Down-to-Earth Internet ethics codes set standards for cyberspace

Down-to-Earth Internet ethics codes set standards for cyberspace

Liebman, Milton

EXECUTIVE SUMMARY:

Advertisers and deb operators both should benefit from new, complex guidelines for healthcare sites, designed to protect and inform consumers – and ensure they come back for frequent check-ups.

Ethical principles for guiding the content and operation of healthcare web sites have been developed in `real time.’ The need for down-to-earth ethical standards in presenting health and medical care information through cyberspace sites achieved widespread recognition only last November.

After meetings of “stakeholders” in the healthcare Internet business, guidelines were drafted in February and March. Thereafter, consensuses were developed after discussion, agitation, and compromise. Last month, two separate, fully developed sets of behavioral guidelines were simultaneously published for implementation.

Many of the same participants were involved in preparation of both codes and many of the goals and principles in each insist on the same ethical behavior. The result, if widely applied, should ensure reliable health information and services online. It should bring feelings of comfort and security to Internet viewers and benefit advertisers and site operators through repeat visits by trusting audiences.

Health Internet Ethics, or Hi-Ethics, is a coalition organized last November with 20 of the most widely used health sites to address privacy and quality of content issues. Chairman of the group is Donald W. Kemper, CEO of Healthwise. Hi-Ethics’ 14-point set of ethical principles were presented at a press conference May 8th at the eHealth 2000 Toward the Electronic Patient Record (TEPR) meeting in San Francisco.

The Internet Healthcare Coalition (IHC) is a non-profit organization formed in 1997 representing many parties interested in Internet health site performance. Its eHealth Ethics Code was drafted at a Washington “summit” meeting of some 80 representatives of universities, medical societies, government, consumers, the pharmaceutical industry, and of course, web sites. A consensus was developed and the eHealth Code of Ethics was presented in Washington, May 24. The ceremony was held in the Dirksen Senate Building and was attended by ranking Senators, eHealth Ethics Steering Group co-chairs Dr. Helga Rippen and Dr. Ahmad Risk, and IHC President John Mack.

The differences in the two organizations reflects their resulting codes. Hi-Ethics, whose members are healthcare sites, has been described as an overtly commercial organization, almost a trade association, with the code directed primarily toward those sites.

IHC, a broader-based organization, reflects wider interests. The organizations’ purpose is to educate healthcare consumers and professionals on Internet matters. Any individual or organization can join the Coalition. The IHC eHealth Ethics Code reflects broader interests.

Despite the differences, the purpose of both codes is to insure that individuals can realize the full potential of the Internet to improve and manage their health and that of their families. Both groups deal with what is called `fair information practices.’ These were described at an HMC Education Foundation conference on marketing of prescription drugs by Mark Boulding, general counsel and senior vice president of Medscape, who participated in the development of both codes.

There are five fair practice elements derived from an HEW document. To be in compliance, sites must provide notice of its policy on use of information obtained viewers, choice of whether to “opt in” or “opt out” or anything in between, allow access by individuals to see and change information about them, and provide security of information utilizing management and technical procedures. Last, sites must undertake enforcement though self regulation, penalties, or referral to a government agency.

The first four elements are included in detail in the codes; methods of enforcement to be applied are now being studied by each organization.

Assurances of privacy

The privacy element occupies a major segment of both codes and as written goes beyond that specified in fair information practices. Both require statements on site describing how personal information is collected and used, offering a choice through “affirmative consent” whether to participate in such practices, and making it easy for consumers to review and correct personal data.

eHealth adds that consumers should be informed that there are potential risks to user privacy because data may be collected from a site without the site’s knowledge.

Both codes go beyond a “chain of trust” approach in requiring that its privacy rules apply to third parties with which the sites have a relationship so as not to lose control of the information. “Going beyond accepted fair practice protection was a difficult decision for participants to make,” said Mark Boulding.

“Our agreement with these third parties will follow these principles in giving consumers notice and choice with respect to that third party’s access and use,” the HiEthics code states. Also, the sites will tell consumers if third parties have access to personal information and provide consumers with a “meaningful choice” to accept or decline collection or use of information.

Hi-Ethics requires that the site make a commitment to use security procedures to protect personal information. eHealth goes further, specifying that data be encrypted, files be protected with passwords, or appropriate security software be used. This code also asks for reasonable mechanisms to trace how personal data is used. Generally, the eHealth code more often gives specific details on how to implement its ethical requirements.

eHealth requires sites to provide health information that is consistent with the best available evidence, indicate clearly whether information is based on scientific studies, acknowledge controversial issues, use clear language and accommodate special needs such as large type for vision-impaired viewers. Fulfilling these requirements places a major responsibility on web sites, requiring scientific judgment.

Full financial disclosure

A difficult decision that the Hi-Ethics group faced involved the agreement for full disclosure of financial obligations and relations that may effect content. Publicly owned sites are required to disclose financial particulars, but participants agreed that the Code apply as well to privately owned sites which ordinarily can keep financial information confidential.

The principle states, “clearly identify those who hold an ownership interest of 10 percent or more in our company, and those whose financial contribution to our health web site represent 10 percent or more of the annual revenues of our company. Financial contributions mean both cash and in-kind services or material by persons who are not otherwise identified as sponsors.”

In differentiating advertising or sponsored editorial segments, the Hi-Ethics Code says, “we will clearly distinguish advertising from health information content using identifying words, design, or placement.” The section goes on to advise that significant relationships between commercial sponsors and health information content will be clearly disclosed.

In addition, “we will disclose any cases where we have placed health information content on our health web site because of sponsorship or other support from a third party.”

Rather than referring specifically to advertising, the eHealth code takes the broader view of “responsible partnering.” Internet operators should “partner only with trustworthy individuals or organizations whether they are forprofit or nonprofit.”

Motivated by mistrust

One of the key reasons that ethics codes were initiated was a developing sense of mistrust of web site content and privacy protection. Unclear lines of definition, as well as clear conflict between independent and third-party-supported healthcare information appeared on sites.

A survey released in January by the California HealthCare Foundation and the IHC showed that Internet users were wary of sharing personal health information online because of privacy concerns. Conducted by CyberDialogue, the survey of more than 1,000 online adults revealed that 75 percent of those seeking health information on the Internet were concerned that the sites on which they were registered shared personal information with a third party without permission.

More than personal health information was at issue in improper privacy practices. At least one site collected information on viewer use of the Internet, keeping track of sites visited, purchases made, chat room participation, etc. This information is of commercial value in positioning consumers by attitude, needs, and behavior.

Enonymous.com, a firm that advises companies on Web privacy issues, screened 30,000 of the most frequently visited (not just health) web sites for nine months to determine their privacy policies, according to CBS MarketWatch. The survey found that 37 percent of the sites didn’t have any privacy policy. Internet privacy practices have come under intense public scrutiny the report said.

Sites that don’t contact users unless explicitly permitted to do so and won’t share data receive the highest ranking by Enonymous. Only a little more than 1,000 sites, or 3.5 percent of those surveyed, qualified for the top rank.

The drafters of self regulatory ethics codes based their effort on the premise that guidelines will help operators of health sites offer quality content and proper controls. This action would help consumers use the Internet more effectively.

Detractors, in contrast, said that self regulation was just a way to avoid government regulation. Mark Boulding disagreed, saying that attitude never works. To be successful, self regulation must bring together and regulate segments rather than all of an industry. It requires cooperation of participants and the setting of a mark of quality.

Both codes take the risky step of giving up precise legal language in favor of using direct, consumer-friendly language, according to Boulding. The purpose is to build consumer confidence, a sense of trust on ethical principles and practice.

How professionals present

There is a difference between the codes in specifying the behavior of healthcare professionals in their online presentations. Both say that the qualifications and credentials of persons providing health services should be disclosed. The Hi-Ethics code then stresses that providers are governed by the ethical standards of their profession.

The eHealth code specifies required actions in detail. It asks for disclosure of sponsorships, financial incentives, or other influences that might affect the individual’s presentation, factors that might be covered in the professional ethics of a healthcare provider. The code than specifies a clear disclosure of fees, if any, that will be charged for the online consultation.

eHealth then sets further ethical behavior. In addition to providing their professional credentials and practice address, healthcare providers should describe the scope and type of recommendations that will be presented, give clear instructions for follow-up care, and accurately set forth the constraints and limitations of online diagnosis and treatment recommendations. Again, these requirements assign responsibility for professional oversight to the Web operator.

Putting theory into practice

November 1, 2000 is the date set for HiEthics members to comply with the code. As of the MM&M publishing deadline, no date has been released by IHC for implementation of the eHealth code.

How these principles will be enforced is now under study by both groups. There is precedence to follow from actions by other industry organizations and government agencies.

A seal of approval from the organization whose code of ethics is being followed, appearing on the web site, is one approach that can be taken to show that standards are being met. It is being considered for the health site code enforcement. Enonymous, the Internet privacy company, is one of several offering a seal of approval to post on web sites to alert consumers that a site meets privacy standards.

Trust-E is a fee-charging, nonprofit organization that also offers a seal to compliant members. The company says that it performs quarterly audits and spot checks and has a watchdog service to collect and enforce consumer complaints. Seals now appear on more than 1,600 sites, the company reports. However, Trust-E has yet to revoke a license or take a member to court.

An accreditation program is another enforcement approach. An independent organization would examine sites and their operation. It is logical in the healthcare field, where an association accredits hospitals and other care institutions.

There are internal enforcement systems such as that used by the National Association of Broadcasters, which evaluates complaints, uses a quasi-judicial system and levies penalties.

Finally, the Federal Trade Commission is a backstop for both organizations. There is no law covering enforcement of a privacy policy for adults (there is a Title XIII “The Children’s Online Protection Act of 1998”), but the FTC is open to complaints. Agency lawyers participated in the eHealth Ethics Summit which drafted the code. If a company or organization has a privacy policy and doesn’t live up to it, legal counsel Boulding said, the FTC can as on a complaint – and it has been successful in doing so in the past.

The Internet industry has a reputation for moving at what has been likened to the speed of thought. Development of codes of ethics doesn’t meet that timeframe – though they were crafted quickly for a thought-provoking task. Now, how long will it take to implement and enforce the codes?

Milton Liebman it a contributing editor at MM&M.

Copyright CPS Communications Jun 2000

Provided by ProQuest Information and Learning Company. All rights Reserved