New 'digital' pills pose data protection and cybersecurity challenges for drugs manufacturers and health bodies, says expert

Helen Cline of Pinsent Masons, the law firm behind Out-Law.com, said that while digital pills have potential to cut health care costs by supporting self-medication, there are privacy and security issues that need to be carefully managed. 

Cline was commenting after the US Food and Drugs Administration (FDA) gave its approval for doctors to prescribe a new pill that is capable of tracking whether patients have ingested it.

The FDA said the Abilify MyCite product is "the first drug in the US with a digital ingestion tracking system", and could be prescribed to treat schizophrenia, conditions associated with bipolar disorder, and depression in adults.

"The system works by sending a message from the pill’s sensor to a wearable patch," the FDA said. "The patch transmits the information to a mobile application so that patients can track the ingestion of the medication on their smart phone. Patients can also permit their caregivers and physician to access the information through a web-based portal."

However, the regulator pointed out that the drug-device combination had limitations. It "should not be used to track drug ingestion in 'real-time' or during an emergency because detection may be delayed or may not occur", it said.

Cline said: "The ever rising cost of health care is the driver for innovations such as this. Improving adherence is one way the health care industry can improve outcomes for patients and allow patients to self-manage their conditions. However, networked technologies come with constraints and risks."

Cline said privacy and security considerations complicate the collection of patient data.

"Organisations collecting health data need to gain and retain patient trust in the way that data is handled and used," Cline said. "The same data and analytics that assist in improving a patient's adherence could also do potential harm by, for example, invalidating a patient's insurance or lead to disqualification from insurance."

"Connected technologies are also vulnerable to cyberattack and could potentially be an entry point to infect health care provider networks and expose organisations to a costly data breach. The 'WannaCry' ransomware attack earlier this year highlighted cybersecurity vulnerabilities as a critical concern for patient safety and demonstrated why organisations, such as the NHS need be prepared for such attacks," she said.

Since the WannaCry attack the Department of Health (DoH) and NHS England have set out new data protection and security requirements for NHS bodies and their contractors. NHS Digital is also seeking to build a new cybersecurity centre.

Otsuka and Proteus Digital Health, the companies behind Abilify MyCite, were previously refused regulatory approval for the digital pill by the FDA. The US regulator at the time requested further assurances that the product was safe and effective for its targeted users, according to a report by Fierce Biotech.

The ingestible sensor and wearable sensor patch developed by Proteus Digital Health has been certified for use under EU medical device laws, and has also been approved by the China Food and Drug Administration (CFDA) for use in China, according to the company.

In 2016, the Committee for Medicinal Products for Human Use at the European Medicines Agency agreed to allow Proteus' sensors to be tested (24-page / 1.13MB PDF) in Europe "as a qualified method for measuring adherence in clinical trials".