Introduction
This article examines the legal and ethical implications for the growth of the metaverse in healthcare. A metaverse is a 3D virtual space accessible online using virtual reality (VR), augmented reality (AR) and other devices. Individuals can enter the metaverse as avatars to explore it, conduct economic activities, join communities, and more. Facebook founder Mark Zuckerberg helped to popularize the term in 2021 when it was announced that the company would be renamed, Meta.1 In 2023, Apple announced its “spatial computing” Vision Pro headset, which underscores the significant continued investment of major corporations into this space.2 However, virtual worlds have existed for decades, and the public has enjoyed the use of VR and AR for some time. The application of healthcare in the metaverse has been called the “medical metaverse” or “meta-medicine.”Reference Sun3 This article proposes that meta-medicine will involve an extension of the legal and ethical issues that have arisen in research on virtual health communities, telehealth, and artificial intelligence (AI) in healthcare.4
There has been experimentation with virtual communities since the 1990s to provide information and access to support groups for patients. Those virtual communities were more rudimentary than the current possibilities offered in the metaverse, such as a simple website or specific virtual environments created for a small group of patients. As virtual care has expanded, a significant link has been found between patients who frequently use virtual communities and the positive effect that use has on their relationship with their doctor.Reference Audrain-Pontevia, Menvielle, Menvielle, Menvielle, Audrain-Pontevia and Menvielle5 There is also a significant correlation between the time spent in virtual health communities and the positive attitude that patients have towards their doctors.6 Broader virtual care has existed through video telemedicine for many years, but the COVID-19 pandemic led to its proliferation to navigate the hurdles of delivering in-patient care. Indeed, there was an increase from 43 percent to 95 percent of healthcare facilities able to provide telemedicine services in the United States (US) following COVID-19.7 This ability to meet and diagnose patients remotely will persist in the metaverse but will involve next-level immersion through VR and AR, opening up a range of new possibilities.8 Virtual hospitals are likely to increase, offering counselling and physiotherapy initially, but more applications are likely to follow.9
This article has three modest aims. First, it examines the growth of virtual health communities in recent decades and highlights the legal and ethical issues that arose with their application. Second, it explores the growth of “meta-medicine,” determining that there are a plethora of potential healthcare applications in the metaverse but that the technology is at a very early stage of development. As such, it is not clear which applications will become embedded in clinical practice. Third, it maps out several legal and ethical issues that future research ought to contend with should meta-medicine become a mainstream reality.
In this regard, the metaverse could represent the next frontier of technology in healthcare, where virtual communities and telemedicine merge into a more sophisticated healthcare offering powered by AI. While the growth of any technology is notoriously difficult to predict, one estimate concludes that healthcare in the metaverse could be worth $71bn USD by 2030.10 Meanwhile, 80 percent of healthcare executives expect the metaverse to impact their organisations positively.11 Digitization in healthcare also has a strong business case. Namely, the focus on prevention instead of reacting to problems once they arise, the need to educate patients up front rather than prescribing drugs, and the need to coach and advise patients instead of providing care. Ultimately, digital health care involves moving from a risk-based approach to a prevention-based approach.Reference Mestres, Menvielle, Audrain-Pontevia and Menvielle12
This article has three modest aims. First, it examines the growth of virtual health communities in recent decades and highlights the legal and ethical issues that arose with their application. Second, it explores the growth of “meta-medicine,” determining that there are a plethora of potential healthcare applications in the metaverse but that the technology is at a very early stage of development. As such, it is not clear which applications will become embedded in clinical practice. Third, it maps out several legal and ethical issues that future research ought to contend with should meta-medicine become a mainstream reality. Namely, issues on licensing and jurisdiction of doctors and providers, the quality of information and informed consent, data bias, privacy and security concerns, and medical liability. The main literature in the field arises from scholars in the US and Europe, and so the ethical and legal analyses primarily rely on those sources to identify the pertinent issues. Building on that literature, it will be seen that significant legal gaps exist in this field. As such, international collaboration between policymakers, lawmakers, and researchers is required to regulate this space and facilitate the safe and effective development of meta-medicine. Other legal issues will arise (such as intellectual property (IP)), but those issues are beyond the scope of this paper.
It is important to note that this paper is about a prospective issue. While there have been medical applications in virtual communities, and significant investment is being poured into developing the metaverse, it is not used generally in practice at present and may ultimately fail. Group counselling can be conducted in the metaverse, but an x-ray cannot be taken there, nor can a broken bone be fixed.13 One cannot help being cynical about the prospects of patients purchasing and using VR/AR devices to meet with their healthcare provider. Many clinicians may also be reluctant to integrate virtual care into their clinical practice.Reference Eftychiou, Morr, Menvielle, Audrain-Pontevia and Menvielle14 Indeed, the technology is very limited at this stage and is unlikely to replace healthcare professionals nor be accessible to patients owing to costs.Reference Simon and Shachar15 The extent to which insurers will cover meta-medicine will also be a hurdle. However, that is not to say that the potential legal issues should not be examined at an early stage. The legal sphere often catches up to technological developments after the fact, once they have been implemented, potentially used widely to help patients, or caused harm to individuals that do not have robust legal avenues for redress. This article is an attempt to pre-empt that commonly walked path. It is within this context that this research ought to be viewed.
1. The Development of Virtual Communities in Healthcare
The concept underlying the metaverse is not new to healthcare. Virtual communities (VCs) have existed for more than two decades. They are online communities with groups of users that meet and communicate to achieve a specific goal.Reference Morr, Eftychiou, Menvielle, Audrain-Pontevia and Menvielle16 VCs are more basic than the metaverse, but the challenges are somewhat similar. The main distinction between old and new technology is the degree of sophistication, immersion, and level of risk.
An examination of the technology’s evolution can help place current challenges in their historical context to comprehend the ethical and legal hurdles posed today. Studies have examined VCs for many years but have tended to neglect specific considerations for Health Virtual Communities (Health VCs), such as the health conditions of patients and the usability of software and hardware for those patients.17 Health VCs began to emerge in the late 1990s when research considered the potential of interactive health communication (IHC) to augment the information and support provided by healthcare professionals to patients.Reference Jimison18 They examined patients’ potential use of databases, educational tools and online support groups.19 Several studies in the early 2000s also examined specific sub-fields within Health VCs. Leimeister et al. discussed mobile virtual healthcare communities as a solution for meeting cancer patients’ needs for information and interaction.20 In such communities, patients can exchange views about their medication, doctors, therapy, and personal experiences.21 Doing so bypasses the need for in-person self-help group meetings, which patients may not want nor be able to attend physically. In that study, it was proposed that the Health VC could create both private and public “rooms.”22 The private space would enable users to store private information, documents and links, and have private communications with those they invite. A public room would enable information to be shared across a community.23 These applications were more technologically complex than the face-to-face interactions that preceded the use of Health VCs. That complexity introduced ethical and legal conundrums.
Even at that early stage, researchers were confronting the issue of trust between members and trust of information.24 Questions were raised about data and information standards, medical information privacy, confidentiality, and security.Reference Patrick25 There were considerations about the appropriate limit of VC policies for governing interactions between participants in their different roles.26
From those initial seeds, more complex systems emerged. There was “Zora,” a graphical computer environment for physically ill adolescents going through transplantation.Reference Bers27 Children could create their own online 3D virtual space, interact with peers, and express their needs, desires, fears, and feelings.28 Users could create 3D objects and narratives to communicate their ideas and research on transplantation.29 They could learn about medication adherence and relevant clinical issues.30 The benefits were marked for some children who became more comfortable in face-to-face meetings with doctors and were more confident speaking about bad experiences.31 For example, one child became more comfortable than normal and made jokes about a previously bad experience with a biopsy. The only change in that child’s life was the use of Zora and their interaction with other children which, for the first time, made that child “normal”, not the “transplant kid.”32 Underpinning the interactions online was a code of conduct with rules on good behaviour, protecting privacy and the requirement to report any unsafe events to project coordinators.33
Another study developed a virtual environment for diabetes self-management called SLIDES (Second Life Impacts Diabetes Education and Support).34 SLIDES had virtual buildings (such as bookstores, restaurants and more) that individuals could enter as avatars. The avatars could interact with a grocery store stocked with virtual items providing nutritional information, exercise in a gym (for the user to mimic at home), and access to classes with diabetes educators and other participants who had diabetes.35 Users could overcome barriers with diabetes self-management training and support in the real world, where meetings in physical clinics or classrooms are often disconnected from participants’ real worlds or daily lives.36 Other attempts at bringing participants to real grocery stores to educate them about self-management of their diabetes faced hurdles with transportation, costs, time, and schedule.37 Participants were positive about the informational resources available, social interactions, and shared experiences of others with diabetes.Reference Johnson38 Indeed, social support was deemed by participants to be very significant in their disease management.39 The feelings of copresence and the ability to communicate synchronously in real-time facilitated bonding, social learning, and the understanding of content.40
Other systems falling within the Health VC rubric were not as complex as 3D interactive virtual worlds, such as websites with interactive features. One study examined the use of a Community Platform Engineering Process (CoPEP) for cancer patients in Germany.41 The platform was created with orientation, information, communication, and participation sections.42 Thought was given to the type of communication that would best serve breast cancer patients. Thus, priority was given to services that emphasised empathy, experience reports, and personal guest books on “how to deal with cancer.”43 Overall, patients found that communicating with each other was an important advantage against traditional offerings within the healthcare system. Self-help groups were a source of hope and confidence on the road to recovery.44
The limitations of CoPEP included legal restrictions on virtual counselling at the time of the study, the difficulty in recruiting volunteer experts, monitoring experts’ answers for quality assurance purposes, and some users’ lack of comfort using the internet.45 On quality assurance, the developers enlisted the help of an organization with expertise in designing transparency criteria to ensure the quality of health information, including transparency about the provider.46 The core information for patients was provided from one source (the German Cancer Research Centre). That information was treated differently from the information provided by external experts. There was also segregation of scientific and user-generated content because patients might not be aware of what information was fact or opinion.47
To overcome legal barriers for telemedicine at that time, “ask the expert” sessions were created with different themes, where a specialist would answer questions, giving information that is generally accepted knowledge that had to be cited with the relevant literature.48 Despite these requirements, many experts did not meet the standards required. They often suggested to patients what they should do or what medicines they should take or used complex language that patients would not understand.49 Other transparency mechanisms were implemented on quality assurance, including a “last updated” stamp on information provided, an option for feedback, an “about us” page, and a community manager to moderate forums.50
Another study developed a Comprehensive Health Enhancement Support System (CHESS) for HIV-positive patients to access information, decision support, and connections to patients and doctors.Reference Gustafson51 Where use of the system was sustained, this led to improvements in negative emotions, social support, and participation in healthcare.52 There was also evidence that users became more “efficient consumers of health care.” When meeting with healthcare professionals, CHESS users were better prepared with questions, had clearer expectations, and felt more empowered to raise questions.53 Further, CHESS users had fewer and shorter hospitalizations because they were more aware of early symptoms of illnesses and sought early treatment because of the information contained within the system.54 Important concerns with the system were data encryption and whether information shared between users should be reviewed.55
Overall, these health VCs have been used in narrow contexts to assist groups with specific illnesses.Reference Partridge56 The purpose has been to bring together those groups on virtual platforms to share important information about their condition and foster a supportive community. The applications have been limited to small studies, but patients found those communities beneficial to their care. Furthermore, while each study was dealing with bespoke communities, there were common concerns raised by that earlier research, such as data privacy, data security, confidentiality and the quality of the information provided on the platforms. Looking to the future, the challenges underlying VCs could be amplified and broadened in the metaverse.
2. The Growth of the Metaverse
Some scholars have argued that the metaverse is the “next generation of social connection.”Reference Hwang and Chien57 It is a “3D-based virtual reality in which daily activities and economic life are conducted through avatars representing the real themselves.”Reference Kye58 In this realm, individuals can socially engage, discuss issues, learn from peers and solve problems.59 The metaverse is shared, persistent, and decentralized, and requires artificial intelligence (AI) to enable the world to operate according to the creator’s rules.60 The metaverse is shared because it involves a community of people interacting rather than individuals. It is persistent because individuals can “live” in the space, conduct real work, own property, and learn information. It is not merely a game that enables one to interact with others using a new identity. It is decentralized because blockchain technology is needed to secure economic activities within the space by ensuring proper accountability for property ownership that cannot be tampered with.61
The medical metaverse is constructed in four stages. First is a holographic construction, which is a virtual world model with virtual hospitals, medical equipment, and objects. Second is a holographic simulation using avatars to represent real people and the input of information into the metaverse using sensors in the real world. Third is the fusion of virtual and real, which involves using Virtual Reality (VR) or Augmented Reality (AR) devices to communicate with patients in the metaverse, collect information in real-time and superimpose that information virtually. Fourth is the virtual-real linkage, which involves the gradual development of more intersections between the virtual and real worlds, leading to new concepts and methods in meta-medicine.62
This model is manifested through hardware and software in various ways. AR provides realistic content using location-based technology applied through smartphones or vehicles (for example, the game Pokémon Go!).63 Wearables such as the Apple Watch enable “lifelogging” to capture, store and share experiences and information about people.64 GPS technology and maps enable a “mirror world” to represent the real world (for example, Google Earth).65 VR headsets enable immersive access to virtual worlds where individuals can be represented as avatars that conduct activities within that world, such as Minecraft and Sandbox.66 Together, this technology allows for the development of alternate worlds that can provide immersive experiences that contribute to a more efficient and effective medical ecosystem.Reference Cacho-Elizondo, Alvarez, Garcia, Menvielle, Audrain-Pontevia and Menvielle67 Of the different manifestations, meta-medicine has seen more VR and AR-related applications than lifelogging and the mirror world, which are still developing, but all are relevant.68 It has been argued that their use “can support a giant leap in the wellbeing of mankind.”69 However, it must be emphasised that the technology is at a very early stage and should not be overhyped. The reality is that meta-medicine may never take off and will very much depend on whether the technology can provide a consistently viable alternative to in-person care.
At present, these technologies have been used for physical examinations, self-care, and geriatric nursing, diagnosing and treating diseases, drug-device therapy, surgery, hospital management, disease prevention, and medical education.Reference Yang70 In specific sub-fields, the technology can assist in distraction therapy, exposure therapy, remote robotic surgery, disaster training, telemedicine, personalized prosthetics, pain relief, and more.71 Many of these applications are possible through VR and AR, the core difference between them being the level of immersion. VR surrounds the user completely in a virtual world using a headset, whereas the user remains in the real world in AR by using a device with a camera (e.g., mobile phone) that overlays objects onto the real world that one can view by looking at the device. VR has good potential for improving surgical techniques using detailed virtual models of the patient’s anatomy. Doctors can see the body and organs of the patient digitally from different angles.Reference Javaid and Haleem72 Consider also the potential for AR. Currently, CT scans for early-stage lung cancer screening can be shared with the cloud for processing by AI, which can provide recommendations on diagnosis.73 In the future, such scans can be integrated into the metaverse using AR glasses.74 The expertise of the AI system could guide the physician wearing those glasses at all times and in all settings.75 There is also diminished reality (DR), a subset of AR. Whereas AR overlays elements onto the real world, DR eliminates real objects through the interface.76 For example, surgery aids can eliminate a scalpel from a surgeon’s hand so they can clearly see the area they are operating on.77 Mixed reality (MR) is where the technologies converge. Some VR devices use cameras to enrich elements from the real-world using AR technology.78 In recent years, more technologies have moved in this direction such as Apple’s Vision Pro or Meta’s Quest Pro. These devices embed cameras into their headsets to provide an image of the user’s immediate surroundings and overlay objects into the user’s space using the headset.
Using these technologies, the metaverse can provide holograms of the body and its organs and can simulate the hospital environment allowing patients to take a tour before they arrive. Avatar-based doctor-patient telemedicine consultations can be conducted in the metaverse regardless of location.Reference Zeng79 Doctors can use this technology when meeting patients to provide information before a procedure or important instructions before discharge.80 Patients can better describe their symptoms which is helpful for diagnosis.81 For example, in ophthalmology, cameras can be used to simulate the anatomy of a patient’s eye so that symptoms can be annotated adjacent to medical images.82 This annotation and comparison helps doctors and patients examine symptoms precisely.83 For treatment, VR can treat phobias, adjust prosthetic appendages, and improve pain control and motor rehabilitation.84 In emergencies, AR can allow first responders to see all emergency equipment in the immediate vicinity, saving time. Virtual disaster environments can be created to train first responders.85
Where “lifelogging” aspects are integrated into a service, there can be even greater immersion using wearable devices, the internet of things (IoT) and social media. Wearables allow for communication “with the user’s internal sphere.”86 For example, mHealth devices with apps help patients to manage their conditions, such as diabetes.Reference Rose, Menvielle, Audrain-Pontevia and Menvielle87 These apps help patients set goals, track progress, and provide guidance, with information collected automatically or manually.88 The IoT allows for communication between objects in the real world, and social media allows people to share experiences in the digital space.
For proponents, all these aspects can be integrated into the metaverse in a manner that extends far beyond the Health VCs initially developed in the late 1990s. Yet, one cannot ignore the somewhat experimental and exploratory phase that meta-medicine is undergoing. The metaverse is at a very early stage in healthcare, and it is unclear which technologies (if any) will become used with a degree of consistency in practice. Nevertheless, it is helpful to pre-empt some potential ethical and legal concerns that could arise should meta-medicine become more embedded in clinical practice. If the metaverse moves beyond the scope of studies above that used virtual communities for informational purposes and self-help groups towards covering doctor-patient interactions, clinic visits, prescriptions, surgery and more, then more complex legal considerations will apply. Of course, this may not happen, but the levels of investment should not be ignored, and the law should develop in step with any advances, rather than being reactive to concerns after the fact once a patient has been harmed.
3. Ethical and Legal Challenges in the Metaverse
This section examines several ethical and legal challenges. Because the metaverse combines VC telemedicine, and AI technologies, the approach here is to refer to the relevant issues by analogy to those literatures. In some cases, the legal issues are merely replicated in the metaverse context. However, this article highlights where the metaverse poses new or additional legal challenges that ought to be examined in future research. The primary legal and ethical concerns arising from the relevant literature are jurisdiction and licensing, quality of information and informed consent, data concerns, and medical liability. Ultimately, these challenges emphasise the need for international collaboration in this area owing to the multitude of inconsistent rules alongside the likelihood of cross-border healthcare being delivered. It is beyond the scope of this paper to cover other legal issues such as IP, but the purpose here is to provide a foundation and reference point for further research.
3.1 Jurisdiction & Licensing
The legal concerns that arise in the telemedicine space arguably apply to meta-medicine with layers of added complication. If a healthcare provider or professional were to create a space within a metaverse to provide healthcare to an individual remotely, they would be practising telemedicine. Of course, there are distinctions. A hospital provider may procure software and services from a metaverse provider to offer telemedicine services to patients directly. How that setup would work in the metaverse context would depend. A metaverse service could be procured in the same way, or a provider/doctor could sign up to a metaverse and create a service within it which patients could access. More research will be required on the importance of such distinctions in the future. For now, the challenges that arise in the current telehealth context will be considered. In this context, one can consider harms caused by the doctor (and the respective licensing regime governing that doctor), and harms caused by the metaverse service provider (and the respective law governing that service provider or the contract between the service provider and users).
For the doctor, one could envisage an incorrect diagnosis or treatment recommendation being given to a patient online that ultimately causes harm. For example, the doctor fails to hear important information from the patient because of a system glitch with the sound, or they misdiagnose a cancerous skin lesion because the image quality viewed through a VR headset is poor. Indeed, misdiagnoses make up the bulk of liability claims in the telemedicine sphere.89 In many jurisdictions, telemedicine can only be provided with the specific permission of a regulatory body or ministry. Following the COVID-19 pandemic, many authorities relaxed the requirements for practising telemedicine to overcome the acute challenge of delivering in-person care at that time. Where telemedicine is practiced in the same jurisdiction as the patient, this poses few legal challenges concerning redressing harm. That jurisdiction’s laws will protect the patient and hold the healthcare professional accountable. For example, if a doctor in London provides telemedicine to a patient living in London, then there is no difference legally from the situation where the patient went to the doctor’s clinic (although, there will be additional practice considerations for the doctors to take into account, such as the limitations of diagnosing a patient remotely, informed consent, and more). Matters become more complicated when telemedicine is practiced cross-border, for example, a doctor in London offers care to a patient in Lisbon through the metaverse and harm ensues. Healthcare professionals must be licensed to practice, and offering healthcare without such a license would be an offense. However, there are no universal or consistently applied laws or guidelines on telemedicine provided by doctors in one jurisdiction to a patient in another. Some jurisdictions require the doctor to be licensed in the country where the patient is located. Others only require that the doctor has a license to practice in their own country to provide care to patients abroad.Reference Solaiman90 In the EU, regulations regarding telemedicine and their application are inconsistent.Reference Raposo91 There are also different rules for the cross-border provision of telemedicine in the states and provinces in the US and Canada.Reference Sao, Gupta, Gantz and Cohen92 Some states stipulate that jurisdiction is based on the patient’s location, meaning that the doctor must be licensed there. Other states only require that the physician be licensed in their location.93 The UK allows doctors abroad to provide telemedicine services to patients in the UK, provided they are licensed in their own country.94 These divergences pose significant challenges for patients seeking redress. Much will depend on the rules of the given jurisdiction where the doctor is licensed. In practice, the reality for many patients may be that they have no redress for harms because of the complexities involved in pursuing the wrongdoer in another jurisdiction.
These challenges extend to the metaverse where doctors in one country are accessing servers in another country to provide services to patients in the patient’s country. In this way, unless the doctor, the server and the patient are all located in the same country, cross-border care will be a common feature of the metaverse. Of course, there are benefits to this, such as the ability of patients to meet with a doctor of their choice in a centralized and controlled environment, and for doctors to broaden their practice. However, the legal grey areas identified above concerning telemedicine will persist in the metaverse because the conundrum is similar. To provide clarity for these grey areas, there ought to be international collaboration at a high-level to establish international norms and rules.
Another consideration is the harm caused to the patient because of some failure of the metaverse provider rather than the healthcare provider. For example, a data breach of identifiable patient “lifelogging” information such as heart rate or blood pressure stored on a metaverse server. In telemedicine, there is a contract between a telehealth software vendor and the healthcare provider using the service. Those contracts are often one-sided, with the vendors including clauses to limit their liability, leaving the healthcare provider largely financially responsible where a vendor’s actions cause harm.95 In the US, telemedicine malpractice insurance may cover damages arising from these or other issues. Such insurance may merely be replicated in the metaverse with data breaches being ultimately covered by liability insurance.Reference Bruhn96 However, beyond the US, the paradigm internationally is unclear, which is unhelpful for patients in other countries. This also leads to the question of whether a patient could bring a claim against the metaverse provider instead.
However, the answer to that question is equally problematic for two reasons. First, a patient will have a different “legal relationship” with a metaverse provider than a healthcare provider. Second, a metaverse may not be restricted to one server in one country but a multitude of servers in different countries, which raises complex “legal jurisdiction” questions. It has been proposed that the principles of international law on simulation and territorial jurisdiction are the pertinent considerations for these two problems.97 Simulation answers the “legal relationship” question. It refers to users (patients) agreeing to “end-user licence agreements” (EULAs) with the metaverse providers, which is essentially a contract.98 The problem for patients is that they will often be bound to one-sided terms they seldom read or understand. Those terms may not offer the sufficient protections one would expect under medical law such as rules on informed consent. Yes, the patient may be protected by the norms of informed consent expected of the healthcare provider, but as it was noted above, cross-border telemedicine protections for patients are also weak. The problem for patients could, therefore, be compounded. A patient may have little practical recourse against a healthcare provider, and it is difficult to envisage how patients might enforce their rights against a metaverse provider for harms caused where those harms are not covered by that contract. International collaboration will be needed to determine what protections patients should have in this context and how they will be able to enforce them.
Territorial jurisdiction refers to the acts that are covered within a particular country, which is helpful for the challenges posed by having multiple servers in a metaverse. Here, the physical location of the offending metaverse provider may be the primary factor even if the harm arose from an act on a server in another country. The state and courts in the metaverse provider’s location may have the jurisdiction to enforce the law.99 For patients, this could mean enforcing their rights in the jurisdiction where the metaverse provider is based. Another principle under territoriality is the nationality principle, where nationals of a country are subject to its laws regardless of their location. This could have the same effect for patients enforcing their rights because they would seek redress in the country where the metaverse provider is incorporated.100 There is also the passive personality principle, where a state can apply its laws against foreign nationals committing acts in its country. For example, the US courts have jurisdiction over the acts of foreign nationals located abroad that have effect in the US.101 Again, it is not clear how a patient would enforce their rights in this context. These diverging pathways emphasise the need for international collaboration to provide clear avenues for patients seeking to enforce their rights.
Thus, in all likelihood, the dichotomy that arises in telehealth will merely be replicated in the metaverse but with greater complication. This is problematic for patient safety and the redress of harm. Patients may have protection from the contract with the metaverse service provider, the licensing regime in the patient’s country, or the courts in the doctor’s country. However, a complicated broad-scope contract with a metaverse that offers many services will unlikely appropriately cover the specificities of a doctor-patient relationship under medical law. The other approaches are also problematic because it is unrealistic for patients to understand mechanisms for redress for interactions with doctors they have met through the metaverse located abroad. The current menu of options offers no clarity or certainty for the patient, who should have a clear and streamlined mechanism for rectifying wrongs that are backed by the standards of care expected in such interactions. Perhaps the mechanism could take the form of a licensing system, but collaboration at an international level will be required on how best to regulate cross-border telemedicine and health services offered to patients in the metaverse.
Another option could be to restrict patient access to healthcare in the metaverse only through their local healthcare provider based in their jurisdiction. The local healthcare provider would be required to have a robust contract with the healthcare provider in the metaverse and be ultimately responsible for harms that arise. The benefit of this approach is that the patient may gain access to specialized knowledge from a doctor in another country that their doctor does not possess, while being protected by the regulatory rubrics established in the patient’s own country. This is the approach encouraged in New Zealand for telehealth consultations.102 Another more radical option could be to have an international treaty that creates an authority for providing telehealth licences globally accompanied by an online court for patients to enforce their rights.
Many of these big picture concerns about licensing feed into specific concerns about patient autonomy, informed consent, and medical liability. Different countries have different legal approaches to the standard of care. However, doctors generally must afford due care to the patient, acting in a manner that would be deemed proper by medical professionals.103 The actions of telemedicine providers and doctors could mean that patients are not being afforded an adequate standard of care. One example in this context is the quality of information and informed consent. In English medical law, it is a general principle that there can be negligence where insufficient information is provided to a patient about the risks of treatment.104 This informed consent risk also arises in the metaverse, as can be seen below.
3.2 Quality of Information & Informed Consent
Similar concerns on information and informed consent in VCs apply in the metaverse. Patients must be given accurate, adequate, and appropriate information to make an informed decision about their care. Concern has been expressed about the quality of medical information contained in virtual communities.Reference Tep, Dufresne, Senecal, Menvielle, Audrain-Pontevia and Menvielle105 In the telemedicine context, a doctor may not be able to fully comprehend a patient’s medical concern without an in-person examination, or the service provider may not provide sufficient information about the telemedicine services they are using.Reference Kayyali106 There are also broader questions about the lack of real-world face-to-face contact in the metaverse for the doctor-patient relationship.107 Paternalism has given way to patient autonomy in a consumer-driven medical environment, but greater reliance on private entities to provide private virtual care powered by AI technology may erode the powers of both doctors and patients and the quality of their relationships.Reference Shutzberg108 It is beyond the scope of this paper to examine the issue of autonomy in detail, but future research should consider what the metaverse might mean for the medical paternalism/patient autonomy paradigm.
In the AI context, there is a question about the extent to which doctors should educate patients about the complexities of AI.109 Where AI powers the metaverse, the same questions arise in addition to the education needed to use it. Indeed, it has been noted that there must be a certain level of eHealth literacy for online health resources to be helpful, requiring a computer, health and scientific literacy, among other things.Reference Cumming, Menvielle, Audrain-Pontevia and Menvielle110 At this stage, technologies necessary for the metaverse, such as AR, have not achieved widespread commercialization meaning that costs are high, and it remains technically challenging to establish AR/VR in a clinical setting.111 For the few cases where the technology is used, there will be pressure to develop some educative content for patients using it for the first time. However, there are no guidelines for standardising the use of metaverse-related tech.112 There is no generic training for the field nor quality control systems that comport with any international standards.113 There might also simply be a lack of knowledge and interest from patients and doctors for the metaverse to be successful.
If the metaverse is utilised, deeper considerations about the adequacy of the technology for treatment and diagnosis arise. The metaverse could overcome the problem of adequate information and diagnoses because AR/VR, wearables and other tech could provide vivid details about a patient’s condition that has not been possible using basic video telemedicine. In some cases, where everyone has the proper equipment, those challenges can be overcome. Yet, in reality, most consultations will not use the metaverse for the foreseeable future, owing to the technical challenges of using VR/AR. Cameras, temperature, and pressure sensors will need to be of sufficient quality for medical use.114 The devices must also be highly reliable to be used in the operating room, but VR/AR are at a relatively early stage of development.115 The devices must also be useable and comfortable. VR headsets tend to be heavy, causing pain to the neck, and can induce nausea for some users, which is not viable if they are to be used in health for seeking and providing information. AR has a limited field of view that must be factored into its use. User interfaces must be designed with these factors in mind. Otherwise, proper information cannot be obtained.116
Further, a significant concern in the VC literature has been the “quality of information.”117 Patients may be misinformed or unable to apply the information they have to their specific case, which can equally occur in the metaverse.118 In one study on VCs noted above, “ask the expert” sessions became problematic because of the poor standards of those experts who often made suggestions to patients about what they should do or what medicines they should take, or used complex language that patients would not be able to understand.119 Further, where apps are used to transmit information to the metaverse, there is a risk of sharing inaccurate information that could be harmful.120 Where an app contains information, it may not be up-to-date with the latest evidence nor be developed in conjunction with medical specialists, meaning that evidence might be lacking.Reference Zhang, Ho, Menvielle, Audrain-Pontevia and Menvielle121
These concerns all feed back into the risk that patients may not have adequate information for providing consent. Clear guidance is needed for parties engaged in telemedicine, including remotely.Reference Dratwa122 The future may necessitate new governance arrangements and scientific oversight at an international level requiring the institution of virtual ethics committees, of evaluation protocols and technical solutions to ensure virtual informed consent.123
3.3 Data Concerns
Issues surrounding data have been noted since the development of virtual health communities that raised concerns about data security, privacy, and patient safety.124 Those concerns about the use of data can be divided into three areas. First, discriminations inherent in data that is used to train AI systems that power the metaverse (an ethical concern).125 An AI-powered recommendation could replicate biases that were contained in the data used to train it. For example, pulse oximeters measure levels of oxygen by aiming an infrared light at the skin. However, skin colour affects those readings which systematically leads to oxygen saturation levels being overestimated in non-white patients.Reference Norori126 An AI system trained on the datasets obtained from such readings could replicate those errors, which could lead to incorrect recommendations given to patients in the metaverse, causing harm. The main recommendations in this area are that AI developers should be sufficiently transparent about any possible shortcomings in data biases and minimize potential biases at all stages of the development process. This will require developers to consider the procedures for training AI systems and the quality and diversity of their datasets.127
Second, there are concerns about the privacy of an individual’s data used throughout the metaverse ecosystem (a legal concern).128 It would be a breach of confidentiality if sensitive information about a patient’s mental health consultation, for example, was leaked. Developers have considered using tools to aid privacy while an individual is in the metaverse, such as the ability to be invisible and the allocation of private spaces within the metaverse.129 However, from a medico-legal perspective, the privacy concerns are more complex, covering the use of data to train AI systems, data obtained from individuals when using the metaverse and stored on servers, and particularly the confidentiality protections of individual data shared in the meta-medicine context. The sharing of data across systematic, institutional, and national lines raises various issues on multiple regulatory levels, including questions of what is permissible under domestic data protection regimes.130 In many jurisdictions, data can only be processed in line with the requirements of the law, so metaverse providers and meta-medicine providers may need to consider the implications of processing medical data. Medical data is often accorded status as data of a “special nature” which requires additional measures such as obtaining explicit consent from the data subject.131 At the same time, these consent mechanisms may not adequately protect the user who may not understand what they are consenting to.Reference Kostick-Quenet and Rahimzadeh132
These concerns extend to the devices that work alongside the metaverse. For example, mHealth wearable devices have experienced significant regulatory and data privacy challenges, with only a small minority of apps receiving a CE mark or passing some FDA review.133 The rules on data privacy that apply will depend on the jurisdiction. In the US, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will apply where there is protected health information.134 Medical device regulations (and potentially the Artificial Intelligence Act (AIA)) will apply in the EU. However, those regimes in the US and the EU have shortcomings that will require detailed research on their application to the metaverse. For example, HIPAA does not cover much of the health data ecosystem, including information generated by users of health devices and non-health information on which inferences about health are based.Reference Price and Cohen135 For the AIA in the EU, its reliance on a CE mark is concerning because that system provides weak protection for human health and safety.Reference Smuha136 Another issue is the interoperability of devices. Multiple devices may be linked to the metaverse, and patients may wish to share their health information from those devices with other systems where their preferred provider is located. Few standards exist in this area, and manufacturers have been reluctant to allow users to share their data openly with other systems.137 Beyond medical device regulations and data protection laws, a plethora of national medical legislation with strict confidentiality provisions would need to be considered. The metaverse will need to comply with the standards expected for storing patient electronic health records (EHRs) (that is, if the metaverse is even permitted to hold EHRs under national law).
Overall, the issue of data is highly complex, particularly where data is stored on multiple servers across borders. The development of guidelines internationally would help bring clarity to metaverse and healthcare providers about the best practices that should be followed.
Third, are concerns about cybersecurity (a legal concern).138 Patients usually share sensitive information, such as their symptoms, for diagnosis. If their data is lost or the system they come to rely on fails, then patients may be at a higher risk of being unable to cope.139 Patients may also be subject to other financial harms associated with stolen identities or the stigma arising from disclosure. Patients must trust that their information will be kept safe from the public and unauthorised access. Producers of apps should be “subjected to the same ethical and evidence-based guidelines that manufacturers of medical devices” are subjected to.140 There is much to be determined in this space, but blockchain technology is now often integrated into metaverse systems to secure them and could be used to secure medical data.141 Indeed, blockchain technology may be critical for certification, authentication of rights, the verification of identities and more.142 This will be a critical area for further research considering the potential implication of breaches of confidential medical data.
Overall, the issue of data is highly complex, particularly where data is stored on multiple servers across borders. The development of guidelines internationally would help bring clarity to metaverse and healthcare providers about the best practices that should be followed.
3.4 Medical Liability
A final consideration is how the use of the metaverse may affect lines of responsibility where harm occurs to patients. The issues concerning licensing and cross-border liability have already been noted above, but additional complex considerations will apply here that require further research. Namely, how liability may extend in the virtual context to the doctor, the hospital, third-party providers and caregivers.Reference Simon143 Doctors must exercise due care when providing care, but it has been argued that legislators should consider developing a separate standard of care for the telehealth context.144 Further, hospitals may enlist third-party service providers in the metaverse who may attend to individuals in the virtual world and be advertised as part of the care team but have employment separate to the hospital.145 It will need to be determined who is responsible where such individuals cause harm to the patient. The role of the caregiver is also important.146 Some Health VCs noted above have been open to children with parental oversight being necessary. However, lines of accountability will need to be drawn for caregivers who might communicate information to doctors in the metaverse for individuals they are caring for at home. Furthermore, the metaverse will be heavily reliant on devices such as wearables, VR/AR devices, and more, which may raise device-manufacturer liability considerations where the products are defective or improperly used.Reference Simon, Shachar and Cohen147
It is also necessary to consider how responsibility might ensue when AI is used to provide recommendations in the metaverse. Other research has outlined how AI may impact the standard of care where a doctor follows the recommendation of an AI system and harms result.148 This includes circumstances in which AI systems make novel recommendations that do not comport with the standard of care but may help patients. At present, the healthcare provider/doctor will be liable for harm caused by a reliance on an AI recommendation. AI is merely a tool for the doctor to consider.149 In the future, an AI recommendation could be considered the standard of care, which may require redrawing the legal lines of accountability where harms result from those recommendations.Reference Froomkin, Kerr and Pineau150 Those considerations are yet to be fully determined in practice, and there are few rules in this area. The EU’s Artificial Intelligence Act (AIA) creates a risk classification system for approving AI systems. Yet, that regulation may be largely unhelpful in this liability context because the regulation (as proposed) lacks any provisions on civil liability that individuals could rely on for breaches that cause harm to them.Reference Raposo151 Instead, the European Commission has proposed the AI Liability Directive (AILD) and the revised Product Liability Directive (PLD) to complement the AIA.152 Those directives will require a detailed and careful analysis in the healthcare context to fully comprehend their implications for meta-medicine.
Further, while similar considerations for the use of AI will apply wherever it is used, the futuristic scenario of AI setting the standard of care may be even more probable in the metaverse context. There may well be a plethora of virtual systems and devices working together to provide recommendations, not merely one tool. It would be an impossible task for a doctor in the metaverse to decipher the logic of an interconnected AI mass in a virtual world providing a recommendation for their patient. As such, there could be a greater need for a shift in our understanding of the lines of accountability to allow healthcare to proliferate in virtual worlds. Otherwise, it may simply not be feasible nor fair for doctors to take on the risk of liability according to a legal approach that will be somewhat ill-fitting in this new setting, particularly if doctors are required by their providers to use and rely on such systems to deliver care in the future. Collaboration is needed in this area to determine how the lines of accountability will be drawn in the future and what laws will apply.
Conclusion
Other legal and ethical concerns will arise as meta-medicine grows, but the issues mapped out in this article are among the most critical and salient matters that should be contended with at an early stage. Health VCs have existed for decades, but there will be greater complications, considerations, and consequences for patients now that the implications for meta-medicine could be far more substantial than the siloed experiments of the past. At the same time, this article pinpoints more fundamental legal concerns underlying existing areas, such as telemedicine and AI regulation, which need rectifying. Progress is being made, but the overall lack of resolution in those areas threatens to pollute the metaverse as the use of those technologies is upscaled into virtual worlds. Of course, none of the above is to say that the metaverse will succeed. It may ultimately become a failed technology, but the investment and development to date (underscored by decades of more rudimentary use) suggest that it should be taken seriously enough to pre-empt the concerns for patients that have been highlighted so far.
Note
The author has no conflicts to disclose.