American College of Physicians: Internal Medicine — Doctors for Adults ®


Steering clear of pitfalls in physician Web sites

From the September 2000 ACP-ASIM Observer, copyright 2000 by the American College of Physicians-American Society of Internal Medicine.

By Phyllis Maguire

A patient visiting your practice's Web site clicks on a link for more information and gets some bad medical advice. If she is harmed as a result, can you be held liable? And are you liable if she gets that information from a chat room hosted by your site?

These scenarios may seem unlikely, particularly because most physician Web sites now provide little more than office hours and directions. But as physicians build better Web sites to give patients more information, experts predict that medical practices will encounter a wide range of legal and regulatory issues.

Some sticking points, like antikickback and liability regulations, will be familiar to physicians. But other regulations concerning the electronic transmission of health related information are expected to break new legal and ethical ground.

Here are some of the pitfalls to avoid when you put your practice on the Web:

Problem: concerns about kickbacks. Several companies offer physicians free or subsidized sites, an arrangement that experts say can run afoul of antikickback statutes. Before you sign on, look closely at whether the discounts being offered constitute gifts that may get you in hot water.

"What's the quid pro quo and expectation?" asked Bruce M. Fried, JD, chair of the health law group at the Washington office of law firm Shaw Pittman. "When something of value is being given, the fraud and abuse enforcement authorities always look at what is being expected in return."

For instance, lawyers expect antitrust regulators to be leery of physicians accepting free sites from pharmaceutical companies or hospitals. They'd expect such a gift to lead to prescription preferences or increased hospital referrals.

Or take this business model: A Web site provider charges physicians a monthly fee to run their Web sites, but gives free sites to one group of subspecialists like cardiologists. The catch? The cardiologists have to agree to post certain drug ads on their site.

Lawyers predict that federal investigators won't like this type of targeted marketing arrangement. They will also question any ties between physicians' income from Web site drug ads and the number of prescriptions physicians write for that particular drug. Such a connection would be a clear sign of referral intent, according to John T. Bentivoglio, JD, special counsel for health care fraud for the U.S. Department of Justice (DOJ).

Solutions. Steer clear of free or subsidized sites from hospitals or drug makers. And avoid any kind of exclusive advertising arrangement with a particular pharmacy, pharmaceutical company or group of subspecialists. Analysts say that in the eyes of HHS Office of Inspector General, exclusive relationships imply some sort of referral.

This is not to say that physicians can't accept Web site ads. "If it's just a banner advertisement and there is no indication that the physician is saying, 'Go ahead and buy the product,' I don't think there's significant exposure for the doctor," said health care attorney Lloyd A. Bookman, JD, principal of Hooper Lundy & Bookman in Los Angeles. "That's the type of advertising that a physician can get paid for."

Problem: privacy. Like all business on the Internet, physician Web sites are governed by a hodgepodge of federal and state privacy statutes. One of them, the Federal Trade Commission Act, says that "collecting or disclosing personal information in violation of a Web site's written privacy policy may constitute an unfair or deceptive trade practice," according to the DOJ's Mr. Bentivoglio.

Privacy is of particular concern to physicians as they forge new types of online partnerships. With the growing use of "cookies"—text files stored on users' computers that track the Web sites they've visited—physicians must be vigilant about whom they partner with and how patient information gets used.

Solutions. According to Janlori Goldman, JD, director of Georgetown University's Health Privacy Project, physicians must develop and post privacy policies on their sites. Those policies should address such issues as whether site partners or sponsors can collect information or conduct online profiling of site users. Physicians should also make sure that sponsors or advertisers don't violate their policies. Experts say that agreements to extend a practice's privacy policy to a linked site should be made in writing.

Privacy policies "should give people real choices, like the choice to be anonymous," Ms. Goldman continued. If you decide to allow some information to be disclosed from your site, give users the ability to exclude themselves or limit those disclosures. Users should also be able to access and correct submitted information.

And posted policies must reflect actual practices. Deceptive or incomplete policies may violate state consumer protection or false advertising laws—and invite scrutiny from the Federal Trade Commission, according to David Hellerstein, MD, a consultant with the Sacramento, Calif., office of PricewaterhouseCoopers.

There are several resources physicians can use to craft privacy policies. The Health on the Net (HON) Foundation ( has published principles to help regulate user privacy; the Internet Healthcare Coalition ( and the Hi-Ethics (for Health Internet) Alliance ( have also issued guidelines. All three efforts are the industry's attempt "to self-regulate before the feds come down with a very heavy hand," said Vincent T. Kuraitis, JD, principal of Better Health Technologies, an e-health care business development company based in Boise, Idaho.

Privacy is also a major concern with physician-patient e-mail, because most e-mail is sent through unsecured commercial systems or sections of physicians' own unsecured sites. Unless you're using encryption and authentication procedures, experts say that you should discourage patients from sending sensitive or emergency information electronically. (For more on e-mail, see "How to avoid privacy problems with patient e-mail.")

Problem: liability. While physicians want to make sure that sites that they are linked to contain top-quality information, some wonder whether physicians will be held liable for misleading information on a linked site. And what if they host a chat room on their Web site where bad—or even dangerous—information is disseminated?

Another concern is whether standard malpractice policies cover cybercare. The AMA has argued, for instance, that no doctor-patient relationship exists if physicians communicate electronically with patients with whom they have no established relationship. Might a malpractice carrier claim that online communication, particularly with a new patient, is not legitimate and therefore not covered?

Solutions. If you refer users to information on another Web site and you don't modify or endorse that information, said Mr. Fried from Shaw Pittman, you probably will not be held responsible if that information is inaccurate. To play it safe, however, he suggested checking to see if linked sites display the "HON Code" logo. Sites displaying this logo agree to have only medically qualified professionals dispense advice and to give references for the information they provide.

Chat rooms, however, are another matter. Michael L. Blau, JD, partner in the health department of Boston law firm McDermott, Will & Emery, noted that Web sites have successfully argued that they are not legally responsible for misleading chat room content. But he added that these precedents occurred in non-health care settings.

Health care providers may have "a higher level of duty" for verifying health care information posted on their site, he continued. "There may be some responsibility to correct or amend misleading information or put out corrective bulletins if the physician becomes aware that that kind of information is being posted," he said.

Finally, experts urge physicians to check with their malpractice insurance carriers to see if they are protected from misinformation on the Web. Physicians may have to arrange for specialty riders to cover online activities, even with established patients.

This is a printer-friendly version of this page

Print this page  |  Close the preview




Internist Archives Quick Links

Not an ACP Member?

Join today and discover the benefits waiting for you.

Not an ACP Member? Join today and discover the benefits waiting for you

ACP offers different categories of membership depending on your career stage and professional status. View options, pricing and benefits.

A New Way to Ace the Boards!

A New Way to Ace the Boards!

Ensure you're board-exam ready with ACP's Board Prep Ace - a multifaceted, self-study program that prepares you to pass the ABIM Certification Exam in internal medicine. Learn more.