a compensation arrangement with the supplier/provider? If the physician makes a referral, then the practice is implicated under the Stark law.
Easy targets. Although the e-healthcare industry must respond to market demands to provide healthcare information, goods and services, it must do so with care. Even reputable providers must remember that the easiest targets for fraud-and-abuse inquiries and other investigations will be Web-site operators that are well-known and easy to find.
Every provider of healthcare information and services should take special care to ensure that their e-healthcare offerings comply with existing healthcare laws and regulations, on the federal and state levels.
In a recent, provocative article in Wired magazine, Bill Joy, one of those visionary engineers who hone the cutting edge of the Internet, asked, "Can we survive our technology?" From an Internet healthcare perspective, the question might have been, "Can e-healthcare survive without regulation?"
The cross-currents of medical and technological progress, public concern about privacy, and the amount of money involved will make balanced regulation difficult to achieve.
But absent such regulation, the public's trust -- which is essential to the success of e-healthcare -- will be lost to abuse and excess.
Bruce Fried is a partner and chairman of the health law group at Shaw, Pittman, Potts & Trowbridge, an international law firm based in Washington. As legal counsel to e-healthcare organizations, the group advises clients on a wide array of regulatory, corporate, intellectual-property and financial matters. Fried previously was director of HCFA's Center for Health Plans and Providers.