health & the internet ian rose computer science 99 winter 2000 dartmouth college

Health & The InternetHealth & The Internet

Ian Rose

Computer Science 99

Winter 2000

Dartmouth College

What is the Current State?What is the Current State?

Lots of users Lots of providers (Web sites) Little regulation or standards Lots of concern!!

Current State: UsersCurrent State: Users

California Healthcare Foundation midyear reports on number of US Adults retrieving health content from the Internet:

1999 - 24.8 million US Adults2000 - 33.5 million (predicted)2003 - 52.0 million (predicted)

Current State: ProvidersCurrent State: Providers

NY Times estimates there are 100,000 medical Web sites

Top sites (survey): Nat’l Library of Medicine sites (Medline), Medscape, WebMD, DrKoop, med411.com

Jupiter Communications predicts that the online consumer healthcare market will grow to $1.7 billion by 2003

Current State: ProvidersCurrent State: Providers

eHealth Ethics Summit Release findings:

– “Visitors to health Web sites are not anonymous, even if they think they are.”

– “There is inconsistency between the privacy policies and the actual practices of health Web sites.”

– “Few health sites maintain a chain of trust with third parties on their site”

Current State: Regulations & StandardsCurrent State: Regulations & Standards

Though some specific privacy regulations exist, and currently 131 Internet or electronic mail privacy bills are pending in 31 states…

– There are no Federal privacy laws specifically for internet medical records, and

– There is no “broad-based” privacy law or continuity between regulations

Current State: Public ConcernCurrent State: Public Concern

Ethics Survey of Consumer Attitudes:

– “Half of online users are concerned about the potential invasion of privacy of personal health information in the U.S”

– Only 18% of respondents would disclose personal health information for more personalized Web service, whereas 90% of respondents would disclose their e-mail addresses

Current State: Government ConcernCurrent State: Government Concern

Federal Trade Commission inquiry into privacy policies of several popular eHealth sites

Food and Drug Administration authority to regulate online sales of prescription drugs

What are the Concerns?What are the Concerns?

Privacy of data willingly divulged to enhance one’s online experience

– not sharing this data with third parties

– 75% of surveyed users cite this as a concern (more than concern over unauthorized e-mail reading and hacker attacks)

– Possible repercussions from insurance companies or employers (for example) if confidential information is shared


Privacy of data NOT willingly divulged

– “caught” from another site (possible via cookies a la DoubleClick?)

– merging of data from multiple sources (DoubleClick is [in]famous for doing this)

– Security loopholes (e.g. previous page ‘get’ data postings appended to URL)

– Collection of aggregate data


Biased / Unreliable Information

– Test study on four popular search engines:– Fewer than half the pages contained medical

information about the searched-for condition.– “Of those that did, about 60 percent had

information that had been through the peer-review process”

– “The other 40 percent of the pages had data that had not been reviewed or didn't list the source of the information. “


Lack of certainty regarding Gov’t role

– “Are there current State or Federal laws that protect the privacy and confidentiality of personal medical information on the internet?”

– 70% of people say “I don’t know”

– “Who do you think should be responsible for regulating health sites and the way they use information obtained from visitors?”

– Most popular answer: Government (35%)

What are some Solutions?What are some Solutions?

Privacy of data willingly divulged to enhance one’s online experience

– Interrogating sites’ privacy statements (electronically?)

– holding sites accountable to their statements (CHCF Privacy Policies Report)

– Holding business partners and advertisers to similar standards of responsibility and fair business practices (e.g. DrKoop.com reevaluating its relationship with DoubleClick)


Privacy of data NOT willingly divulged

– Same standards as for willingly divulged information

– Merging of Data: Government and/or Industry privacy standards

– Security loopholes: Independent security testing, evaluation, and/or certification


Biased / Unreliable Information

– Industry standards for reporting sources of information

– Clearly distinguish between ads and information– Independent evaluation/certification with public

results (seal): TRUSTe, HON– Caveat: Improved customer faith in such

certifications. Studies show that seals of approval from Internet trade groups do not make people more apt to share health information


Lack of certainty regarding Gov’t role

– Education regarding current law– Simplification/unification of current law– Example: European Union’s 1995 directive on

the protection of personal data. Lays down “common rules to be observed by companies that collect or transmit personal information.” Gives consumers the right to access and correct information about themselves.

General SolutionsGeneral Solutions

California HealthCare Foundation investigative reports on privacy policies and consumer attitudes

Internet Healthcare Coalition (IHC) e-Health Ethics Initiative

The Health on the Net Foundation Code of Conduct (HONcode) for medical and health Web sites

Some New Problems...Some New Problems...

Solutions presented this far are primarily based on:– Government controls & regulations– Intra-Industry controls & regulations– Industry standardization

So what’s the problem?

The Internet Has its Own Set of Rules

““Internet Rules”Internet Rules”

The Internet has shown unparalleled growth and has brought many benefits

It can be argued that important to this growth was:

– lack of government intervention

– dynamic, fast-paced community of both vendors and consumers

– ease of entering market (internet start-up craze)


These same factors that made the Internet what it is today make industry-wide standardization and regulation difficult to implement, as well as potentially dangerous with regards to stifling growth

One should also be concerned about inviting government regulations into the Internet arena


So in light of these new hesitations, should we step into the eHealth industry at all? Or should we leave things alone, just as the government and industry has chosen to do will many other areas of the Internet?

Yes. Due to the uniquely sensitive nature of medical information, a degree of industry standardizations and/or government intervention is justified and needed.

The Take-Home MessageThe Take-Home Message

So a balance must be sought between:

– Protecting consumers from faulty information on Web sites and from abuse/theft of personal health information, and

– Protecting the Internet (at least the eHealth industry) from the stranglehold legislation that permeates the greater US HealthCare industry

ConclusionConclusion

“Consumer health care on the Internet has moved beyond its infancy and childhood, firmly into an awkward adolescence. While it isincreasing in reach, scope, capacity, and independence, it is not mature enough to be predictable and reliable.”

- Report on the Privacy Policies and Practices of Health Web Sites, Preliminary eHealth Ethics Summit Release

health & the internet ian rose computer science 99 winter 2000 dartmouth college

Documents