The healthcare industry, like every other industry, is now heading online. What do healthcare plans, providers, employers, and companies servicing the healthcare industry confront as they build and operate their sites and conduct business on the Internet? A balancing act--between the immense advantages of successful use of the Internet and its hidden costs. What are the hidden costs and how can the healthcare industry use Internet legal experience to avoid them?

The Internet is Worldwide
Healthcare business can reach the world through the Internet, but the world can reach back. All Internet businesses face new exposure to out-of-state litigation and regulation. The healthcare industry has all the exposure of other businesses and more, because it is highly regulated on the state as well as the federal level. Insurance and licensing issues arise. When does a simple communication cross the line into practicing telemedicine? And if the communication crosses state boundaries, when is it practicing medicine without a license? The design of a website may expose healthcare business to suit in out-of-state courts. Correct website design can minimize these risks.

The Internet is Public
What a business puts on a website is open to public scrutiny. Websites have become targets of lawsuits for defamation, fraud, false advertising, trademark infringement, and copyright infringement. Medical information and advice have their own distinctive risks when posted on a website. Congress has enacted a stream of legislation affecting these Internet issues. While the Digital Millennium Copyright Act and the Communications Decency Act of 1996 speak to some of these issues for all industries, new Internet laws are constantly proposed in Congress and in state legislatures. The flow of Internet legislation will increase as online business continues to mushroom.

The Internet is Interactive Going beyond a mere passive display of information is key to making full use of the Internet. You may offer access to medical records, you will send and receive e-mail, questions, orders, and information from the site visitors themselves; you may deliver medical advice via e-mail or posting. You may sponsor a bulletin board for information exchange or chatrooms for support groups. What are your obligations regarding the storage or transmission, disclosure, and commercial use of such content and data?

What standard of care must be met, both for protecting privacy and providing access to medical records? Should a physician get written consent before communicating by e-mail with a patient? What is your exposure for the misinformation, pirated content, viruses, malicious falsehoods, and other undesirable content that visitors may circulate through your site? The pending administrative simplifications and privacy rules under the Health Insurance Portability and Accountability Act (HIPAA) will address data standards and security and protection of privacy of medical record information. And privacy standards (for information other than medical records) are developing rapidly.

The CDA and the Digital Millennium Copyright Act of 1998, as well as state and federal courts, have weighed in on questions of website sponsor responsibility. A new generation of insurance policies is arising to help meet these problems. You will need to know the terrain to get full value of the distinctive interactive quality of the Internet, without undue exposure to liability.

The Internet and Your Back Office
The Internet is not just bringing patients to your website. One reason the healthcare industry is moving onto the Internet so quickly is that administrative costs in the industry range from 15 to 30 percent, much of which is due to the inefficient and fragmented nature of the healthcare system. The Internet may be the key to cutting those costs. More and more medical business will be conducted between computers connected by the Internet, including claims payment, access to and transfer of medical records information and test results, referrals, enrollment, and scheduling appointments.

Electronic access and the electronic control of that access is the destiny of medical information, patient records in particular. Access to electronic patient records is increasingly regulated; the Department of Health and Human Services' pending federal privacy rule under HIPAA is only the beginning of online privacy regulation specific to the healthcare industry. Failure to comply, resulting in either a failure to deliver information due or erroneous disclosure of confidential information, creates potential and serious exposure. Awareness of these rules will be essential to proper construction of Internet infrastructure.

David Rabinowitz is a partner at the law firm of Moses & Singer LLP in New York City. He is currently the head of the Litigation Department.