Wireless in Healthcare:
Attempting to Quantify Legal Risks

David A Townsend
Faculty of Law, University of New Brunswick
Bag Service 44999, Fredericton, NB, CANADA, E2B 5A3

Abstract: As hospitals in Canada and around the world integrate wireless technologies into their communications infrastructures, healthcare professionals continue to be concerned about the potential legal risks.  This paper attempts to explain and quantify those risks.

INTRODUCTION

Wireless technologies and services are now being deployed by many hospitals with a view to improving the flexibility, inter-connectivity and mobility of their healthcare delivery.  A key operational objective is to bring the hospital network, and the Internet itself, to the very point-of-care – wherever that may be.  Clearly, wireless deployments have good potential to improve patient care outcomes and costs, and reduce the potential for legal liability related to miscommunication of patient information and certain other errors [1]. But the successful integration of wireless infrastructure and services into healthcare delivery may be stymied by human reticence to accept the health and legal risks perceived to be inherent with wireless technologies.  At present, three legal risks are viewed as the most pressing to healthcare professionals:

(i) Electromagnetic interference (EMI) between wireless technologies and biomedical equipment
(ii) Wrongful interception of confidential patient information
(iii) Human injury due to exposure to electromagnetic energy

Electromagnetic interference

Since the mid 1990s, hospital personnel, medical device manufacturers and medical device regulators have become increasingly apprehensive about the electromagnetic interference potential to, and from, medical equipment.  Many engineers have speculated that the equipment characteristics associated with the digitalization of medical devices – accelerating microprocessor speeds, multiple functionality, small size, portability, low power and interoperability – have increased the likelihood of device-to-device interference by impacting both the electromagnetic emissions from medical devices and their susceptibility to such electromagnetic energy.

Additionally, there have been mounting concerns that the electromagnetic environment (EME) within hospitals has become more hostile to medical devices due to the proximate operation of fixed and mobile radiocommunication equipment [2, 3]. Mobile wireless equipment has been brought into hospitals by caregivers, support staff, patients, civic emergency response personnel and visitors alike.  While the number of documented EMI-related incidents has been quite small, government statistics do establish that patient morbidity and mortality has resulted [4, 5].

The writer has developed a legal analysis for EMI-related liability within healthcare contexts.  Here, legal Liability (determination of responsibility which results in a damage award, or other legal sanction) is evaluated by considering the Adverse EMI Effect (EMI related injury to persons or damage to property), the Duty Re: Effect (legal duty to act or refrain from acting so as to avoid or reduce the Adverse EMI Effect) and the Causation (cause-effect relationship which establishes on the balance of probability that a particular breach of Duty Re: Effect caused the particular Adverse EMI Effect). 

For Canadian and American tort law – for the sub-categories of negligence, nuisance or product liability law – the risk of liability for any particular party relates to the likelihood of a court finding both a breach of duty and causation in the circumstances.  Based upon the consideration of a number of legal factors, the writer has concluded that for most of the Adverse EMI Effects which might occur within a hospital, the hospital itself is the party who would most likely be found to be in breach of duty (or most commonly be included within a group of defendants found to be in breach of duty) [6]. This risk is assessed as being modest but real. As a consequence, hospitals are advised to implement EMI risk abatement strategies that involve the management of their own EME.

wrongful interception

Doctors and hospitals have explicit and implicit legal obligations to maintain the confidentiality of the medical and other personal information of their patients.  Such obligations exist in common law (contractual relationship), equity law (fiduciary relationship [7]) and legislative [8] form.  Health information law principles go beyond merely ensuring that hospital staff do not wrongfully disclose patient medical information: Typically, hospitals will be held legally accountable for how medical information within their control is collected, maintained and used.  And, they must take security measures commensurate to the risk of wrongful disclosure and commensurate to risk of possible injury to their patients.  Thus, wireless security is a legal concern.

Historically, both technologically and legally, the security of wireless communications has had a low priority for the wireless industry, the federal regulator and the courts [9]. It was not until 1993 that amendments were made to the Criminal Code of Canada and to the Radiocommunication Act to effectively prohibit the wrongful interception and divulgence of wireless communications.  Under these amendments, two types of wireless communications became protected: (i) radio-communications which are “made over apparatus that is used primarily for connection to a public switched telephone network” (s. 9 (1.1) of the Radio-communication Act), and (ii) any telecommunications (including wireless) used under circumstances in which it is reasonable “to expect that it will not be intercepted….and includes a radio-based telecommunication that is treated electronically or otherwise for the purpose of preventing intelligible reception…” (s. 184. (1) of the Criminal Code).  Therefore, the wireless technologies and services being integrated into hospitals must fit within either of these provisions to be legally protected from wrongful interception and/or unauthorized divulgence of intercepted content.

radiofrequency exposure

Canada’s Department of Health has been issuing limits for human exposure to radiofrequency radiation for members of the general public and for communications workers since 1979, when it first published “Safety Code 6.” [10].  These limits, which were based upon international studies and upon the department’s own investigations, were updated in 1991 and in 1999.  These amendments reduced the recommended exposures for member of the public for particular frequency bands and adjusted most exposures to make them more frequency dependant (to account for differing body sizes and resonance factors).  While the Code does not have any independent legal status per se, it has mandatory application to federal public servants, to those federally-regulated workers covered the Dangerous Substance Regulations and to radiocommunication devices regulated by Industry Canada.

Upon analysis, the writer has concluded that, at present, the risk of liability for Canadian hospitals from lawsuits related to human exposure to radiofrequency that is within the limits of Health Canada’s specifications is very low.  Thus, hospitals should ensure that only Canadian certified wireless apparatus is installed.  Currently, the real risk to Canadian hospitals deploying wireless communications is likely to the consonance of their labour relations and/or public relations.  Much depends upon the public reaction to the results from the current round of international studies on the health effects from RF exposure and to renewed litigation within the U.S.A. on this issue. Canadian hospitals are urged to prepare a risk communication strategy suitably tailored to the health concerns of staff and patients.

conclusions

To best control for EMI-related legal risks, hospitals must learn to manage the discrete electromagnetic environment, which they control.  Secondly, hospitals must deploy state-of-the-art wireless security features (and review their effectiveness on a regular basis) in order to meet their legal obligations to take advantage of current wireless interception laws.  Thirdly, hospitals should prepare risk communication strategies, which will explain the RF exposure issue to their staff and patients.

REFERENCES

[1] It has been estimated that up to 98,000 patients die annually within the U.S.A. due to medical errors.  Many of these errors are due to miscommunications.  See: L.T. Kohn, J.M. Corrigan and M.S. Donaldson, editors, To Err Is Human: Building a Safer Health System, Committee on Quality of Health Care in America, Institute of Medicine, National Academy Press, 2000.

[2] R.J. Hoff "EMC Measurements in Hospitals" Proceedings of the 1975 IEEE International Symposium on EMC, (San Antonio, Texas, October 1975), pp. 5BIIc1 - 5BIIc5.

[3]  P. Boisvert., B. Segal, T. Pavlasek, S. Retfalvi, A. Sebe, P. Caron, "Preliminary Survey of the Electromagnetic Interference Environment in Hospitals" Proceedings of the 1991 IEEE International Symposium on EMC, (Cherry Hill, New Jersey, August 1991), pp. 214 - 219.

[4] Between 1984-2000 the Medical Devices Bureau of Health Canada received 36 reports of medical device malfunction attributed to EMI. From: Kok-Swang Tan, I. Hinberg and J. Wadhwani, Electromagnetic interference in Medical Devices: Health Canada’s Past and Current Perspectives and Activities,” within EMC in Healthcare: EMI Risk & Dealing With It, Special Session, IEEE International Symposium on EMC (Montreal, Quebec, 2001) pp. 1283-88.

[5] Using data collected between 1984-1995 for the Medical Device Reporting registry maintained by the U.S. Food and Drug Administration, FDA staff attributed 576 of approximately 150,000 incident/malfunction reports to electromagnetic interference.  From: D. Witters, S. Portnoy M.D., J. Casamento, P. Ruggera, and H. Bassen, “Medical Device EMI: FDA Analysis of Incident Reports, and Recent Concerns for Security Systems and Wireless Medical Telemetry”, within EMC in Healthcare: EMI Risk & Dealing With It, Special Session, IEEE International Symposium on EMC (Montreal, Quebec, August 2001) pp. 1289-1291.

[6] For a more complete analysis see:  D.A. Townsend, “Exploring Legal Accountability/Liability for Electro-magnetic Interference Problems” Medical Devices Bureau: EMI Round Table Sponsored by Health Canada; (Ottawa, Ontario, September 1994).

[7] See, for example, the case of McInerney v. MacDonald (1992), 93 D.L.R. (4^th) 415 (p. 423)  (S.C.C.)

[8] The federal government and most provinces and territories in Canada have passed privacy legislation.  Many provinces have enacted privacy legislation explicitly applicable to medical information. 

[9] In the case of Regina v. Pitts (1975), 29 C.C.C.(2d) 150, a Canadian judge likened using wireless communications to standing on a street corner and shouting.  As such, it offered no expectations of privacy.

[10] “Recommended Safety Procedures for the Installation and Use of Radiofrequency and Microwave Devices in the Frequency Range of 10MHz-300GHz,” Health and Welfare Canada, publication 79-EHD-30, February 1979