The vendors of 3D printing software and services must be careful to avoid encouraging users to violate the patent, copyright or trademark of others.
Manipulate an Image
Imagine a software vendor tells kids to:
1. scan a 3D image of their favorite toy vehicle;
2. use the software to manipulate the image to add cool new features, like wings or monster tires; and
3. print a model of the manipulated image.
The maker of the original toy might have a claim against the software vendor for inducing the kids to violate intellectual property.
Toymakers often claim copyright and trademark protection for their toys. But when kids make reproductions of the toys, they may be violating that protection.
Tort
Widespread encouragement for kids to violate IP may constitute illegal inducement.
Courts have recognized a tort for inducing others to violate intellectual property. Music companies, for example, won a judgment against peer-to-peer network Limewire for inducing users to make unauthorized copies of music. Evidence in the case showed that Limewire intentionally targeted music pirates for membership and use of its service.
Many New Manufacturing Technologies
This tort issue applies not just to 3D printing. It applies to all of the many new technologies that enable localized, custom, computer-driven manufacturing. One such technology is the stonemaker, which makes unique, precision stones on-location at a construction site. The shape and other features of each stone are dictated by software. Imagine a home owner using the stonemaker, and software templates from an "intellectual property pirate" to make stones depicting copyrighted figures, like Disney characters.
Local laws such as state physician licensing rules have limited the adoption of telemedicine. But the practical effect of some limitations is eroding under new technology and patient civil rights (privacy and free speech).
New Telemedicine Technologies
An online patient can retain increasingly sophisticated services from a physician outside the patient’s state, even outside the country.
The modern patient has a growing array of channels for interacting with a remote physician (or a team of physicians knit together via social media). Webcams, mobile apps and monitoring devices that work with smartphones are collecting diagnostic data that can be transmitted to a physician anywhere in the world. The patient can easily provide laboratory results to an online physician.
Clinical Patient Image
Patient and physician can engage a rich, extended relationship with little or no direct physical contact. For example, a mobile app reliably evaluates skin moles by forwarding photographs to board-certified dermatologists.
Telemedicine will marry up with medical tourism, the growing practice of traveling to another country to access medicine or health service that is either forbidden or more expensive in the home country.
Patient Privacy
Does a physician in Japan need to be licensed in Oklahoma to treat an online patient located in Oklahoma? The answer is very possibly yes. However, if the physician – out of respect for privacy – never inquires as to the patient’s location, how can the physician know he needs a license in Oklahoma?
Depending on the services being rendered, the physician need not (for purposes of care) know the identity or location of the patient. The patient can be anonymous, or identified without location.
Patient privacy does matter. Privacy is more than just an excuse to skirt local physician licensing laws. Privacy is a legal and ethical imperative, which is accorded growing importance today. In the case described here the patient and the physician use technology in a way that promotes the socially-desirable goal of patient privacy. The patient is getting treatment in a way that prevents outsiders from knowing about it.
Patient Data Security
Reducing the amount of patient identifying information also promotes data security. Like patient privacy, data security is more than just an excuse for the physician to avoid being licensed in the patient's home location.
Like patient privacy, data security is a legal and ethical imperative, which is rising in priority in this age of computers. Data security is very difficult and expensive for health care providers. Chilling stories about data breaches at health care providers are abundant.
Demanding new laws require healthcare providers to protect patient data. The goals of those laws are achieved when a physician knows the patient only by a pseudonym or user ID and the physician is ignorant of the patient's location. A data breach would not expose information that could identify the patient to the outside world.
Small Target for Local Authorities
If the online physician, licensed and operating from Japan, truly treats patients from around the world, he is probably not much of a target for investigation and enforcement by authorities in Oklahoma.* He is likely not to have many patients in Oklahoma.
That’s not to say Oklahoma law does not apply. It probably does. Also, a Japanese physician who commits malpractice can probably be sued in Oklahoma courts.
Mitigation of Risk
The physician may be able to mitigate his risk with explicit terms of service accepted by the patient: The physician is providing only information, like a second opinion, and assumes the patient will get direct care from a local physician.
Asynchronous Interaction
The physician might further mitigate his risk by interacting with the patient only through recordings, not real-time. By making the interaction non-real-time (asynchronous), the physician emphasizes that his input is merely information, merely a second opinion. And the physician de-emphasizes his responsibility for any emergency (e.g. the patient faints) that could arise if the physician were treating the patient in real-time.
Anonymity and Asynchronicity Influence Regulation
Physician interaction with an anonymous, asynchronous patient is different from traditional medical care.
When physician interacts with anonymous patient only through recordings, the physician-patient relationship becomes less emotional and more abstract, more intellectual. It places more control into the hands of the patient, allowing the patient to shop around for input and opinions. It allows the patient to shop among multiple physicians, or even non-physicians and artificial intelligence systems like IBM's Watson.
The justification for regulation of such interaction is different compared to that for traditional face-to-face medical care.
First Amendment Right to Freedom of Speech
Over regulation of anonymous, recorded interaction will bump against free speech, First Amendment rights. Recorded interaction seems like patient telling a story and listening for a reply. Telling a story and listening for a reply is the essence of free speech. Our society reveres free speech and is reluctant to let government restrain it by regulation.
In other words, when an anonymous patient in Oklahoma is interacting through asynchronous recordings with a physician in Japan, the State of Oklahoma must clear a high burden to prove that it needs to regulate and restrain that interaction. If the State cannot clear that burden, then its physician licensing regulation will violate the First Amendment and be unconstitutional.
Mr. Wright teaches the law of data security and investigations at the SANS Institute. (As with all of Mr. Wright's public statements, the purpose of this post is public discussion and not legal advice. If you need legal advice, you should consult your lawyer.)
*The exception is a case like that of Christian Hageseth. He was a physician in Colorado who in association with an online pharmacy prescribed psychiatric medication for a California patient. The physician’s contact with the patient was only an online questionnaire, filled out by the patient. The patient committed suicide. The physician was not licensed to write the prescription even in Colorado. California prosecuted him for practicing in California without a license.
