A pill embedded with a sensor that can tell doctors—and potentially others—if and when a patient takes his or her medication, recently approved by the U.S. Food and Drug Administration, is touted as a solution to prescription medication nonadherence, which costs the American health care system between $100 billion and $289 billion a year, according to a review in Annals of Internal Medicine. And those are just the financial costs. It also causes about 125,000 deaths annually, the article says.

While acknowledging the medical and financial benefits of the so-called digital pill, health care and data privacy lawyers expressed concerns about data security and patient consent.

“The slippery slope danger is really real,” said Michael Whitener, a data privacy expert and partner at VLP Law Group.

Approved by the FDA earlier this month, the pill, called Abilify MyCite (aripiprazole tablets with sensor), is a version of the antipsychotic medication Abilify that is used mainly to treat patients with schizophrenia, according to a report by The New York Times. Patients who consent to using the technology can allow their physician, as well as up to four other people, including family members, to receive electronic data about the time and date of ingestion of the pill.

The pill was developed by Otsuka America Pharmaceutical Inc. and Proteus Digital Health, a California company that invented the ingestible sensor. Otsuka said it plans to introduce the product next year, initially to a limited number of health plans, according to the Times report.

It's the involvement of health plans that worries the data privacy attorneys. Now, use of the technology is voluntary, but they can anticipate a time when pharmaceutical companies, insurers and even employers could offer incentives to take the digital pill, raising the question of whether use in such a circumstance is truly voluntary and constitutes informed consent.

“It's a carrot-and-stick arrangement with an insurance company or employer,” Whitener said. “You've agreed to share the data, but how are they using the data? Are they using it strictly to see if you comply with your treatment, or are they going to try and monetize the data?”

Jackson Lewis principal Joseph Lazzarotti, who co-leads the firm's privacy, e-communication and data security practice, likened the scenario to employers' increasingly popular workplace wellness programs. In its rule-making process, the U.S. Equal Employment Opportunity Commission determined that a wellness program could be considered “voluntary” so long as the cost incentives—or, seen another way, the penalty for nonparticipating employees—did not exceed 30 percent of the value of an individual's health plan.

But, as Lazzarotti noted, a Washington, D.C., federal judge in August dealt a blow to such programs when he ruled in part that the agency failed to justify its 30 percent cap on cost incentives for participating workers.

“When there are incentives being provided to patients who adhere, is that authorization or voluntary submission really voluntary?” Lazzarotti said.

This issue of voluntariness also extends to potentially controversial uses such as requiring digital medication as a condition for release from prison or inpatient psychiatric treatment.

“It's not just a matter of dollars and sense but of personal freedom under those circumstances,” Whitener said.

In addition, the lawyers mentioned the issue of data security and the potential for hacking and use of sensitive medical information by unauthorized individuals.

Those are the concerns “when you have all this data residing in databases,” said Linda Pissott Reig, co-chairwoman of the FDA and biotechnology section at Buchanan Ingersoll & Rooney. “You do have this expectation of [knowing] where the data's going to reside, what are the protections, who is going to have access to it. You have to ensure that only those who need to know get to know.”