WO2009010718A1 - Identifier allocation and authentication method and apparatus suitable for clinical trials - Google Patents

Identifier allocation and authentication method and apparatus suitable for clinical trials Download PDF

Info

Publication number
WO2009010718A1
WO2009010718A1 PCT/GB2008/002348 GB2008002348W WO2009010718A1 WO 2009010718 A1 WO2009010718 A1 WO 2009010718A1 GB 2008002348 W GB2008002348 W GB 2008002348W WO 2009010718 A1 WO2009010718 A1 WO 2009010718A1
Authority
WO
WIPO (PCT)
Prior art keywords
medication
token
individual
allocating
input device
Prior art date
Application number
PCT/GB2008/002348
Other languages
French (fr)
Inventor
Marcus Lawson
Original Assignee
First Ondemand Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by First Ondemand Limited filed Critical First Ondemand Limited
Publication of WO2009010718A1 publication Critical patent/WO2009010718A1/en

Links

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/20ICT specially adapted for the handling or processing of patient-related medical or healthcare data for electronic clinical trials or questionnaires
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H20/00ICT specially adapted for therapies or health-improving plans, e.g. for handling prescriptions, for steering therapy or for monitoring patient compliance
    • G16H20/10ICT specially adapted for therapies or health-improving plans, e.g. for handling prescriptions, for steering therapy or for monitoring patient compliance relating to drugs or medications, e.g. for ensuring correct administration to patients
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02ATECHNOLOGIES FOR ADAPTATION TO CLIMATE CHANGE
    • Y02A90/00Technologies having an indirect contribution to adaptation to climate change
    • Y02A90/10Information and communication technologies [ICT] supporting adaptation to climate change, e.g. for weather forecasting or climate simulation

Definitions

  • the invention relates to the allocation and authentication of ID tokens for use when a plurality of individuals are using medication. Particularly, but not exclusively, the invention relates to the allocation and authentication of
  • ID tokens for use when a plurality of individuals are using medication in a clinical trial.
  • CROs Clinical Research Organisations
  • Test procedures vary from country to country and must comply with various legislation, regulation and compliance control.
  • the FDA Food and Drug Administration
  • the MHRA Medical Products and Healthcare products Regulatory Agency
  • the roles of the MHRA include the assessment and authorisation of medicinal products for sale and supply in UK, regulating clinical trials of medicines and medical devices, monitoring and ensuring compliance with statutory obligations relating to medicines and medical devices and promoting safe use of medicines and devices.
  • Test procedures also vary between types of medicines or devices and will, of course, depend on the purpose of the trial. Throughout this specification, the term “compliance" is used to denote compliance with test procedures legislation and regulations.
  • drugs or compounds which already have a licence for a particular use, to treat a given disease or complaint for example usually have to undergo further testing to be used in a new application.
  • the clinical trials may be blind or double-blind.
  • blind trials the patient or volunteer does not know details of the medical product or device which he or she is testing. For example, the volunteer may not even know whether he or she is being given a placebo rather than the genuine drug.
  • double-blind trials neither the patient, nor the medical provider, knows details of the product. Thus, a further level of security and independence is provided.
  • the packaging and labelling of products is an important part of the trial and pre-trial process.
  • double-blind test scenarios for example, generally pharmaceutical manufacturers or, more often, a third party, must package and label drugs so that there is no perceivable difference between those with active compounds and those with no active compounds.
  • These packages are then sent to the CROs for the trials often via one or more independent third parties.
  • the packages must generally be anonymous, it may be desirable for the packages, or individual drugs to be individually marked in some way, so that they can be identified and referenced.
  • drugs, medicines, and medical products and devices are provided in primary and secondary packaging.
  • the primary packaging is the packaging in contact with the drug itself for example a vial or ampule, a blister pack, a bottle containing liquids or tablets, a pre-packed syringe or a foil packet.
  • Secondary packaging may comprise an outer, external pack e.g. bag or box. The identifying marking may be on each dose of the drug, on the primary packaging or on the secondary packaging.
  • GB 2406690 of Neopost Industrie SA discloses a system in which authentication information is stored, in a data matrix.
  • the data is cryptographically encoded in the data matrix and may be read by a processing unit which checks the validity of the item and transmits a message back to a presentation station indicating whether or not the item is valid.
  • the data matrix may carry a digital signature.
  • identification indicia such as those disclosed in GB 2406690 may be used in a wide variety of applications, such as tokens for redemption in supermarkets, personal money, encoding medical prescriptions and many other uses.
  • the inventors of the present invention have further appreciated the desirability of a validation system that can validate information stored on identification indicia regardless of the application and which can generate the indicia for application.
  • a particular dose of a drug e.g. individual pill, syringe etc
  • a set of doses, for a day or week may be uniquely identified.
  • simply the primary packaging or secondary packaging of a particular drug can be marked.
  • identification of medicines and drugs would be advantageous in the context of a clinical trial.
  • a first problem is how to obtain useful data from the trial, and this is linked to the requirement to maintain confidentiality of the patients taking part in the clinical trial. No data can come back from the trial that could comprise the compliance issues surrounding the trial.
  • the compliance requirements often set out that a substantial separation between the manufacturers and the CROs must be established, so that the trial results are considered valid, which means that the manufacturers can often obtain little useful data from the trial.
  • clinical trials are hospital trials i.e. trials performed where the individuals involved in the trial are constantly in a medical environment and/or under medical supervision. These are fairly straightforward to oversee.
  • Other clinical trials are community trials i.e. trials performed where the individuals are free to go about their normal business in the community, as long as they adhere to the trial regime. These trials are obviously much more difficult to oversee because the individuals are less easy to monitor.
  • the prior art tends to describe highly controlled, process-driven environments, such as hospitals, where strict controls can be placed between different processes. However, such systems may not be suitable for use outside controlled environments. In community trials, and possibly in some hospital trials, data tends to be gathered at the end of the trial which might limit its usefulness.
  • Another problem is that many of the prior art systems are simply designed to identify medication, for example for verification by a medical practitioner. They are procedural and process driven and mainly for administration purposes. This does not address the issues of compliance with clinical trial regulations or monitoring of patient adherence to medical regimes.
  • a medical practitioner might want to have reassurance that his or her patient is adhering to a particular medication schedule. This might be particularly important in the case of chronic illnesses (i.e. persistent and long-lasting) where it is very important that regular medication is taken at particular times each day or week. This may also be particularly useful in developing countries in which the medical providers may be a long distance from the patients so that regular appointments with medical personnel are difficult. Indeed, one of the big problems with diseases such as HIV, TB and malaria in developing countries is that patients do not continue to take medication regularly after the first, short period of time and there is very little opportunity for medical personnel to monitor this because they see the patients so infrequently. This will require real-time feedback. The medical practitioner might also want a mechanism that will enable him/her to monitor the patient in real time and, if the patient has missed a medication event, to remind the patient and/or if appropriate send a medical practitioner to the patient.
  • a medical practitioner might want to have real-time feedback as to when a patient needs to take a particular drug.
  • the drugs will not need to be taken regularly, but simply in response to a patient event (for example, in the case of diabetes, a change in patient insulin levels).
  • the real-time feedback in such a reactive situation can provide useful feedback to the medical provider, for example, as to how often the patient needs to use the medication.
  • the problems associated with the prior art systems relate to the taking of drugs in a clinical trial, the regular taking of drugs outside a clinical trial and the taking of drugs outside a clinical trial in response to patient events.
  • the problems listed above may also apply to the testing/prescribing of other products for example the testing or prescribing of dietary supplements, the testing of cosmetics, the testing of beauty products and the testing/prescribing of veterinary products.
  • the present invention might also apply to these products.
  • apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
  • the medication ID token and the individual identity may be generated by the apparatus. Alternatively, or additionally, an existing identifier may be used.
  • the processing of the received medication ID token and the received individual identity may include decoding the medication ID token and/or the individual identity and/or authenticating the medication ID token and/or the individual identity.
  • the medication may comprise one or more of drugs, medicines, medical products, medical devices, dietary supplements, cosmetics, beauty products and veterinary products.
  • the system may be used directly by the individuals themselves or on behalf of the individuals by a care provider.
  • Each item of medication may be a dose, a pack, or a number of packs.
  • the individuals may be patients suffering with a disease, complaint or condition. Or, the individuals may be healthy.
  • Each medication ID token may include reference to data in an external system.
  • the medication ID token may establish a link to the CRO's own reference for the medication.
  • the medication ID token may directly link to a database including data relating to the medication.
  • identities are created which can be tracked and identified, whilst still maintaining confidentiality. The identities are not directly linked to personal or medication details.
  • the token itself does not include any immediately meaningful data, the system is inherently secure since no information can be deduced or extracted from the ID token, except by an authorised party.
  • the medication ID token comprises a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion.
  • no data can be deduced or extracted from a portion of the medication ID token, except by a party authorised according to the third party access permissions for that portion.
  • the apparatus is arranged to operate in conjunction with a separate existing clinical trials system, and the third party access permissions establish links and obscure links between the plurality of portions and data in the existing clinical trials system. Whilst prior art systems tend to be used solely to establish links between identities and particular data, the apparatus of the invention is also used obscure links, where data should be hidden, for example to maintain confidentiality, or to comply with trial regulations.
  • the apparatus may further comprise means for generating the medication ID token.
  • each medication ID token includes a header portion and a payload portion.
  • one or more of the medication ID tokens each comprise a header, a payload and security information.
  • the payload portion is encrypted.
  • the header portion includes a PIN flag, the PIN flag, when set to on, indicating that a PIN is required to be entered by a user.
  • the individual identity comprises a patient ID token comprising a plurality of portions
  • the apparatus is arranged to define third party access permissions for data associated with each portion, so as to maintain confidentiality of the plurality of individuals.
  • the data carrier is preferably a Data Matrix.
  • the data carriers for different items of medication could be different types of data carrier. Many types of data carrier are possible.
  • the method used by the encoder to encode each medication ID token onto a data carrier will be appropriate for the particular data carrier being used.
  • the means for receiving the medication ID token and the individual identity is arranged to receive the medication ID token and the individual identity from a data input device allocated to the individual.
  • the plurality of individuals are using the medication outside a controlled, medical environment and each data input device includes location determination functionality.
  • the prior art tends to describe highly controlled, process-driven environments, such as hospitals, where strict controls can be placed between different processes. However, such systems may not be suitable for use outside controlled, medical environments.
  • the apparatus may further comprise means for receiving an indication of the location of the data input device, and hence the location of the individual, when the individual uses the medication.
  • the data input device is preferably arranged to capture the medication ID token and forward the medication ID token to the apparatus.
  • the data input device is also preferably arranged to forward the individual identity to the apparatus.
  • the data input device is arranged to capture the ID token and forward the ID token to the apparatus, and the apparatus is arranged to receive the ID token from the data input device and process the received ID token.
  • the data input device may be a mobile (i.e. wireless or cellular) telephone.
  • Mobile telephones are designed for data and voice communication over a network, known as a cellular network, of specialized based stations, known as cell sites.
  • the mobile telephone preferably has camera functionality and an application installed thereon to capture an ID token from an image and forward the ID token over the mobile network.
  • the mobile telephone may be arranged to capture the ID token in another way e.g. by scanning the ID token data carrier or, less desirably, by an individual manually entering an ID token.
  • the mobile telephone includes location determination functionality using triangulation.
  • location determination functionality using triangulation.
  • existing technology already inherent in the mobile telephone may be used for determination of location with the apparatus of the invention. In this case, this is done using the cell sites in the mobile telephone's cellular network.
  • the apparatus further comprises means for allocating a mobile telephone ID to each mobile telephone, the mobile telephone ID comprising the International Mobile Equipment Identity of the mobile telephone.
  • the data input device may be a PC.
  • the PC may have a reader incorporated or connected to it, for the ID token to be captured.
  • the individual can enter the ID token manually using the keyboard.
  • any other input means may be used.
  • the ID token, along with the individual identity can be forwarded to the apparatus via a communications link e.g. a Local Area Network (LAN) or the Internet.
  • LAN Local Area Network
  • the data input device may be a Personal Digital Assistant (PDA).
  • PDA Personal Digital Assistant
  • the PDA may have a reader incorporated or connected to it, for the ID token to be captured.
  • the individual can enter the ID token manually using one or more of the PDA input devices.
  • the ID token along with the individual identity, can be forwarded to the apparatus via a communications link e.g. a Local Area Network (LAN) or the Internet.
  • LAN Local Area Network
  • each ID token is sent from the data input device to the apparatus via a communications network.
  • the communications network may be a Local Area Network (LAN), a Wide Area Network (WAN) for example the Internet, a telephone network, a mobile, cellular, telephone network, a Wireless Application Protocol (WAP) communications link and so on.
  • the communications link may be a secure communications link. Data being sent over the communications link may be encrypted.
  • the means for allocating an individual identity to each individual comprises: means for allocating a data input device ID or ID token to each data input device; and means for allocating each data input device to a single individual.
  • the data input device ID or ID token allocated to a data input device must ultimately be able to reach data associated with the respective individual.
  • the means for receiving the individual identity is arranged to receive the data input device ID or ID token since the data input device ID or ID token is unique to the allocated individual.
  • the means for allocating an individual identity to each individual comprises: means for allocating a data input device ID or ID token to each data input device; means for allocating a patient ID token to each individual; and means for allocating each data input device to one or more individuals.
  • the data input device is arranged to forward the data input device ID or ID token and the patient ID token to the apparatus and the means for receiving the individual identity at the apparatus is arranged to receive the data input device ID or ID token and the patient ID token from the data input device, since both ID tokens are required to identify an individual.
  • the patient ID token may be generated by the apparatus or an existing patient identifier may be used.
  • the data input device may be allocated either with an ID token or with an ID. If a new identifier is generated by the apparatus, this is referred to as a data input device ID token. On the other hand, if an existing identifier is used for the data input device, this is referred to as a data input device ID.
  • An individual allocated to a data input device may be required to enter a PIN at the point of use of the data input device. A PIN may be required either if a data input device is allocated to a single individual or if a data input device is allocated to a plurality of individuals.
  • the PIN may be required by the data input device in order for the individual to be able to use the data input device.
  • a PIN may be required by an application installed on the data input device in order for the data input device to operate in conjunction with the apparatus.
  • one or more of the ID tokens captured by the data input device may include an indication that a PIN is required.
  • the data input device is arranged to run a computer program which runs in conjunction with a computer program running on the apparatus.
  • the term "computer program” is a broad term used to indicate any software or application which can run on the data input device.
  • the data input device comprises means for sending a reminder to each individual, if the data input device does not read the medication ID token and the individual identity by a predetermined point in time.
  • Each individual may be using the medication outside a controlled, medical environment and in accordance with a respective regime.
  • Each individual is preferably using the medication in accordance with a respective regime in the form of respective Medication Schedule, and the apparatus may further comprise means for allocating one or more Medication Schedule ID tokens to each Medication Schedule.
  • a single Medication Schedule ID token could be allocated, or separate ID tokens could be allocated for each individual medication event on the Medication Schedule.
  • the Medication Schedule ID token(s) may be generated by the apparatus. Alternatively, existing Medication Schedule identifiers may be used.
  • the apparatus may further comprise means for encoding each Medication Schedule ID token onto a data carrier for application to the associated Medication Schedule.
  • the apparatus may further comprise means for receiving from each individual, when the individual uses the medication, the Medication Schedule ID token of the respective Medication Schedule.
  • the apparatus may further comprise means for sending a reminder to each individual, if the apparatus does not receive the medication ID token and the individual identity by a predetermined point in time.
  • the point in time may be determined by the Medication Schedule.
  • the apparatus may further comprise means for sending a prompt to a medical provider, if the apparatus does not receive the medication ID token and the individual identity by a predetermined time after the reminder.
  • the prompt may prompt the medical provider to take relevant action, for example visiting the individual.
  • the apparatus further comprises means for sending to each individual, when the apparatus processes the medication ID token and the individual identity, an acknowledgement.
  • the acknowledgement may include a unique event code to be recorded by the individual, for later authentication. If the individual is using the medication in accordance with a Medication Schedule, the individual may record the received unique event code on the Medication Schedule, perhaps in relation to a specific medication event.
  • the acknowledgement may provide an incentive to the individual to adhere to the instructions or schedule for using the medication since the individual will be aware that his data is being recorded. It will also be impossible for the individual to enter a fake code, without this being detected.
  • the unique event code is preferably authenticatable later, so as to verify that the individual has adhered to instructions for using the medication.
  • the means for auditing may be arranged to record the time of receipt of the medication ID token and the individual identity and the medication ID token and individual identity received.
  • the apparatus may be arranged to authenticate the received ID token and individual identity against a central and auditable record.
  • the apparatus is suitable for allocating and authenticating ID tokens for use when a plurality of individuals are using the medication in a clinical trial.
  • apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from a data input device allocated to each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual, wherein the data input device includes location determination functionality; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
  • apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication comprising: means for allocating a medication ID token for each item of medication to be used, each medication ID token comprising a plurality of portions, and being structured so as to establish links between some of the plurality of portions and data in the existing clinical trials system, and so as to obscure links between other of the plurality of portions and data in the existing clinical trials system; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
  • apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment and in accordance with a regime
  • the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; means for auditing the received medication ID token and the received individual identity; and means for sending to each individual, a reminder, if the medication ID token and the individual identity of the individual have not been received by a predetermined time determined by the regime.
  • a data input device specially adapted for use with the apparatus of the first aspect of the invention.
  • a mobile telephone having a software application running thereon, for use with the apparatus of the first aspect of the invention.
  • a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity.
  • the medication ID token comprises a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion.
  • the individual identity may comprise a patient ID token comprising a plurality of portions, and the apparatus may be arranged to define third party access permissions for data associated with each portion, so as to maintain confidentiality of the plurality of individuals.
  • the data carrier may be a Data Matrix.
  • the step of receiving the medication ID token and the individual identity preferably comprises receiving the medication ID token and the individual identity from a data input device allocated to the individual.
  • the data input device is a mobile (i.e. cellular) telephone.
  • the data input device is a PC or a PDA.
  • the step of receiving the medication ID token and the individual identity from a data input device preferably comprises receiving the medication ID token and the individual identity from the data input device via a communications network.
  • the step of allocating an individual identity to each individual may comprise: allocating a data input device ID or ID token to each data input device; and allocating each data input device to a single individual.
  • the step of allocating an individual identity to each individual may comprise: allocating a data input device ID or ID token to each data input device; allocating a patient ID token to each individual; and allocating each data input device to one or more individuals.
  • An individual allocated to a data input device may be required to enter a PIN at the time of using the data input device.
  • Each individual may be using the medication in accordance with a respective Medication Schedule, and the method may further comprise the step of allocating one or more Medication Schedule ID tokens to each Medication Schedule.
  • the method may further comprise the step of encoding each Medication Schedule ID token onto a data carrier for application to the associated Medication Schedule.
  • the method may further comprise the step of receiving from each individual, when the individual uses the medication, the or a Medication Schedule ID token of the respective Medication Schedule.
  • the method further comprises the step of sending an acknowledgement to each individual, after the step of processing the medication ID token and the individual identity.
  • the step of auditing the received medication ID token and the received individual identity may comprise recording the time of receipt of the medication ID token and the individual identity received.
  • the method is suitable for allocating and authenticating ID tokens for use when a plurality of individuals are using the medication in a clinical trial.
  • a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from a data input device allocated to each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual, wherein the data input device includes location determination functionality; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity.
  • a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication comprising the steps of: allocating a medication ID token for each item of medication to be used, each medication ID token comprising a plurality of portions, and being structured so as to establish links between some of the plurality of portions and data in the existing clinical trials system, and so as to obscure links between other of the plurality of portions and data in the existing clinical trials system; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity.
  • a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment and in accordance with a regime comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; auditing the received medication ID token and the received individual identity; and sending to each individual, a reminder, if the medication ID token and the individual identity of the individual have not been received by a predetermined time determined by the regime.
  • a computer program which, when run on computer means, causes the computer means to carry out the method of the third aspect of the invention.
  • a computer program arranged to run on a data input device and arranged to work in conjunction with the above-mentioned computer program.
  • a software application arranged to run on a mobile telephone and arranged to work in conjunction with the apparatus of the first aspect of the invention.
  • a record carrier having stored thereon a computer program which, when run on computer means, causes the computer means to carry out the method of the third aspect of the invention.
  • a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication comprising the steps of: computer means allocating a medication ID token for each item of medication to be used; the computer means encoding each medication ID token onto a data carrier for application to the associated item of medication; the computer means allocating an individual identity for each individual; when an individual uses an item of medication, the individual forwarding the medication ID token of the item of medication and the individual identity of the individual to the computer means; the computer means receiving the medication ID token and the individual identity; the computer means processing the medication ID token and the individual identity; and the computer means auditing the received medication ID token and the received individual identity.
  • Figure 1 shows the structure of one embodiment of a unique ID token
  • Figure 2 shows the structure of a first embodiment of the patient adherence server
  • Figure 3 shows the structure of a second, alternative embodiment of the patient adherence server
  • Figure 4 is a flow chart of one embodiment of the method of the invention
  • Figure 5 is a flow chart of a second embodiment of the method of the invention.
  • the system provides an apparatus and method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, particularly, but not exclusively, in the context of a clinical trial.
  • the apparatus may be in the form of a patient adherence server.
  • the system provides a mechanism for remote monitoring of patient adherence and is designed to work hand in hand with an existing system, for example that of a CRO, which is linked to patient data and so on.
  • the ID tokens are therefore used to establish links between different pieces of data or to obscure links, where data should only be accessible to certain individuals.
  • the aim is to build up an audit trail of events and transactions.
  • a unique ID token is allocated for each item of medication to be used - a medication ID token - and a unique individual identity is allocated to each individual.
  • the medication ID token and the individual identity may be specially created for use in the system or an existing identifier can be used.
  • the individual identity can comprise a patient ID token and a data input device ID or ID token for a data input device allocated to one or more individuals, or simply a data input device ID or ID token for a data input device which is allocated to a single individual and therefore uniquely identifies that individual.
  • the patient ID token may be specially created for use in the system or an existing identifier can be used.
  • a new identifier may be created - referred to as a data input device ID token - or an existing identifier, such as a mobile telephone number or similar, may be used - referred to simply as a data input device ID.
  • one or more unique ID tokens may be allocated for a medication schedule - Medication Schedule ID token(s) - which instructs the individual how to use the medication. Again, these ID tokens may be specially created for use in the system, or existing identifiers may be used.
  • the ID tokens allow a unique entity to be created, printed (if appropriate), and authenticated.
  • the data carrier for an ID token may take a number of different forms.
  • the data carrier could be in the form of a Data Matrix (DMx) which is an encoding standard used to produce a 2- D barcode.
  • DMx Data Matrix
  • Other data carriers may be used and this will depend on the nature of the ID token and how it is to be used.
  • the data carrier for the ID token could be in the form of an RFID (Radio Frequency Identification) or 1-D, 2-D or 3-D barcode symbologies.
  • the ID token preferably takes a form similar to that shown in Figure 1.
  • the particular structure will depend on how the ID token is to be used, for what item the token is to be used and so on. A number of different types of structure and/or data carrier may be used within a given system.
  • the ID token 200 contains a contents portion 201 and a security portion 203.
  • the contents portion 201 is divided into a header portion 205 and a payload portion 207.
  • the header will contain a data set having at least three data sub-sets.
  • the first sub-set 209 identifies the type of ID token. This is required in any open system in which the ID token could represent a number of different things such as a particular pack of medicine, a particular Medication Schedule, a particular patient, or a particular scanning device to be used by a patient.
  • the identity type data set 209 identifies the nature of the ID token.
  • the second data sub-set 211 is a Token Identification Number TIN.
  • the TIN is a unique number that identifies a particular ID token.
  • the third data sub-set 213 is a PIN (Personal Identification Number) and comprises a flag. Depending on whether this flag is set on or off, a PIN may need to be entered when the ID token is, for example, scanned by a patient or medical provider. The PIN can then be compared with a stored number for verification. PINs can also be used in other ways - these are discussed further below.
  • ID tokens may be structured so as to establish links between different pieces of data, or to obscure links, where data should only be accessible to certain parties.
  • one or more of the ID tokens used is structured in such a way that different sections of the ID token refer to different portions of data, and the patient adherence server is able to define permissions for access by third parties for the various portions of data. This may be particularly important in the case of a medication ID token, but may be used for other ID tokens.
  • the medication ID tokens are not primarily used in order to authenticate the medication itself.
  • the ID tokens provide a security measure designed to overcome some of the difficulties of prior art systems, which do not allow users to collate meaningful data.
  • the most preferable structure used for a given ID token will clearly depend on whether the ID token is being used for a patient, a scanning device, a medication schedule or medication and this will be discussed in more detail below.
  • the ID token is effectively a data string, which may be captured and forwarded over a communications link.
  • Some element of the ID token could utilise some element of cryptographic protection.
  • the ID token's security portion may specify that the payload is encrypted, in which case the cipher (encrypted text) will be stored in the payload.
  • One suitable encryption algorithm is the AES symmetric algorithm for encryption of payload content.
  • the allocation of the ID tokens is performed by apparatus in the form of a patient adherence server, which may also create the ID tokens and which is also responsible for the processing and auditing of the ID tokens.
  • the patient adherence server preferably operates in conjunction with the Clinical Research Organisation or a third party to generate unique ID tokens that are appropriate for the particular drug or clinical trial or patients concerned.
  • the patient adherence server may take a form like that described in WO 2006/059124, also in the name of the applicant, the contents of which are incorporated herein by reference.
  • the system comprises a core generic part plus application- or customer-specific wrappers.
  • the core includes a database, for example an Oracle 10g database, which holds data to be included in the ID tokens and data which is related to data held in the ID token's payload.
  • the core is responsible for creation, updating and delivery of ID tokens.
  • the core is also responsible for the processing of scanned data carriers to authenticate them.
  • the patient adherence server may comprise a core generic part like that in WO 2006/059124, which could be used in any number of systems, plus an application-specific wrapper adapting the system for the present clinical trial application.
  • the core 301 comprises a Service Management Module, a Delivery Manager Module, a Security Manager Module, an Audit Manager Module, an Archive Manager Module, a Token Manager Module, an Authentication Module, a Redemption Module, An Identity Management Module, a Reporting Module and APIs (Application Programming Interfaces for e.g. Java and Web Services).
  • the wrapper 303 comprises the additional functionality required for the present application: a Mobile Phone ID Management Module, a Web Services Module, a Mobile Authentication & Communication System and a Wrapper database.
  • the patient adherence server 300' includes an ID Token Generation Module, a Mobile Phone ID Management System, an Allocation of ID Tokens Interface, an ID Token Authentication Module, a Mobile Authentication and Communication System, an Authenticating Audit and Reporting Module, Security and Cryptographic Modules, and a Web- based Services Module.
  • the patient adherence server may be implemented in software or hardware.
  • the patient adherence server could make use of cryptographic protection. For example, all records stored on the patient adherence server could be encrypted. More details on the function of the patient adherence server will be discussed below when the method of one embodiment of the invention is described.
  • a medication ID token is allocated to the drug, device or product being tested in the clinical trial.
  • the medication ID token can be encoded in a data carrier which can be applied to the primary or secondary packaging.
  • the medication ID token data carrier can be applied by the manufacturer (pharmaceutical company), the Clinical Research Organisation, or, more usually a separate third party, depending on the nature and requirements of the trials. It may be possible, even for a double- blind trial, for the medication ID tokens to be applied by the CRO, as long as the medical personnel are not able to determine the nature of the drug from a particular medication ID token. In a blind trial, the patient or volunteer concerned must not be able to identify the nature of the drug or any information that could lead to bias in the trial.
  • the method of application will depend on the type of data carrier used for the medication ID token and this may depend on where the data carrier is to be applied. For example, it may be straightforward to apply an RFID to secondary packaging of a drug but, for use on primary packaging, a barcode symbology may be more appropriate because of the space available.
  • the packaging and medication ID tokens can be arranged appropriately.
  • each individual dosage (referred to as "medication events" later) could be packaged separately and allocated a particular medication ID token.
  • the medication ID token might be unique for the particular drug being tested, for the particular batch of the drug, for a particular secondary packaging, for a particular primary packaging, or for a particular dosage. This will depend on the requirements of the trial. For example, in a trial testing how the effect of a drug changes with the age of the drug, it may only be necessary for the medication ID token to identify the batch, so that the age of the particular dose being taken can be determined.
  • the medication ID token will be unique to a particular pack of medication.
  • a drug ID is created by the patient adherence server
  • a pack ID is created by the patient adherence server
  • a unique medication ID token is created having the format shown in Figure 1.
  • the token header 205 may comprise a web URL (Uniform Resource Locator)
  • the token payload 207 may comprise data allowing drug information to be retrieved.
  • This medication ID token is then encoded into a data matrix which is then printed either directly onto primary or secondary packaging or onto a label which is applied to primary or secondary packaging.
  • the payload portion of the medication ID token may include the CRO's own identification and reference data, or other information establishing a link between the medication ID token and the next level down in the data trail, but will probably not contain more basic data. This is because the system of the invention is extensibly not designed to stand alone but instead to work in conjunction with an existing clinical trials system.
  • the CRO's identification and reference data will then ultimately enable data on one or more of: the manufacturer, the production site and line, the production date and time, the batch number, the lot number to be retrieved.
  • One of the advantages of this arrangement is that different portions of the payload may be accessible to different individuals, and the permissions may be set centrally by the patient adherence server. This was discussed earlier and is particularly advantageous for the medication ID tokens. For example, for a double-blind trial, the medical personnel at the CRO cannot know the details of the drug, but they should know details of the dosage to be taken. It may be acceptable for other members of the CRO, not directly involved in patient care, to know details of the drug.
  • each individual For the purposes of a clinical trial, or indeed for the purposes of monitoring that individuals are adhering to a medication schedule, or for the purposes of receiving real-time feedback on medication events, each individual (usually patient or volunteer) must be uniquely identified. This is achieved by an individual identity. In this embodiment, this can be achieved in one of two ways.
  • each patient uses a data input device such as a scanning device (more details on this later) to scan the medication ID token data carrier. So, either the patient can be allocated a unique identity and the scanning device can be allocated a unique identity or only the scanning device can be allocated a unique identity and each scanning device can be usable by and therefore inextricably linked to only one patient.
  • the individual identity comprises a patient ID token and a scanning device ID token.
  • the individual identity comprises only a scanning device ID token.
  • a unique identity - patient ID token - is allocated to each patient.
  • the patient ID token could take the form shown in Figure 1. It is important that details of the patient cannot be determined directly from the patient ID token, in order to preserve patient confidentiality and to avoid bias. However, the patient details must be ultimately retrievable so that the results of the trial can be processed. As already discussed, different permissions may be defined for respective portions of the ID token data.
  • the token could be encoded onto a data carrier which, for example, might be applied onto a credit card or coupon which the patient retains. Alternatively, the patient could simply be allocated a PIN which uniquely identifies them via the central database. Other types of unique identification are also possible and may include use of an individual's biometric features and/or data.
  • the patient ID token could be incorporated into any of the other existing ID tokens, or it could be a separate entity.
  • no patient ID token is allocated to each patient.
  • a unique identity is simply allocated to each data input device - scanning device ID token - and each data input device is linked to a single patient.
  • the data input device may take a number of forms and it is not essential that it has scanning functionality. It must simply be able to capture a data carrier (from the drug packaging for example) and communicate that to the patient adherence server, either independently or via a separate connection. Thus, the data input device must have capture functionality and communication functionality.
  • the data input device could be a portable scanner (of the type used in supermarkets for example) linked to a PC, able to send data over the Internet.
  • the data input device scanner, reader, keyboard
  • the data input device could be linked to a Personal Digital Assistant (PDA).
  • PDA Personal Digital Assistant
  • the data input device could be a mobile telephone pre-installed with a scanner.
  • the mobile telephone is preferably WAP and/or text enabled so that received data can be sent to the patient adherence server.
  • the scanner may be a barcode reader or other suitable reader, depending on the type of data carrier used in the particular trial. Or, a patient could simply enter a barcode number or alphanumeric characters manually, without the need for scanning.
  • the data input device must be able to read input data on the drug or product and optionally also on the patient and send that data to the patient adherence server, either itself or with the aid of a separate communications link.
  • the data input device is a mobile camera phone which incorporates a camera and which is WAP and/or text enabled.
  • the mobile phone has a pre-installed application which allows an image taken of a data carrier on drug packaging to be deciphered to derive the medication ID token and for the medication ID token to be forwarded to the patient adherence server.
  • a unique identity - scanning device ID or ID token - is allocated to each mobile phone. This may comprise the telephone number, or the 15-digit IMEI (International Mobile Equipment Identity) or equivalent which is programmed into a handset when it is manufactured, or, more preferably, both. This is referred to as a scanning device ID.
  • the telephone number is usually allocated to the SIM card rather than the handset whereas the IMEI is allocated to the handset. Therefore, using the IMEI or equivalent improves security.
  • PINs can be used with an ID token and this can be implemented in a number of ways.
  • the medication ID token can include a PIN flag, set to 1.
  • PIN flag set to 1.
  • the medication ID token is captured by the data input device, either the data input device, or the patient adherence server once the ID token has been forwarded, will see that a PIN is required and will prompt the user to enter a PIN. Effectively, this establishes an additional security factor in the link between the user and the medication.
  • the application installed on the data input device may require a PIN from the user in order to allow and correctly handle the captured medication ID token and any other captured identifiers.
  • the PIN could be used in addition to, or instead of, a patient ID token.
  • the data input device could require a PIN from the user, in order for the user to be able to use the data input device.
  • a PIN for example, in the case of a mobile phone, this might simply be a standard mobile phone passcode.
  • PIN PIN
  • Any combination of the three PIN types can be used.
  • a PIN can be used whether a single data input device is allocated to several individuals or whether each data input device has a single allocated user.
  • the PIN possibly together with the patient ID token, or, in fact, functioning as a patient ID token, can be used to identify the patient using the device at that time.
  • An additional or alternative way for the patient to identify him or herself is with the use of biometric data. For example, the patient could use his thumb or fingerprint to identify himself, optionally together with a PIN. Obviously, this would further increase security, since biometric data cannot be transferred between individuals.
  • One additional piece of functionality that can be provided on the mobile phone is determination of position, such as mobile phone position, using triangulation or possibly GPS (Global Positioning System).
  • position such as mobile phone position
  • GPS Global Positioning System
  • This enables the location of the scanning device, and hence the patient, to be determined.
  • This would provide an additional piece of data to the patient adherence server, that is, the location of patient at time of the medication event.
  • This could be useful in remote locations, for example, or in the case of a clinical trial which is concerned with the effect of location on a particular medical product or where a patient is mobile and needs to be tracked. It is recognised that not all clinical trials are conducted in a controlled environment.
  • One or more tokens may be allocated to the particular medication schedule or other patient advice or documentation forming the basis for the clinical trial or patient adherence - Medication Schedule ID token(s).
  • the Medication Schedule may be provided to the patient in hard copy, in which case one or more data carriers, in which Medication Schedule ID token(s) is/are encoded, may be applied directly to the Medication Schedule. Alternatively, the Medication Schedule may be provided to the patient electronically.
  • the Medication Schedule may simply include one data carrier to identify that schedule. Or, the Medication Schedule may include more than one data carrier. For example, each dosage of the medication - medication event - may be associated with a different ID token and data carrier. Then, the individual scans/enters the respective data carrier of the dosage being taken.
  • ID tokens have been described as separate entities, two or more may be combined together. For example, a patient ID token could be incorporated into a medication ID token or into a Medication
  • Figure 4 is a schematic diagram showing the method of one embodiment of the invention. This embodiment shows the method of the embodiment of the invention used in a clinical trial. Note that optional steps are shown with dotted lines. The method according this embodiment is as follows:
  • the pharmaceutical company produces the medication to be tested.
  • the term "medication” incorporates any medical device or product, beauty product, cosmetic or veterinary product.
  • the pharmaceutical company forwards the drug, medicine, device or product to the CRO in order for them to carry out the clinical trial.
  • This forwarding may be via one or more third parties.
  • the pharmaceutical company or, more usually, a third party will ensure that the packaging is such that the medical personnel of the CRO cannot identify the drug or any details connected with the drug.
  • the patient adherence server may work with the manufacturer
  • the drugs or medicine need not be anonymous when passed to the CRO, as long as it is repackaged appropriately before being provided to the volunteers or patients who will undergo the trials.
  • the patient adherence server allocates, and optionally generates, unique medication ID tokens for the drug, medicine, device or products to be tested. As already mentioned, these medication ID tokens may be generated or they may be existing medication ID tokens that can be re-used.
  • the patient adherence server allocates, and optionally generates, unique patient ID tokens for the patients or volunteers carrying out the clinical trial. This step may be skipped if only the scanning devices are being allocated with scanning device IDs or ID tokens.
  • the patient adherence server allocates, and optionally generates, unique scanning device IDs or ID tokens for the scanning devices to be used by the patients. If step 404 has not been included, the scanning device IDs or ID tokens must ultimately identify patient data as well as scanning device data.
  • the patient adherence server allocates, and optionally generates, unique Medication Schedule ID tokens for the Medication Schedules. This step is optional.
  • the packs of drugs, medicines or products are distributed to the patient, the scanning devices are allocated/distributed to patients and, if there are Medication Schedules, these are also distributed to patients.
  • step 408 when the patient is about to take a dose of the drug or use the product i.e. at a medication event, in accordance with the Medication
  • the medication ID token is captured by the scanning device. This may be performed by the patient or by the patient's representative scanning the medication ID token data carrier.
  • the Medication Schedule ID token is captured by the scanning device. This may be performed by the patient or the patient's representative scanning the Medication Schedule ID token data carrier. If more than one Medication Schedule ID token data carrier is used, for example one for each medication event, the patient or patient's representative scans the appropriate data carrier. Obviously, this step is only included if medication schedules are being used.
  • the patient ID token is captured. This may be performed by the patient or patient's representative. This may be on a prompt from the scanner. Obviously, this step is only included if each patient has been allocated a patient ID token.
  • the ID token(s) are forwarded to the patient adherence server from the scanning device. This may be performed in a number of ways, as already discussed.
  • the patient adherence server receives the ID token(s) and processes and audits the data.
  • the audit at the patient adherence server may show the time of receipt, the patient ID token, the scanning device ID token and/or the medication ID token.
  • the method may end there and steps 408 to 412 may be repeated when the patient takes the next drug dose.
  • the patient adherence server may respond to the message received from the scanning device.
  • the patient adherence server when it receives the ID token message, it sends an acknowledgement back to the patient.
  • This may be in the form of a text to a mobile phone or an email to a PC or any other form of message.
  • the acknowledgement may simply acknowledge receipt of the ID token(s) or it may comprise a unique event code for the patient.
  • the patient can then record that unique event code, at step 414, on the Medication Schedule for authentication.
  • Such authentication of the Medication Schedule may be performed later. For example, if the patient has a hard copy of the Medication Schedule, this may be authenticated at the end of the trial when the Medication Schedules, including the received unique event codes, are returned to the CRO. Or, the authentication of the Medication Schedule may be performed at the same time, for example if the Medication Schedule is in electronic form, an updated form of the Medication Schedule including the received code could be sent immediately to the patient adherence server.
  • FIG. 5 is a schematic diagram showing the method of a second embodiment of the invention.
  • This embodiment shows the method of the invention used to ensure that patients are adhering to a medication routine.
  • the routine may be set out in a medication schedule, or the medication packaging may indicate instructions for using the medication, or the medical provider might simply have verbally instructed the patient on how to use the medication.
  • this embodiment might be particularly useful in the case of patients having long-term diseases or complaints, or in the case of patients at locations remote from medical providers.
  • Most of the steps are the same as the embodiment shown in Figure 4. Note, again, that optional steps are shown with dotted lines.
  • the medication is prescribed to patients.
  • the patient adherence server allocates, and optionally generates, medication ID tokens for the drug, medicine, device or products to be taken or used by the patients. These medication ID tokens may be generated or they may be existing medication ID tokens that can be re-used.
  • the patient adherence server allocates, and optionally generates, unique patient ID tokens for the patients. This step may be skipped if only the scanning devices are being allocated with unique identities.
  • the patient adherence server allocates, and optionally generates, unique tokens for the scanning devices to be used by the patients.
  • the patient adherence server allocates, and optionally generates, unique Medication Schedule ID tokens for the Medication Schedules. This step is optional.
  • the packs of drugs, medicines or products are distributed to the patient, the scanning devices are allocated/distributed to patients and, if there are Medication Schedules, these are also distributed to patients.
  • the medication ID token is captured by the scanning device.
  • the Medication Schedule ID token is captured by the scanning device. Obviously, this step is only included if medication schedules are being used.
  • the patient ID token is captured. This may be on a prompt from the scanning device. Obviously, this step is only included is each patient has been allocated patient ID token.
  • the ID token(s) are sent to the patient adherence server from the scanner. This may be performed in a number of ways, as already discussed.
  • the patient adherence server receives the ID token(s) and processes and audits the data.
  • the audit at the patient adherence server may show the time of receipt, the patient ID token, the scanning device ID token and/or the medication ID token.
  • the method may end there and steps 507 to 511 may be repeated when the patient takes the next drug dose.
  • the patient adherence server may respond to the message received from the scanning device.
  • the patient adherence server when the patient adherence server receives the ID token message, it sends an acknowledgement back to the patient.
  • the acknowledgement may simply acknowledge receipt of the ID token(s) or it may comprises a unique event code for the patient. The patient can then record that unique event code on the medication schedule for authentication.
  • the patient adherence server may be arranged to monitor receipt of the data from a particular patient. If the patient adherence server does not receive the appropriate ID tokens by a particular time, which might indicate that the patient has not used the medication in accordance with the schedule, the patient adherence server may be arranged to send a message to the patient to remind the patient that he/she should have taken the medication. This message could be a text (SMS) message or an electronic mail message. This should prompt the patient to take the medication and capture and forward the appropriate ID tokens. Or, if the patient has indeed taken the medication but not recorded this, this will simply prompt the patient to capture and forward the appropriate ID tokens.
  • SMS text
  • the patient adherence server may be arranged to send further messages.
  • the patient adherence server may even be linked to medical providers so that, after a predetermined period of time without communication from the patient, the patient adherence server can send a prompt to the medical providers to visit the patient. This may be particularly useful in the case of elderly patients, for example, who may not find it easy to adhere to a medication schedule without reminders.
  • the data input device could be used as a mode of communication for the patient and/or medical provider to use during a trial.
  • the patient may report side effects to the CRO as the trial is taking place.
  • the CRO can alert the patient to abort further medication.
  • the data input device is a mobile phone.
  • identification information is used for medical prescriptions. It is possible that those prescriptions could be linked to the medication schedules of the present invention. For example, once a particular prescription is activated (e.g. by the scanning of a data carrier on the prescription), a medication schedule for use in the present invention may be automatically activated. This will cause the patient adherence server to start expecting regular communication from the patient.
  • patient safety may be improved, because the patients are more likely to adhere to the medication schedule. This is particularly true if the patient adherence server is arranged to send reminders to the patient.
  • Doctor liability may be reduced because a system is provided which makes it more likely that patients will adhere to the medication schedule.

Landscapes

  • Health & Medical Sciences (AREA)
  • Engineering & Computer Science (AREA)
  • Epidemiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Chemical & Material Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Medicinal Chemistry (AREA)
  • Medical Treatment And Welfare Office Work (AREA)

Abstract

There is provided an apparatus and method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication. The method and apparatus are particularly advantageous when the plurality of individuals are using the medication in a clinical trial. The apparatus comprises: means for allocating a medication ID token for each item of medication to be used, an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication, means for allocating an individual identity to each individual, means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual, means for processing the received medication ID token and the received individual identity, and means for auditing the received medication ID token and the received individual identity.

Description

Identifier Allocation and Authentication Method and Apparatus suitable for Clinical Trials
The invention relates to the allocation and authentication of ID tokens for use when a plurality of individuals are using medication. Particularly, but not exclusively, the invention relates to the allocation and authentication of
ID tokens for use when a plurality of individuals are using medication in a clinical trial.
Pharmaceutical companies are required to put their products - medicines or devices - through stringent testing, before a licence is obtained for the product to be supplied to, and used by, the general public. Many testing procedures are performed using cell research, animal testing and computer modelling, for example. These tests are designed to prove that a drug, medicine, device, or component thereof is sufficiently safe to be tested on humans. Usually, at that stage, clinical trials, perhaps using volunteers, must be carried out.
Clinical Research Organisations (CROs) are used by pharmaceutical companies to carry out the clinical trials, so that the trials can be conducted in such a way that the tests and results are verifiable, independent and free from bias from any person involved. There should be no clinical bias from the manufacturer, from the medical personnel involved or from the volunteers or patients themselves.
Test procedures vary from country to country and must comply with various legislation, regulation and compliance control. In the US, for example, the FDA (Food and Drug Administration) is responsible for regulating food, dietary supplements, drugs, biological medical products, blood products, medical devices, radiation-emitting devices, veterinary products and cosmetics. In the UK, the MHRA (Medicines and Healthcare products Regulatory Agency) is responsible for ensuring that medicines and medical devices work and are acceptably safe. The roles of the MHRA include the assessment and authorisation of medicinal products for sale and supply in UK, regulating clinical trials of medicines and medical devices, monitoring and ensuring compliance with statutory obligations relating to medicines and medical devices and promoting safe use of medicines and devices. Test procedures also vary between types of medicines or devices and will, of course, depend on the purpose of the trial. Throughout this specification, the term "compliance" is used to denote compliance with test procedures legislation and regulations.
In addition, drugs or compounds which already have a licence for a particular use, to treat a given disease or complaint for example, usually have to undergo further testing to be used in a new application. To maintain independence of the trial procedure and in an attempt to reduce potential bias as far as possible, the clinical trials may be blind or double-blind. In blind trials, the patient or volunteer does not know details of the medical product or device which he or she is testing. For example, the volunteer may not even know whether he or she is being given a placebo rather than the genuine drug. In double-blind trials, neither the patient, nor the medical provider, knows details of the product. Thus, a further level of security and independence is provided.
The packaging and labelling of products is an important part of the trial and pre-trial process. In double-blind test scenarios, for example, generally pharmaceutical manufacturers or, more often, a third party, must package and label drugs so that there is no perceivable difference between those with active compounds and those with no active compounds. These packages are then sent to the CROs for the trials often via one or more independent third parties. However, although the packages must generally be anonymous, it may be desirable for the packages, or individual drugs to be individually marked in some way, so that they can be identified and referenced.
Typically, drugs, medicines, and medical products and devices, are provided in primary and secondary packaging. The primary packaging is the packaging in contact with the drug itself for example a vial or ampule, a blister pack, a bottle containing liquids or tablets, a pre-packed syringe or a foil packet. Secondary packaging may comprise an outer, external pack e.g. bag or box. The identifying marking may be on each dose of the drug, on the primary packaging or on the secondary packaging.
GB 2406690 of Neopost Industrie SA discloses a system in which authentication information is stored, in a data matrix. The data is cryptographically encoded in the data matrix and may be read by a processing unit which checks the validity of the item and transmits a message back to a presentation station indicating whether or not the item is valid. The data matrix may carry a digital signature. The inventors of the present invention have appreciated that identification indicia such as those disclosed in GB 2406690 may be used in a wide variety of applications, such as tokens for redemption in supermarkets, personal money, encoding medical prescriptions and many other uses. The inventors of the present invention have further appreciated the desirability of a validation system that can validate information stored on identification indicia regardless of the application and which can generate the indicia for application.
It is already known to identify drugs, or medicines or medical devices and products using unique identification marks. For example, a particular dose of a drug (e.g. individual pill, syringe etc) may be uniquely identified. Or, a set of doses, for a day or week, may be uniquely identified. Or, simply the primary packaging or secondary packaging of a particular drug can be marked. The inventors of the present invention have appreciated that identification of medicines and drugs would be advantageous in the context of a clinical trial.
There are a number of problems with the identification of drugs, medicines etc currently used in clinical trials.
A first problem is how to obtain useful data from the trial, and this is linked to the requirement to maintain confidentiality of the patients taking part in the clinical trial. No data can come back from the trial that could comprise the compliance issues surrounding the trial. The compliance requirements often set out that a substantial separation between the manufacturers and the CROs must be established, so that the trial results are considered valid, which means that the manufacturers can often obtain little useful data from the trial.
Another problem is the lack of real-time data currently available from some clinical trials. Some clinical trials are hospital trials i.e. trials performed where the individuals involved in the trial are constantly in a medical environment and/or under medical supervision. These are fairly straightforward to oversee. Other clinical trials, however, are community trials i.e. trials performed where the individuals are free to go about their normal business in the community, as long as they adhere to the trial regime. These trials are obviously much more difficult to oversee because the individuals are less easy to monitor. The prior art tends to describe highly controlled, process-driven environments, such as hospitals, where strict controls can be placed between different processes. However, such systems may not be suitable for use outside controlled environments. In community trials, and possibly in some hospital trials, data tends to be gathered at the end of the trial which might limit its usefulness. Also, the lack of real-time feedback in certain circumstances means that CROs cannot be certain that the individuals undertaking the trial adhered to a particular medication schedule. Throughout this specification, the term "adherence" is used to denote individuals adhering to a particular medication regime, routine or schedule.
Another problem is that many of the prior art systems are simply designed to identify medication, for example for verification by a medical practitioner. They are procedural and process driven and mainly for administration purposes. This does not address the issues of compliance with clinical trial regulations or monitoring of patient adherence to medical regimes.
Some of the problems listed above also apply to situations outside the clinical trial. For example, a medical practitioner might want to have reassurance that his or her patient is adhering to a particular medication schedule. This might be particularly important in the case of chronic illnesses (i.e. persistent and long-lasting) where it is very important that regular medication is taken at particular times each day or week. This may also be particularly useful in developing countries in which the medical providers may be a long distance from the patients so that regular appointments with medical personnel are difficult. Indeed, one of the big problems with diseases such as HIV, TB and malaria in developing countries is that patients do not continue to take medication regularly after the first, short period of time and there is very little opportunity for medical personnel to monitor this because they see the patients so infrequently. This will require real-time feedback. The medical practitioner might also want a mechanism that will enable him/her to monitor the patient in real time and, if the patient has missed a medication event, to remind the patient and/or if appropriate send a medical practitioner to the patient.
Or, a medical practitioner might want to have real-time feedback as to when a patient needs to take a particular drug. With some diseases, the drugs will not need to be taken regularly, but simply in response to a patient event (for example, in the case of diabetes, a change in patient insulin levels). The real-time feedback in such a reactive situation can provide useful feedback to the medical provider, for example, as to how often the patient needs to use the medication. Thus, the problems associated with the prior art systems relate to the taking of drugs in a clinical trial, the regular taking of drugs outside a clinical trial and the taking of drugs outside a clinical trial in response to patient events.
In addition, the problems listed above may also apply to the testing/prescribing of other products for example the testing or prescribing of dietary supplements, the testing of cosmetics, the testing of beauty products and the testing/prescribing of veterinary products. The present invention might also apply to these products.
According to a first aspect of the invention, there is provided apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
The medication ID token and the individual identity may be generated by the apparatus. Alternatively, or additionally, an existing identifier may be used.
The processing of the received medication ID token and the received individual identity may include decoding the medication ID token and/or the individual identity and/or authenticating the medication ID token and/or the individual identity.
The medication may comprise one or more of drugs, medicines, medical products, medical devices, dietary supplements, cosmetics, beauty products and veterinary products. The system may be used directly by the individuals themselves or on behalf of the individuals by a care provider. Each item of medication may be a dose, a pack, or a number of packs.
The individuals may be patients suffering with a disease, complaint or condition. Or, the individuals may be healthy.
Each medication ID token may include reference to data in an external system. For example, in the case of a clinical trial, the medication ID token may establish a link to the CRO's own reference for the medication. Alternatively, although less likely, the medication ID token may directly link to a database including data relating to the medication. According to the apparatus, identities are created which can be tracked and identified, whilst still maintaining confidentiality. The identities are not directly linked to personal or medication details. Because the token itself does not include any immediately meaningful data, the system is inherently secure since no information can be deduced or extracted from the ID token, except by an authorised party. In one particularly, advantageous arrangement, the medication ID token comprises a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion. Preferably, no data can be deduced or extracted from a portion of the medication ID token, except by a party authorised according to the third party access permissions for that portion.
Preferably, the apparatus is arranged to operate in conjunction with a separate existing clinical trials system, and the third party access permissions establish links and obscure links between the plurality of portions and data in the existing clinical trials system. Whilst prior art systems tend to be used solely to establish links between identities and particular data, the apparatus of the invention is also used obscure links, where data should be hidden, for example to maintain confidentiality, or to comply with trial regulations. The apparatus may further comprise means for generating the medication ID token.
Preferably, each medication ID token includes a header portion and a payload portion. In one embodiment, preferably, one or more of the medication ID tokens each comprise a header, a payload and security information. Preferably, the payload portion is encrypted. Preferably, the header portion includes a PIN flag, the PIN flag, when set to on, indicating that a PIN is required to be entered by a user.
Preferably, the individual identity comprises a patient ID token comprising a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion, so as to maintain confidentiality of the plurality of individuals.
The data carrier is preferably a Data Matrix. The data carriers for different items of medication could be different types of data carrier. Many types of data carrier are possible. The method used by the encoder to encode each medication ID token onto a data carrier will be appropriate for the particular data carrier being used. In a preferred embodiment, the means for receiving the medication ID token and the individual identity is arranged to receive the medication ID token and the individual identity from a data input device allocated to the individual. In one embodiment, the plurality of individuals are using the medication outside a controlled, medical environment and each data input device includes location determination functionality. As already mentioned, the prior art tends to describe highly controlled, process-driven environments, such as hospitals, where strict controls can be placed between different processes. However, such systems may not be suitable for use outside controlled, medical environments. In that embodiment, the apparatus may further comprise means for receiving an indication of the location of the data input device, and hence the location of the individual, when the individual uses the medication. The data input device is preferably arranged to capture the medication ID token and forward the medication ID token to the apparatus. The data input device is also preferably arranged to forward the individual identity to the apparatus. Thus, with a data input device, the data input device is arranged to capture the ID token and forward the ID token to the apparatus, and the apparatus is arranged to receive the ID token from the data input device and process the received ID token.
In that embodiment, the data input device may be a mobile (i.e. wireless or cellular) telephone. Mobile telephones are designed for data and voice communication over a network, known as a cellular network, of specialized based stations, known as cell sites. The mobile telephone preferably has camera functionality and an application installed thereon to capture an ID token from an image and forward the ID token over the mobile network. Alternatively, the mobile telephone may be arranged to capture the ID token in another way e.g. by scanning the ID token data carrier or, less desirably, by an individual manually entering an ID token.
Preferably, the mobile telephone includes location determination functionality using triangulation. Thus, existing technology already inherent in the mobile telephone may be used for determination of location with the apparatus of the invention. In this case, this is done using the cell sites in the mobile telephone's cellular network.
Preferably, the apparatus further comprises means for allocating a mobile telephone ID to each mobile telephone, the mobile telephone ID comprising the International Mobile Equipment Identity of the mobile telephone.
Alternatively, in that embodiment, the data input device may be a PC. The PC may have a reader incorporated or connected to it, for the ID token to be captured. Or, the individual can enter the ID token manually using the keyboard. Or, any other input means may be used. Then, the ID token, along with the individual identity, can be forwarded to the apparatus via a communications link e.g. a Local Area Network (LAN) or the Internet.
Alternatively, in that embodiment, the data input device may be a Personal Digital Assistant (PDA). In that case, the PDA may have a reader incorporated or connected to it, for the ID token to be captured. Or, the individual can enter the ID token manually using one or more of the PDA input devices. Then, the ID token, along with the individual identity, can be forwarded to the apparatus via a communications link e.g. a Local Area Network (LAN) or the Internet.
Preferably, each ID token is sent from the data input device to the apparatus via a communications network. The communications network may be a Local Area Network (LAN), a Wide Area Network (WAN) for example the Internet, a telephone network, a mobile, cellular, telephone network, a Wireless Application Protocol (WAP) communications link and so on. The communications link may be a secure communications link. Data being sent over the communications link may be encrypted.
In the preferred embodiment, the means for allocating an individual identity to each individual comprises: means for allocating a data input device ID or ID token to each data input device; and means for allocating each data input device to a single individual. In this arrangement, the data input device ID or ID token allocated to a data input device must ultimately be able to reach data associated with the respective individual. Also, in this arrangement, the means for receiving the individual identity is arranged to receive the data input device ID or ID token since the data input device ID or ID token is unique to the allocated individual.
Alternatively, in the preferred embodiment, the means for allocating an individual identity to each individual comprises: means for allocating a data input device ID or ID token to each data input device; means for allocating a patient ID token to each individual; and means for allocating each data input device to one or more individuals. In this way, more than one individual can use a single data input device since each individual is allocated with a patient ID token. In this arrangement, the data input device is arranged to forward the data input device ID or ID token and the patient ID token to the apparatus and the means for receiving the individual identity at the apparatus is arranged to receive the data input device ID or ID token and the patient ID token from the data input device, since both ID tokens are required to identify an individual.
The patient ID token may be generated by the apparatus or an existing patient identifier may be used. The data input device may be allocated either with an ID token or with an ID. If a new identifier is generated by the apparatus, this is referred to as a data input device ID token. On the other hand, if an existing identifier is used for the data input device, this is referred to as a data input device ID. An individual allocated to a data input device may be required to enter a PIN at the point of use of the data input device. A PIN may be required either if a data input device is allocated to a single individual or if a data input device is allocated to a plurality of individuals. The PIN may be required by the data input device in order for the individual to be able to use the data input device. Alternatively or additionally, a PIN may be required by an application installed on the data input device in order for the data input device to operate in conjunction with the apparatus. Alternatively or additionally, one or more of the ID tokens captured by the data input device may include an indication that a PIN is required.
Preferably, the data input device is arranged to run a computer program which runs in conjunction with a computer program running on the apparatus. The term "computer program" is a broad term used to indicate any software or application which can run on the data input device.
In one embodiment, the data input device comprises means for sending a reminder to each individual, if the data input device does not read the medication ID token and the individual identity by a predetermined point in time.
Each individual may be using the medication outside a controlled, medical environment and in accordance with a respective regime. Each individual is preferably using the medication in accordance with a respective regime in the form of respective Medication Schedule, and the apparatus may further comprise means for allocating one or more Medication Schedule ID tokens to each Medication Schedule. A single Medication Schedule ID token could be allocated, or separate ID tokens could be allocated for each individual medication event on the Medication Schedule. The Medication Schedule ID token(s) may be generated by the apparatus. Alternatively, existing Medication Schedule identifiers may be used.
The apparatus may further comprise means for encoding each Medication Schedule ID token onto a data carrier for application to the associated Medication Schedule. The apparatus may further comprise means for receiving from each individual, when the individual uses the medication, the Medication Schedule ID token of the respective Medication Schedule.
The apparatus may further comprise means for sending a reminder to each individual, if the apparatus does not receive the medication ID token and the individual identity by a predetermined point in time. The point in time may be determined by the Medication Schedule. In that case, the apparatus may further comprise means for sending a prompt to a medical provider, if the apparatus does not receive the medication ID token and the individual identity by a predetermined time after the reminder. The prompt may prompt the medical provider to take relevant action, for example visiting the individual.
Preferably, the apparatus further comprises means for sending to each individual, when the apparatus processes the medication ID token and the individual identity, an acknowledgement. The acknowledgement may include a unique event code to be recorded by the individual, for later authentication. If the individual is using the medication in accordance with a Medication Schedule, the individual may record the received unique event code on the Medication Schedule, perhaps in relation to a specific medication event. The acknowledgement may provide an incentive to the individual to adhere to the instructions or schedule for using the medication since the individual will be aware that his data is being recorded. It will also be impossible for the individual to enter a fake code, without this being detected. The unique event code is preferably authenticatable later, so as to verify that the individual has adhered to instructions for using the medication.
The means for auditing may be arranged to record the time of receipt of the medication ID token and the individual identity and the medication ID token and individual identity received. The apparatus may be arranged to authenticate the received ID token and individual identity against a central and auditable record.
In one preferred embodiment, the apparatus is suitable for allocating and authenticating ID tokens for use when a plurality of individuals are using the medication in a clinical trial. According to the first aspect of the invention, there is also provided apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from a data input device allocated to each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual, wherein the data input device includes location determination functionality; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
According to the first aspect of the invention, there is also provided apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the apparatus being arranged to operate in conjunction with a separate existing clinical trials system, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used, each medication ID token comprising a plurality of portions, and being structured so as to establish links between some of the plurality of portions and data in the existing clinical trials system, and so as to obscure links between other of the plurality of portions and data in the existing clinical trials system; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity. According to the first aspect of the invention, there is also provided apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment and in accordance with a regime, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; means for auditing the received medication ID token and the received individual identity; and means for sending to each individual, a reminder, if the medication ID token and the individual identity of the individual have not been received by a predetermined time determined by the regime.
According to a second aspect of the invention, there is provided a data input device specially adapted for use with the apparatus of the first aspect of the invention. According to the second aspect of the invention, there is also provided a mobile telephone having a software application running thereon, for use with the apparatus of the first aspect of the invention. According to a third aspect of the invention, there is provided a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the method comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity.
In one embodiment, the medication ID token comprises a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion. Alternatively, or additionally, the individual identity may comprise a patient ID token comprising a plurality of portions, and the apparatus may be arranged to define third party access permissions for data associated with each portion, so as to maintain confidentiality of the plurality of individuals. The data carrier may be a Data Matrix.
The step of receiving the medication ID token and the individual identity preferably comprises receiving the medication ID token and the individual identity from a data input device allocated to the individual. In one embodiment, the data input device is a mobile (i.e. cellular) telephone. In other embodiments, the data input device is a PC or a PDA.
The step of receiving the medication ID token and the individual identity from a data input device preferably comprises receiving the medication ID token and the individual identity from the data input device via a communications network.
The step of allocating an individual identity to each individual may comprise: allocating a data input device ID or ID token to each data input device; and allocating each data input device to a single individual. Or, the step of allocating an individual identity to each individual may comprise: allocating a data input device ID or ID token to each data input device; allocating a patient ID token to each individual; and allocating each data input device to one or more individuals.
An individual allocated to a data input device may be required to enter a PIN at the time of using the data input device. Each individual may be using the medication in accordance with a respective Medication Schedule, and the method may further comprise the step of allocating one or more Medication Schedule ID tokens to each Medication Schedule. The method may further comprise the step of encoding each Medication Schedule ID token onto a data carrier for application to the associated Medication Schedule. The method may further comprise the step of receiving from each individual, when the individual uses the medication, the or a Medication Schedule ID token of the respective Medication Schedule.
Preferably, the method further comprises the step of sending an acknowledgement to each individual, after the step of processing the medication ID token and the individual identity. The step of auditing the received medication ID token and the received individual identity may comprise recording the time of receipt of the medication ID token and the individual identity received.
In one preferred embodiment, the method is suitable for allocating and authenticating ID tokens for use when a plurality of individuals are using the medication in a clinical trial.
According to the third aspect of the invention, there is also provided a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment, the method comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from a data input device allocated to each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual, wherein the data input device includes location determination functionality; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity. According to the third aspect of the invention, there is also provided a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the method being arranged to operate in conjunction with a separate existing clinical trials system, the method comprising the steps of: allocating a medication ID token for each item of medication to be used, each medication ID token comprising a plurality of portions, and being structured so as to establish links between some of the plurality of portions and data in the existing clinical trials system, and so as to obscure links between other of the plurality of portions and data in the existing clinical trials system; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity. According to the third aspect of the invention, there is also provided a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment and in accordance with a regime, the method comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; auditing the received medication ID token and the received individual identity; and sending to each individual, a reminder, if the medication ID token and the individual identity of the individual have not been received by a predetermined time determined by the regime. Features described in relation to the apparatus of the invention may also be applicable to the method of the invention. Similarly, features described in relation to the method of the invention may also be applicable to the apparatus of the invention.
According to a fourth aspect of the invention, there is provided a computer program which, when run on computer means, causes the computer means to carry out the method of the third aspect of the invention. According to the fourth aspect of the invention, there is also provided a computer program arranged to run on a data input device and arranged to work in conjunction with the above-mentioned computer program. According to the fourth aspect of the invention, there is also provided a software application arranged to run on a mobile telephone and arranged to work in conjunction with the apparatus of the first aspect of the invention. According to the fourth aspect of the invention, there is also provided a record carrier having stored thereon a computer program which, when run on computer means, causes the computer means to carry out the method of the third aspect of the invention. According to a fifth aspect of the invention, there is also provided a method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the method comprising the steps of: computer means allocating a medication ID token for each item of medication to be used; the computer means encoding each medication ID token onto a data carrier for application to the associated item of medication; the computer means allocating an individual identity for each individual; when an individual uses an item of medication, the individual forwarding the medication ID token of the item of medication and the individual identity of the individual to the computer means; the computer means receiving the medication ID token and the individual identity; the computer means processing the medication ID token and the individual identity; and the computer means auditing the received medication ID token and the received individual identity.
Features described in relation to one aspect of the invention may also be applicable to other aspects of the invention.
Exemplary embodiments of the invention will now be described with reference to the accompanying drawings, of which: Figure 1 shows the structure of one embodiment of a unique ID token; Figure 2 shows the structure of a first embodiment of the patient adherence server;
Figure 3 shows the structure of a second, alternative embodiment of the patient adherence server; Figure 4 is a flow chart of one embodiment of the method of the invention; and Figure 5 is a flow chart of a second embodiment of the method of the invention. As already described, the system provides an apparatus and method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, particularly, but not exclusively, in the context of a clinical trial. The apparatus may be in the form of a patient adherence server. The system provides a mechanism for remote monitoring of patient adherence and is designed to work hand in hand with an existing system, for example that of a CRO, which is linked to patient data and so on. The ID tokens are therefore used to establish links between different pieces of data or to obscure links, where data should only be accessible to certain individuals. The aim is to build up an audit trail of events and transactions. A unique ID token is allocated for each item of medication to be used - a medication ID token - and a unique individual identity is allocated to each individual. The medication ID token and the individual identity may be specially created for use in the system or an existing identifier can be used. The individual identity can comprise a patient ID token and a data input device ID or ID token for a data input device allocated to one or more individuals, or simply a data input device ID or ID token for a data input device which is allocated to a single individual and therefore uniquely identifies that individual. The patient ID token may be specially created for use in the system or an existing identifier can be used. For the data input device, a new identifier may be created - referred to as a data input device ID token - or an existing identifier, such as a mobile telephone number or similar, may be used - referred to simply as a data input device ID. Optionally, one or more unique ID tokens may be allocated for a medication schedule - Medication Schedule ID token(s) - which instructs the individual how to use the medication. Again, these ID tokens may be specially created for use in the system, or existing identifiers may be used.
The ID tokens allow a unique entity to be created, printed (if appropriate), and authenticated. The data carrier for an ID token may take a number of different forms. For example, the data carrier could be in the form of a Data Matrix (DMx) which is an encoding standard used to produce a 2- D barcode. Other data carriers may be used and this will depend on the nature of the ID token and how it is to be used. For example, the data carrier for the ID token could be in the form of an RFID (Radio Frequency Identification) or 1-D, 2-D or 3-D barcode symbologies.
The ID token preferably takes a form similar to that shown in Figure 1. The particular structure will depend on how the ID token is to be used, for what item the token is to be used and so on. A number of different types of structure and/or data carrier may be used within a given system.
Referring to Figure 1 , in this embodiment, the ID token 200 contains a contents portion 201 and a security portion 203. The contents portion 201 is divided into a header portion 205 and a payload portion 207. Typically, the header will contain a data set having at least three data sub-sets. The first sub-set 209 identifies the type of ID token. This is required in any open system in which the ID token could represent a number of different things such as a particular pack of medicine, a particular Medication Schedule, a particular patient, or a particular scanning device to be used by a patient. The identity type data set 209 identifies the nature of the ID token. The second data sub-set 211 is a Token Identification Number TIN. The TIN is a unique number that identifies a particular ID token. The third data sub-set 213 is a PIN (Personal Identification Number) and comprises a flag. Depending on whether this flag is set on or off, a PIN may need to be entered when the ID token is, for example, scanned by a patient or medical provider. The PIN can then be compared with a stored number for verification. PINs can also be used in other ways - these are discussed further below. One aspect of the invention which is important is the fact that ID tokens may be structured so as to establish links between different pieces of data, or to obscure links, where data should only be accessible to certain parties. Thus, in certain embodiments, one or more of the ID tokens used is structured in such a way that different sections of the ID token refer to different portions of data, and the patient adherence server is able to define permissions for access by third parties for the various portions of data. This may be particularly important in the case of a medication ID token, but may be used for other ID tokens. Note that the medication ID tokens are not primarily used in order to authenticate the medication itself. The ID tokens provide a security measure designed to overcome some of the difficulties of prior art systems, which do not allow users to collate meaningful data. The most preferable structure used for a given ID token will clearly depend on whether the ID token is being used for a patient, a scanning device, a medication schedule or medication and this will be discussed in more detail below. Thus, the ID token is effectively a data string, which may be captured and forwarded over a communications link. Some element of the ID token could utilise some element of cryptographic protection. For example, the ID token's security portion may specify that the payload is encrypted, in which case the cipher (encrypted text) will be stored in the payload. One suitable encryption algorithm is the AES symmetric algorithm for encryption of payload content. Preferably, the allocation of the ID tokens is performed by apparatus in the form of a patient adherence server, which may also create the ID tokens and which is also responsible for the processing and auditing of the ID tokens. The patient adherence server preferably operates in conjunction with the Clinical Research Organisation or a third party to generate unique ID tokens that are appropriate for the particular drug or clinical trial or patients concerned.
In one embodiment, the patient adherence server may take a form like that described in WO 2006/059124, also in the name of the applicant, the contents of which are incorporated herein by reference. In that embodiment, the system comprises a core generic part plus application- or customer-specific wrappers. The core includes a database, for example an Oracle 10g database, which holds data to be included in the ID tokens and data which is related to data held in the ID token's payload. The core is responsible for creation, updating and delivery of ID tokens. The core is also responsible for the processing of scanned data carriers to authenticate them. In this case, the patient adherence server may comprise a core generic part like that in WO 2006/059124, which could be used in any number of systems, plus an application-specific wrapper adapting the system for the present clinical trial application. Such an arrangement is shown in Figure 2. Referring to Figure 2, the core 301 comprises a Service Management Module, a Delivery Manager Module, a Security Manager Module, an Audit Manager Module, an Archive Manager Module, a Token Manager Module, an Authentication Module, a Redemption Module, An Identity Management Module, a Reporting Module and APIs (Application Programming Interfaces for e.g. Java and Web Services). The wrapper 303 comprises the additional functionality required for the present application: a Mobile Phone ID Management Module, a Web Services Module, a Mobile Authentication & Communication System and a Wrapper database.
An alternative arrangement for the patient adherence server 300' is shown in Figure 3. In this case, the design of the patient adherence server is specific to this application. The patient adherence server 300' includes an ID Token Generation Module, a Mobile Phone ID Management System, an Allocation of ID Tokens Interface, an ID Token Authentication Module, a Mobile Authentication and Communication System, an Authenticating Audit and Reporting Module, Security and Cryptographic Modules, and a Web- based Services Module.
The patient adherence server may be implemented in software or hardware. The patient adherence server could make use of cryptographic protection. For example, all records stored on the patient adherence server could be encrypted. More details on the function of the patient adherence server will be discussed below when the method of one embodiment of the invention is described.
Now we consider the particular ID token requirements for the present system. A medication ID token is allocated to the drug, device or product being tested in the clinical trial. (Note that the term "medication" has been used to refer to any type of drug, medical product, medical device, beauty product etc being tested or used by individuals.) The medication ID token can be encoded in a data carrier which can be applied to the primary or secondary packaging. The medication ID token data carrier can be applied by the manufacturer (pharmaceutical company), the Clinical Research Organisation, or, more usually a separate third party, depending on the nature and requirements of the trials. It may be possible, even for a double- blind trial, for the medication ID tokens to be applied by the CRO, as long as the medical personnel are not able to determine the nature of the drug from a particular medication ID token. In a blind trial, the patient or volunteer concerned must not be able to identify the nature of the drug or any information that could lead to bias in the trial.
The method of application will depend on the type of data carrier used for the medication ID token and this may depend on where the data carrier is to be applied. For example, it may be straightforward to apply an RFID to secondary packaging of a drug but, for use on primary packaging, a barcode symbology may be more appropriate because of the space available.
For a particular trial, the packaging and medication ID tokens can be arranged appropriately. For example, each individual dosage (referred to as "medication events" later) could be packaged separately and allocated a particular medication ID token. The medication ID token might be unique for the particular drug being tested, for the particular batch of the drug, for a particular secondary packaging, for a particular primary packaging, or for a particular dosage. This will depend on the requirements of the trial. For example, in a trial testing how the effect of a drug changes with the age of the drug, it may only be necessary for the medication ID token to identify the batch, so that the age of the particular dose being taken can be determined. Alternatively, in a trial testing how the effect of a drug changes with slight changes in dosage, it may be necessary for each dosage to be uniquely identified, so that the amount of drug taken by a particular patient can be determined. Most usually, however, the medication ID token will be unique to a particular pack of medication. In one embodiment, a drug ID is created by the patient adherence server, a pack ID is created by the patient adherence server and a unique medication ID token is created having the format shown in Figure 1. In this embodiment, the token header 205 may comprise a web URL (Uniform Resource Locator), the token payload 207 may comprise data allowing drug information to be retrieved. This medication ID token is then encoded into a data matrix which is then printed either directly onto primary or secondary packaging or onto a label which is applied to primary or secondary packaging. In the case of a medication ID token, the payload portion of the medication ID token may include the CRO's own identification and reference data, or other information establishing a link between the medication ID token and the next level down in the data trail, but will probably not contain more basic data. This is because the system of the invention is extensibly not designed to stand alone but instead to work in conjunction with an existing clinical trials system.
It is most likely that the CRO's identification and reference data will then ultimately enable data on one or more of: the manufacturer, the production site and line, the production date and time, the batch number, the lot number to be retrieved. One of the advantages of this arrangement is that different portions of the payload may be accessible to different individuals, and the permissions may be set centrally by the patient adherence server. This was discussed earlier and is particularly advantageous for the medication ID tokens. For example, for a double-blind trial, the medical personnel at the CRO cannot know the details of the drug, but they should know details of the dosage to be taken. It may be acceptable for other members of the CRO, not directly involved in patient care, to know details of the drug.
For the purposes of a clinical trial, or indeed for the purposes of monitoring that individuals are adhering to a medication schedule, or for the purposes of receiving real-time feedback on medication events, each individual (usually patient or volunteer) must be uniquely identified. This is achieved by an individual identity. In this embodiment, this can be achieved in one of two ways. In an embodiment of the method of the invention, each patient uses a data input device such as a scanning device (more details on this later) to scan the medication ID token data carrier. So, either the patient can be allocated a unique identity and the scanning device can be allocated a unique identity or only the scanning device can be allocated a unique identity and each scanning device can be usable by and therefore inextricably linked to only one patient. Thus, in the first example, the individual identity comprises a patient ID token and a scanning device ID token. In the second example, the individual identity comprises only a scanning device ID token.
In the first example, a unique identity - patient ID token - is allocated to each patient. The patient ID token could take the form shown in Figure 1. It is important that details of the patient cannot be determined directly from the patient ID token, in order to preserve patient confidentiality and to avoid bias. However, the patient details must be ultimately retrievable so that the results of the trial can be processed. As already discussed, different permissions may be defined for respective portions of the ID token data. The token could be encoded onto a data carrier which, for example, might be applied onto a credit card or coupon which the patient retains. Alternatively, the patient could simply be allocated a PIN which uniquely identifies them via the central database. Other types of unique identification are also possible and may include use of an individual's biometric features and/or data. The patient ID token could be incorporated into any of the other existing ID tokens, or it could be a separate entity.
In the second example, no patient ID token is allocated to each patient. A unique identity is simply allocated to each data input device - scanning device ID token - and each data input device is linked to a single patient.
The data input device may take a number of forms and it is not essential that it has scanning functionality. It must simply be able to capture a data carrier (from the drug packaging for example) and communicate that to the patient adherence server, either independently or via a separate connection. Thus, the data input device must have capture functionality and communication functionality. In one example, the data input device could be a portable scanner (of the type used in supermarkets for example) linked to a PC, able to send data over the Internet. Or, the data input device (scanner, reader, keyboard...) could be linked to a Personal Digital Assistant (PDA). Alternatively, the data input device could be a mobile telephone pre-installed with a scanner. The mobile telephone is preferably WAP and/or text enabled so that received data can be sent to the patient adherence server. The scanner may be a barcode reader or other suitable reader, depending on the type of data carrier used in the particular trial. Or, a patient could simply enter a barcode number or alphanumeric characters manually, without the need for scanning. The data input device must be able to read input data on the drug or product and optionally also on the patient and send that data to the patient adherence server, either itself or with the aid of a separate communications link.
In one preferred example, the data input device is a mobile camera phone which incorporates a camera and which is WAP and/or text enabled. The mobile phone has a pre-installed application which allows an image taken of a data carrier on drug packaging to be deciphered to derive the medication ID token and for the medication ID token to be forwarded to the patient adherence server. A unique identity - scanning device ID or ID token - is allocated to each mobile phone. This may comprise the telephone number, or the 15-digit IMEI (International Mobile Equipment Identity) or equivalent which is programmed into a handset when it is manufactured, or, more preferably, both. This is referred to as a scanning device ID. Or, it may be a new identifier generated for the purposes of using the system, in which case it is referred to as a data input device ID token. Note that the telephone number is usually allocated to the SIM card rather than the handset whereas the IMEI is allocated to the handset. Therefore, using the IMEI or equivalent improves security.
In the case where both a patient ID token and data input device ID or ID token are allocated, it is possible for more than one patient to use a single data input device.
It has already been discussed that PINs can be used with an ID token and this can be implemented in a number of ways.
Firstly, as already mentioned, the medication ID token can include a PIN flag, set to 1. In this case, when the medication ID token is captured by the data input device, either the data input device, or the patient adherence server once the ID token has been forwarded, will see that a PIN is required and will prompt the user to enter a PIN. Effectively, this establishes an additional security factor in the link between the user and the medication.
Secondly, the application installed on the data input device may require a PIN from the user in order to allow and correctly handle the captured medication ID token and any other captured identifiers. The PIN could be used in addition to, or instead of, a patient ID token.
Thirdly, and most simply, the data input device could require a PIN from the user, in order for the user to be able to use the data input device. For example, in the case of a mobile phone, this might simply be a standard mobile phone passcode.
Use of a PIN in any of these three contexts improves security and may be used to establish and verify links between a particular patient and the captured ID tokens. Any combination of the three PIN types can be used.
A PIN can be used whether a single data input device is allocated to several individuals or whether each data input device has a single allocated user. In the former case, the PIN, possibly together with the patient ID token, or, in fact, functioning as a patient ID token, can be used to identify the patient using the device at that time. An additional or alternative way for the patient to identify him or herself (when either a single patient is allocated to each data input device or when several patients can use one data input device) is with the use of biometric data. For example, the patient could use his thumb or fingerprint to identify himself, optionally together with a PIN. Obviously, this would further increase security, since biometric data cannot be transferred between individuals. One additional piece of functionality that can be provided on the mobile phone (or indeed any other type of data input device) is determination of position, such as mobile phone position, using triangulation or possibly GPS (Global Positioning System). This enables the location of the scanning device, and hence the patient, to be determined. This would provide an additional piece of data to the patient adherence server, that is, the location of patient at time of the medication event. This could be useful in remote locations, for example, or in the case of a clinical trial which is concerned with the effect of location on a particular medical product or where a patient is mobile and needs to be tracked. It is recognised that not all clinical trials are conducted in a controlled environment.
One or more tokens may be allocated to the particular medication schedule or other patient advice or documentation forming the basis for the clinical trial or patient adherence - Medication Schedule ID token(s). The Medication Schedule may be provided to the patient in hard copy, in which case one or more data carriers, in which Medication Schedule ID token(s) is/are encoded, may be applied directly to the Medication Schedule. Alternatively, the Medication Schedule may be provided to the patient electronically.
The Medication Schedule may simply include one data carrier to identify that schedule. Or, the Medication Schedule may include more than one data carrier. For example, each dosage of the medication - medication event - may be associated with a different ID token and data carrier. Then, the individual scans/enters the respective data carrier of the dosage being taken. Although the various ID tokens have been described as separate entities, two or more may be combined together. For example, a patient ID token could be incorporated into a medication ID token or into a Medication
Schedule ID token.
Figure 4 is a schematic diagram showing the method of one embodiment of the invention. This embodiment shows the method of the embodiment of the invention used in a clinical trial. Note that optional steps are shown with dotted lines. The method according this embodiment is as follows:
At step 401 , the pharmaceutical company produces the medication to be tested. Recall that the term "medication" incorporates any medical device or product, beauty product, cosmetic or veterinary product.
At step 402, the pharmaceutical company forwards the drug, medicine, device or product to the CRO in order for them to carry out the clinical trial. This forwarding may be via one or more third parties. In the case of a double-blind trial, the pharmaceutical company or, more usually, a third party, will ensure that the packaging is such that the medical personnel of the CRO cannot identify the drug or any details connected with the drug.
In that case, the patient adherence server may work with the manufacturer,
CRO or third party to generate the unique medication ID tokens for the drug, although existing medication ID tokens may simply be allocated. In the case of a blind trial, the drugs or medicine need not be anonymous when passed to the CRO, as long as it is repackaged appropriately before being provided to the volunteers or patients who will undergo the trials.
At step 403 the patient adherence server allocates, and optionally generates, unique medication ID tokens for the drug, medicine, device or products to be tested. As already mentioned, these medication ID tokens may be generated or they may be existing medication ID tokens that can be re-used.
At step 404, the patient adherence server allocates, and optionally generates, unique patient ID tokens for the patients or volunteers carrying out the clinical trial. This step may be skipped if only the scanning devices are being allocated with scanning device IDs or ID tokens. At step 405, the patient adherence server allocates, and optionally generates, unique scanning device IDs or ID tokens for the scanning devices to be used by the patients. If step 404 has not been included, the scanning device IDs or ID tokens must ultimately identify patient data as well as scanning device data.
At step 406, the patient adherence server allocates, and optionally generates, unique Medication Schedule ID tokens for the Medication Schedules. This step is optional.
At step 407, the packs of drugs, medicines or products are distributed to the patient, the scanning devices are allocated/distributed to patients and, if there are Medication Schedules, these are also distributed to patients.
At step 408, when the patient is about to take a dose of the drug or use the product i.e. at a medication event, in accordance with the Medication
Schedule (if being used), the medication ID token is captured by the scanning device. This may be performed by the patient or by the patient's representative scanning the medication ID token data carrier.
At step 409, which is optional, the Medication Schedule ID token is captured by the scanning device. This may be performed by the patient or the patient's representative scanning the Medication Schedule ID token data carrier. If more than one Medication Schedule ID token data carrier is used, for example one for each medication event, the patient or patient's representative scans the appropriate data carrier. Obviously, this step is only included if medication schedules are being used.
At step 410, which is also optional, the patient ID token is captured. This may be performed by the patient or patient's representative. This may be on a prompt from the scanner. Obviously, this step is only included if each patient has been allocated a patient ID token.
At step 411 , the ID token(s) are forwarded to the patient adherence server from the scanning device. This may be performed in a number of ways, as already discussed.
At step 412, the patient adherence server receives the ID token(s) and processes and audits the data. The audit at the patient adherence server may show the time of receipt, the patient ID token, the scanning device ID token and/or the medication ID token.
The method may end there and steps 408 to 412 may be repeated when the patient takes the next drug dose. Alternatively, the patient adherence server may respond to the message received from the scanning device.
At step 413, when the patient adherence server receives the ID token message, it sends an acknowledgement back to the patient. This may be in the form of a text to a mobile phone or an email to a PC or any other form of message. The acknowledgement may simply acknowledge receipt of the ID token(s) or it may comprise a unique event code for the patient. The patient can then record that unique event code, at step 414, on the Medication Schedule for authentication. Such authentication of the Medication Schedule may be performed later. For example, if the patient has a hard copy of the Medication Schedule, this may be authenticated at the end of the trial when the Medication Schedules, including the received unique event codes, are returned to the CRO. Or, the authentication of the Medication Schedule may be performed at the same time, for example if the Medication Schedule is in electronic form, an updated form of the Medication Schedule including the received code could be sent immediately to the patient adherence server.
Figure 5 is a schematic diagram showing the method of a second embodiment of the invention. This embodiment shows the method of the invention used to ensure that patients are adhering to a medication routine. The routine may be set out in a medication schedule, or the medication packaging may indicate instructions for using the medication, or the medical provider might simply have verbally instructed the patient on how to use the medication. As already discussed, this embodiment might be particularly useful in the case of patients having long-term diseases or complaints, or in the case of patients at locations remote from medical providers. Most of the steps are the same as the embodiment shown in Figure 4. Note, again, that optional steps are shown with dotted lines.
At step 501 , the medication is prescribed to patients. At step 502, the patient adherence server allocates, and optionally generates, medication ID tokens for the drug, medicine, device or products to be taken or used by the patients. These medication ID tokens may be generated or they may be existing medication ID tokens that can be re-used. At step 503, the patient adherence server allocates, and optionally generates, unique patient ID tokens for the patients. This step may be skipped if only the scanning devices are being allocated with unique identities.
At step 504, the patient adherence server allocates, and optionally generates, unique tokens for the scanning devices to be used by the patients.
At step 505, the patient adherence server allocates, and optionally generates, unique Medication Schedule ID tokens for the Medication Schedules. This step is optional. At step 506, the packs of drugs, medicines or products are distributed to the patient, the scanning devices are allocated/distributed to patients and, if there are Medication Schedules, these are also distributed to patients.
It is foreseeable that all the above steps could take place at a similar time. For example, when the patient leaves a doctors surgery or hospital with a prescription for medication or the medication itself, they may also have the appropriate ID tokens and may be ready to use the system.
At step 507, when the patient is about to take a dose of the drug or use the product i.e. at a medication event, in accordance with the Medication Schedule (if being used), the medication ID token is captured by the scanning device.
At step 508, which is optional, the Medication Schedule ID token is captured by the scanning device. Obviously, this step is only included if medication schedules are being used.
At step 509, which is also optional, the patient ID token is captured. This may be on a prompt from the scanning device. Obviously, this step is only included is each patient has been allocated patient ID token. At step 510, the ID token(s) are sent to the patient adherence server from the scanner. This may be performed in a number of ways, as already discussed.
At step 511 , the patient adherence server receives the ID token(s) and processes and audits the data. The audit at the patient adherence server may show the time of receipt, the patient ID token, the scanning device ID token and/or the medication ID token.
The method may end there and steps 507 to 511 may be repeated when the patient takes the next drug dose. Alternatively, the patient adherence server may respond to the message received from the scanning device.
At step 512, when the patient adherence server receives the ID token message, it sends an acknowledgement back to the patient. The acknowledgement may simply acknowledge receipt of the ID token(s) or it may comprises a unique event code for the patient. The patient can then record that unique event code on the medication schedule for authentication.
There is an additional function that can be included in the method of the invention, with either embodiment described above. This makes use of the fact that the method of the invention is able to provide real-time data to the patient adherence server. The patient adherence server may be arranged to monitor receipt of the data from a particular patient. If the patient adherence server does not receive the appropriate ID tokens by a particular time, which might indicate that the patient has not used the medication in accordance with the schedule, the patient adherence server may be arranged to send a message to the patient to remind the patient that he/she should have taken the medication. This message could be a text (SMS) message or an electronic mail message. This should prompt the patient to take the medication and capture and forward the appropriate ID tokens. Or, if the patient has indeed taken the medication but not recorded this, this will simply prompt the patient to capture and forward the appropriate ID tokens.
If a further period of time elapses without communication from the patient, the patient adherence server may be arranged to send further messages. The patient adherence server may even be linked to medical providers so that, after a predetermined period of time without communication from the patient, the patient adherence server can send a prompt to the medical providers to visit the patient. This may be particularly useful in the case of elderly patients, for example, who may not find it easy to adhere to a medication schedule without reminders.
Another additional function that makes use of the fact that the patient adherence server receives real-time information, is as follows. The data input device could be used as a mode of communication for the patient and/or medical provider to use during a trial. For example, the patient may report side effects to the CRO as the trial is taking place. Or, the CRO can alert the patient to abort further medication. Clearly, this is particularly helpful when the data input device is a mobile phone.
There is another additional function that can be included in the method of the invention. In the applicant's case WO 2006/059139, the contents of which are incorporated herein by reference, identification information is used for medical prescriptions. It is possible that those prescriptions could be linked to the medication schedules of the present invention. For example, once a particular prescription is activated (e.g. by the scanning of a data carrier on the prescription), a medication schedule for use in the present invention may be automatically activated. This will cause the patient adherence server to start expecting regular communication from the patient.
As will be appreciated by the foregoing discussion, there are a number of benefits associated with the invention.
Firstly, data can be gathered whilst maintaining the confidentiality of those individuals taking part. This is essential for an unbiased clinical trial but also provides reassurance to volunteers, which may increase the number of volunteers for clinical trials. Secondly, patients are encouraged to adhere to instructions for using the medication. In the case of a clinical trial, this is important if the trial is going to be considered valid and reliable. In the case of patients simply adhering to a medication schedule, this will lessen the chances of patients stopping taking medication or not taking medication properly. (This is a common problem with many diseases, such as TB.)
In addition, patient safety may be improved, because the patients are more likely to adhere to the medication schedule. This is particularly true if the patient adherence server is arranged to send reminders to the patient.
Doctor liability may be reduced because a system is provided which makes it more likely that patients will adhere to the medication schedule.
Various modifications to the embodiments described are possible and will occur to those skilled in the art. The invention is limited only by the scope of the following claims.

Claims

Claims
1. Apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
2. Apparatus according to claim 1 , wherein the medication ID token comprises a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion.
3. Apparatus according to claim 2, wherein no data can be deduced or extracted from a portion of the medication ID token, except by a party authorised according to the third party access permissions for that portion.
4. Apparatus according to claim 2 or claim 3, wherein the apparatus is arranged to operate in conjunction with a separate existing clinical trials system, and the third party access permissions establish links and obscure links between the plurality of portions and data in the existing clinical trials system.
5. Apparatus according to any of the preceding claims, further comprising means for generating the medication ID token.
6. Apparatus according to any of the preceding claims, wherein each medication ID token includes a header portion and a payload portion.
7. Apparatus according to claim 6, wherein the payload portion is encrypted.
8. Apparatus according to claim 6 or claim 7, wherein the header portion includes a PIN flag, the PIN flag, when set to on, indicating that a PIN is required to be entered by a user.
9. Apparatus according to any of the preceding claims, wherein the individual identity comprises a patient ID token comprising a plurality of portions, and the apparatus is arranged to define third party access permissions for data associated with each portion, so as to maintain confidentiality of the plurality of individuals.
10. Apparatus according to any of the preceding claims, wherein the means for receiving the medication ID token and the individual identity is arranged to receive the medication ID token and the individual identity from a data input device allocated to the individual.
11. Apparatus according to claim 10, wherein the plurality of individuals are using the medication outside a controlled, medical environment and each data input device includes location determination functionality.
12. Apparatus according to claim 11 , further comprising means for receiving an indication of the location of the data input device, and hence the location of the individual, when the individual uses the medication.
13. Apparatus according to any of claims 10 to 12, wherein the data input device is arranged to capture the medication ID token and forward the medication ID token to the apparatus.
14. Apparatus according to any of claims 10 to 13, wherein the data input device is arranged to forward the individual identity to the apparatus.
15. Apparatus according to any of claims 10 to 14, wherein the data input device is a mobile telephone.
16. Apparatus according to claim 15, wherein the mobile telephone includes location determination functionality using triangulation.
17. Apparatus according to claim 15 or claim 16, further comprising means for allocating a mobile telephone ID to each mobile telephone, the mobile telephone ID comprising the International Mobile Equipment Identity of the mobile telephone.
18. Apparatus according to any of claims 10 to 14, wherein the data input device is a PC or a Personal Digital Assistant.
19. Apparatus according to any of claims 10 to 18, wherein the means for allocating an individual identity to each individual comprises: means for allocating a data input device ID or ID token to each data input device; and means for allocating each data input device to a single individual.
20. Apparatus according to any of claims 10 to 18, wherein the means for allocating an individual identity to each individual comprises: means for allocating a data input device ID or ID token to each data input device; means for allocating a patient ID token to each individual; and means for allocating each data input device to one or more individuals.
— ---o
21. Apparatus according to any of claims 10 to 20, wherein an individual allocated to a data input device is required to enter a PIN at the point of use of the data input device.
22. Apparatus according to any of claims 10 to 21 , wherein the data input device is arranged to run a computer program which runs in conjunction with a computer program running on the apparatus.
23. Apparatus according to any of claims 10 to 22, wherein the data input device comprises means for sending a reminder to each individual, if the data input device does not capture the medication ID token and the individual identity by a predetermined point in time.
24. Apparatus according to any of the preceding claims, wherein each individual is using the medication outside a controlled, medical environment and in accordance with a respective regime.
25. Apparatus according to claim 24 wherein the respective regime is a respective Medication Schedule, and the apparatus further comprises means for allocating one or more Medication Schedule ID tokens to each Medication Schedule.
26. Apparatus according to claim 25, further comprising means for encoding each Medication Schedule ID token onto a data carrier for application to the associated Medication Schedule.
27. Apparatus according to claim 25 or claim 26, further comprising means for receiving from each individual, when the individual uses the medication, the or a Medication Schedule ID token of the respective Medication Schedule.
28. Apparatus according to any of the preceding claims further comprising means for sending a reminder to each individual, if the apparatus does not receive the medication ID token and the individual identity by a predetermined point in time.
29. Apparatus according to claim 28, further comprising means for sending a prompt to a medical provider, if the apparatus does not receive the medication ID token and the individual identity by a predetermined time after the reminder.
30. Apparatus according to any of the preceding claims, further comprising means for sending to each individual, when the apparatus processes the medication ID token and the individual identity, an acknowledgement.
31. Apparatus according to claim 30, wherein the acknowledgement includes a unique event code for recordal by the individual.
32. Apparatus according to claim 31 , wherein the unique event code is authenticatable later, so as to verify that the individual has adhered to instructions for using the medication.
33. Apparatus according to any of the preceding claims, wherein the apparatus is suitable for allocating and authenticating ID tokens for use when a plurality of individuals are using the medication in a clinical trial.
34. Apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from a data input device allocated to each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual, wherein the data input device includes location determination functionality; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
35. Apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the apparatus being arranged to operate in conjunction with a separate existing clinical trials system, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used, each medication ID token comprising a plurality of portions, and being structured so as to establish links between some of the plurality of portions and data in the existing clinical trials system, and so as to obscure links between other of the plurality of portions and data in the existing clinical trials system; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; and means for auditing the received medication ID token and the received individual identity.
36. Apparatus for allocating and authenticating ID tokens for use when a plurality of individuals are using medication outside a controlled, medical environment and in accordance with a regime, the apparatus comprising: means for allocating a medication ID token for each item of medication to be used; an encoder for encoding each medication ID token onto a data carrier for application to the associated item of medication; means for allocating an individual identity to each individual; means for receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; means for processing the received medication ID token and the received individual identity; means for auditing the received medication ID token and the received individual identity; and means for sending to each individual, a reminder, if the medication ID token and the individual identity of the individual have not been received by a predetermined time determined by the regime.
37. A data input device specially adapted for use with the apparatus of any of the preceding claims.
38. A mobile telephone having a software application running thereon, for use with the apparatus of any of claims 1 to 36.
39. A method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the method comprising the steps of: allocating a medication ID token for each item of medication to be used; encoding each medication ID token onto a data carrier for application to the associated item of medication; allocating an individual identity to each individual; receiving from each individual, when the individual uses the medication, the medication ID token of the respective item of medication used and the individual identity of the individual; processing the received medication ID token and the received individual identity; and auditing the received medication ID token and the received individual identity.
40. A method according to claim 39, wherein the step of receiving the medication ID token and the individual identity comprises receiving the medication ID token and the individual identity from a data input device allocated to the individual.
41. A method according to claim 40, wherein the data input device is a mobile telephone.
42. A method according to claim 41 , wherein the mobile telephone includes location determination functionality using triangulation.
43. A method according to any of claims 39 to 42 wherein each individual is using the medication in accordance with a respective Medication Schedule, and the method further comprises the step of allocating one or more Medication Schedule ID tokens to each Medication Schedule.
44. A method according to claim 43, further comprising the step of encoding each Medication Schedule ID token onto a data carrier for application to the associated Medication Schedule.
45. A method according to claim 43 or claim 44, further comprising the step of receiving from each individual, when the individual uses the medication, the or a Medication Schedule ID token of the respective Medication Schedule.
46. A method according to any of claims 39 to 45, further comprising the step of sending an acknowledgement to each individual, after the step of processing the medication ID token and individual identity.
47. A method according to any of claims 39 to 46, wherein the method is suitable for allocating and authenticating ID tokens for use when a plurality of individuals are using the medication in a clinical trial.
48. A computer program which, when run on computer means, causes the computer means to carry out the method of any of claims 39 to 47.
49. A computer program arranged to run on the data input device of claim 37 and arranged to work in conjunction with the computer program of claim 47.
50. A software application arranged to run on a mobile telephone and arranged to work in conjunction with the apparatus of any of claims 1 to 36.
51. A record carrier having stored thereon a computer program which, when run on computer means, causes the computer means to carry out the method of any of claims 39 to 47.
52. A method for allocating and authenticating ID tokens for use when a plurality of individuals are using medication, the method comprising the steps of: computer means allocating a medication ID token for each item of medication to be used; the computer means encoding each medication ID token onto a data carrier for application to the associated item of medication; the computer means allocating an individual identity for each individual; when an individual uses an item of medication, the individual forwarding the medication ID token of the item of medication and the individual identity of the individual to the computer means; the computer means receiving the medication ID token and the individual identity; the computer means processing the medication ID token and the individual identity; and the computer means auditing the received medication ID token and the received individual identity.
PCT/GB2008/002348 2007-07-19 2008-07-08 Identifier allocation and authentication method and apparatus suitable for clinical trials WO2009010718A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB0714130.2A GB0714130D0 (en) 2007-07-19 2007-07-19 identifier allocation and authentication method and apparatus suitable for clinical trials
GB0714130.2 2007-07-19

Publications (1)

Publication Number Publication Date
WO2009010718A1 true WO2009010718A1 (en) 2009-01-22

Family

ID=38476651

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2008/002348 WO2009010718A1 (en) 2007-07-19 2008-07-08 Identifier allocation and authentication method and apparatus suitable for clinical trials

Country Status (2)

Country Link
GB (1) GB0714130D0 (en)
WO (1) WO2009010718A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011045392A1 (en) 2009-10-16 2011-04-21 Westt B.V. Anaerobic/aerobic liquid purification system and method therefor
WO2013006428A1 (en) * 2011-07-01 2013-01-10 Biogen Idec Ma Inc. Drug labeling tool
US20140237950A1 (en) * 2013-02-22 2014-08-28 Clinical Supplies Management, Inc. System and method for labeling trial study materials
US9460277B2 (en) 2010-12-06 2016-10-04 International Business Machines Corporation Identity based auditing in a multi-product environment
CN110049031A (en) * 2019-04-08 2019-07-23 厦门网宿有限公司 A kind of interface security authentication method and server, authentication center's server
US11537748B2 (en) 2018-01-26 2022-12-27 Datavant, Inc. Self-contained system for de-identifying unstructured data in healthcare records
US11755779B1 (en) 2020-09-30 2023-09-12 Datavant, Inc. Linking of tokenized trial data to other tokenized data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0710917A1 (en) * 1994-11-04 1996-05-08 Eli Lilly And Company Method and apparatus for administering clinical trial material
US5845255A (en) * 1994-10-28 1998-12-01 Advanced Health Med-E-Systems Corporation Prescription management system
WO2003001429A2 (en) * 2001-06-23 2003-01-03 Smithkline Beecham P.L.C. Monitoring drug packaging in clinical trial process
EP1349099A2 (en) * 2002-03-25 2003-10-01 Siemens Aktiengesellschaft Method for automatic gathering of patient actions
WO2006059124A1 (en) * 2004-12-03 2006-06-08 First Ondemand Ltd On-line generation and authentication of items
WO2006059139A2 (en) * 2004-12-03 2006-06-08 First Ondemand Ltd Prescription generation, validation and tracking

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5845255A (en) * 1994-10-28 1998-12-01 Advanced Health Med-E-Systems Corporation Prescription management system
EP0710917A1 (en) * 1994-11-04 1996-05-08 Eli Lilly And Company Method and apparatus for administering clinical trial material
WO2003001429A2 (en) * 2001-06-23 2003-01-03 Smithkline Beecham P.L.C. Monitoring drug packaging in clinical trial process
EP1349099A2 (en) * 2002-03-25 2003-10-01 Siemens Aktiengesellschaft Method for automatic gathering of patient actions
WO2006059124A1 (en) * 2004-12-03 2006-06-08 First Ondemand Ltd On-line generation and authentication of items
WO2006059139A2 (en) * 2004-12-03 2006-06-08 First Ondemand Ltd Prescription generation, validation and tracking

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011045392A1 (en) 2009-10-16 2011-04-21 Westt B.V. Anaerobic/aerobic liquid purification system and method therefor
US9460277B2 (en) 2010-12-06 2016-10-04 International Business Machines Corporation Identity based auditing in a multi-product environment
WO2013006428A1 (en) * 2011-07-01 2013-01-10 Biogen Idec Ma Inc. Drug labeling tool
US20140237950A1 (en) * 2013-02-22 2014-08-28 Clinical Supplies Management, Inc. System and method for labeling trial study materials
US11537748B2 (en) 2018-01-26 2022-12-27 Datavant, Inc. Self-contained system for de-identifying unstructured data in healthcare records
CN110049031A (en) * 2019-04-08 2019-07-23 厦门网宿有限公司 A kind of interface security authentication method and server, authentication center's server
CN110049031B (en) * 2019-04-08 2021-05-18 厦门网宿有限公司 Interface security authentication method, server and authentication center server
US11755779B1 (en) 2020-09-30 2023-09-12 Datavant, Inc. Linking of tokenized trial data to other tokenized data

Also Published As

Publication number Publication date
GB0714130D0 (en) 2007-08-29

Similar Documents

Publication Publication Date Title
US8552868B1 (en) Systems, methods, and software for automated medication dispensing and compliance
US20180129979A1 (en) Systems, devices, and methods related to portable digital patient assistant
US9058410B2 (en) Integrated electronic patient health care data coordination system
US10049368B2 (en) Systems, methods and computer program products for providing compliant messaging services
US20140303989A1 (en) Automated medication management system and method for use
US20040232219A1 (en) Medical treatment and prescription administration verification method
US20130159712A1 (en) System and method for verifying and managing distribution of products
US20140089011A1 (en) Medication Management System
WO2009010718A1 (en) Identifier allocation and authentication method and apparatus suitable for clinical trials
US20050071188A1 (en) Secured medical sign-in
US20060169773A1 (en) Providing information regarding a product
US20140180719A1 (en) Personal healthcare information management system and related methods
JP2005512238A (en) Medical after sales support
US11443840B1 (en) Medication adherence apparatus
EP1642190A2 (en) System and method for drug management utilizing transferable labels
US11676693B2 (en) Integrated device and system for drug dispensing
US20090144087A1 (en) Medication identifying and organizing system
WO2021237345A1 (en) Human-centric health record system and related methods
US20020077857A1 (en) Local medication scan code date repository (LMSCDR)
JP2008538244A (en) Method and apparatus for tracking the distribution of pharmaceuticals
US20080091475A1 (en) Medication management and record access system
Laffer et al. Improving medication adherence through technology: analyzing the managing meds video challenge
US11348399B1 (en) MEDsafe medication dispensing and monitoring system
US20220367022A1 (en) Systems, devices and methods for detecting and tracking drug extraction
JP2008310716A (en) Medical information processing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08775892

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08775892

Country of ref document: EP

Kind code of ref document: A1