Smart Pills and IoT

It stands to reason that the medical industry would be the most likely place for groundbreaking and disruptive tech advancement. An aging baby boomer population—a huge slice of America

as we know it—is seeking to prolong their parents’ lives and eventually their own. To put it lightly, there’s a lot of money in medicine.

Healthcare accounts for about 17 percent of the nation’s GDP, and an ever-ballooning part of the American healthcare product is a suite of tech innovations collectively called telehealth, a term we’re seeing a lot of these days. Regis College defines telehealth not as a particular thing, but as something people do:

“Medical professionals use the Internet to gather and share information as well as monitor the health conditions of patients by using peripheral equipment and software such as video conferencing devices, store-and-forward imaging, and streaming media.”

In that sense, there’s huge concern about whether the gathering and sharing of information through telehealth meets the Health Insurance Portability and Accountability Act (HIPAA) standards. These are rigorous standards designed to protect patient information. Now, the smart pill, a new entrant to the internet of things, seem to have it all figured out.

Abilify MyCite relies on a silicon chip in each pill to relay information to a wearable patch. When you take a pill your stomach acid activates the chip, which then tells the wearable patch what time you took the pill along with information about your “activity and stress levels at the point of ingestion,” according to MD Connect. How the chip is able to measure your activity and stress levels is unclear. After the patch receives data from the chip, it encrypts them and transmits them via Bluetooth to an app on your phone. From there, the app encrypts the data once more, and MD Connect points out you have the choice to either share the data with your physician or simply keep track of your own compliance over time.

Compliance is important for patients who take Abilify because they can have a hard time functioning without it. The drug treats symptoms of schizophrenia and bipolar disorder. Yet the FDA notes that “the ability of the product to improve patient compliance with their treatment regimen has not been shown.” Moreover, “Abilify MyCite should not be used to track drug ingestion in real-time or during an emergency because detection may be delayed or may not occur.”

In other words, the pill may be able to provide info about compliance but there’s no guarantee the patient will take it, nor is there any guarantee the pill’s silicon sensor will work once it’s in your system.

The symptoms of schizophrenia include paranoia, so it’s not hard to imagine a paranoid person feeling squeamish about taking a pill with a chip embedded in it. The worry, as the New York Times points out, is over a “Biomedical Big Brother.” What if data is leaked to a government entity or even advertisers? MD Connect maintains that the short amount of transmission time between the pill and the wearable patch make it nearly impossible to intercept that signal, while end-to-end encryption provides security between the patch, the app, and the endpoint at the doctor’s office.

The patient who takes the pill can give up to four people access to their data. From the patient’s perspective, concerns over privacy would revolve around the veracity of the app’s claim that data is only shared with the patient’s treatment team—that is, the family members, caretakers, and medical personnel with whom the patient wants to share data.

For the pill to comply with HIPAA, the patient’s data absolutely must remain private according to the patient’s wishes. If the data ends up in a third party’s hands, it’s a violation of the law. Tell that to a hacker seeking to profit from medical data.

As this infographic from University of Illinois at Chicago shows, data security is a huge concern for the healthcare industry:

(Infographic Source: healthinformatics.uic.edu)

In 2018, about 50 percent of smartphone users will have health apps on their phones. At the same time, 1 out of 3 people had their data compromised by a security breach of some sort in 2016. In 2015, nearly 112 million people saw their data end up in unknown hands due to a hacking or IT incident.

What’s at stake here for Abilify MyCite and other future pills with embedded sensors? Treatment teams can access Abilify MyCite’s data from a web portal, so the app does transmit patient data to the cloud. This opens up the whole host of issues surrounding security when it comes to each person’s use of a personal device to access electronic health info. Passwords have to be tough to crack; operating systems, firewalls and security software must be up-to-date; the cloud provider must enable remote wiping; and the data provider must conduct an annual HIPAA security risk analysis.

Overall, there’s a reason why experts recommend people shouldn’t use their personal devices to access electronic health records. People get all sorts of viruses on their computers, and cybersecurity threats are multiplying. Abilify MyCite has the right idea with end-to-end encryption. Now it’s up to each member of a patient’s treatment team to keep the data safe.

By Daniel Matthews