Consider this: You learned in your monthly meeting that your R&D group has developed ThinSensor, a wearable sensor that can measure glucose levels at programmable intervals, will transmit high/low glucose alerts in real time by text or email to any group of individuals identified by the user to receive them, and will otherwise store the collected data and the time it was taken in a database that is accessible by the sensor wearer and any of her caregivers and medical professionals via a web-based application either on a mobile device or computer. Any individual with access to the application, including doctors and medical professionals, can also input additional information about the sensor wearer, including notes about medications and any related adverse events, doctor’s visits, weight, daily exercise and diet.
But there’s more! Work on ThinSensor2 is already underway, and the plan is to include additional sensing and data collection functionality, ranging from protein and cholesterol tests to pulse rates and step counts. In addition to storing this data and making it available in the same manner and to the same individuals as the original ThinSensor system, the intent is to combine all the collected data with two additional data sets licensed from third parties: The first is a more generalized historical patient data set from a larger population, and the second is a database of academic and clinical research publications.
Once combined, the group plans to enter a joint development agreement with another third party to further utilize the integrated data sets to develop predictive analytical tools that will be incorporated into a third version, ThinSensorU (for “ultimate,” of course). This is the golden child of the R&D pipeline — it will be equipped with text, email and video communication systems that will alert users and their caregivers of medical issues that may arise up to six hours in the future, and it will provide access to a medical professional to discuss whether immediate action should be taken based on a report that is automatically created as part of the alert system.
Certain elements of this project plan likely sound familiar — wearable sensors with data collection capabilities are already on the market, and not just for monitoring glucose. The remainder of the TrueSensor pipeline plan is not so far-fetched, either — TrueSensor, and projects like it, are at the rapidly developing intersection of health care IT, medical devices and pharmaceutical products. Indeed, the promise of using digital health and precision medicine to lower health care costs and obtain better patient outcomes surprisingly seems to be both imminent and the subject of science fiction.
Disruptive innovation, like what we are seeing in the health care industry, often causes disruption elsewhere, and the legal landscape is no exception. The life cycle of digital health products and services — from conception to promotion — presents a unique set of legal challenges, and there is no one-size-fits-all approach to the matrix of issues facing these products. As a lawyer, these are the kind of projects that remind us of law school exams — lots of issues and, often, no clearly defined answers or solutions.
True to form, the hypothetical ThinSensor product line raises myriad pre- and post-launch regulatory, privacy, security and promotional issues. An analysis of those issues is beyond the scope of this article. Instead, we will focus on the issues facing the ThinSensor management team in a rapidly changing intellectual property environment. One of their jobs is to maximize protection of the ThinSensor system’s market position with the IP tools they have at their disposal: patents, copyrights, trade dress, trade secrets and best practices for contracts and licensing. This article explores some of those tools and why one might choose to pursue one or, in the more probable case, some combination of them.
Sometimes, the Finish Line Is the Best Place to Start
The impulse to pursue patent protection is a strong one — often for good reason. Potential strategic partners, investors and acquirers could reasonably equate healthy patent portfolios with strong IP positions. And, if nothing else, a patent imprimatur implicitly establishes the novelty of the underlying technology. However, the ThinSensor system almost certainly includes a number of technologies that, in the current U.S. patent environment, make patenting an option fraught with challenges. Further, aspects of the system that management may wish to keep out of the public domain altogether will not lend themselves to patent protection as the primary form of intellectual property protection.
Before rushing to the patent office, the ThinSensor management team might want to take a closer look at what the ultimate business objectives are for the ThinSensor product line and what features of the system they think will be most valuable to the company and its anticipated customer base. Will it be the collected data? Will it be the technology in the devices and the underlying software? Will it be the algorithms developed as part of the analytics? Do they anticipate being first to their market, with the opportunity for entrenchment — will the web-based application or customer interface features be differentiators? Will it be something else entirely?
Knowing the details of the technology and how it will likely be used is only part of the calculus for an effective IP strategy — understanding the ultimate business strategy is equally important. A few brief examples below illustrate why.
It’s Your Database, but Don’t Assume You Own the Data
The ThinSensor project plan calls for the collection of data from different sources, the eventual integration of that data with data sets from a number of other sources, and the creation of new data sets based on analysis of the aggregated data. It would not be unreasonable for the management team to decide that the data sets created by using the ThinSensor product line will be valuable to potential customers and business partners, independent of the ThinSensor product itself. This may well be true, but careful management of data rights through the evolution of the ThinSensor product line will be critical to the success of any business model relying on the data.
In this case, ThinSensor arguably does not own the data collected from any of the initial sources that form the foundation of the system. Sensor-wearing individuals and patients, in theory, own and control the use of their personal data. Without even addressing HIPAA, the Federal Trade Commission Act or any of the matrix of state laws governing privacy and the use of personal data, the ThinSensor system’s ability to use, share or incorporate the data collected and stored by its users into new products and services will, at the very least, be governed by the terms of the authorizations, consents, privacy policies and other agreements that it has in place. ThinSensor’s use of data generated or collected from health care professionals will governed by many of those same policies and authorizations and may also be subject to a hospital or health care facility’s own separate policies on data usage. And the use of the information contained in data sets licensed from third parties will be subject not only to the terms of those licenses, but also to restrictions flowing from applicable copyrights as well.
Navigating these details will often be a matter of careful drafting, be it contracts, consents or licensing. Knowing what the end game is — or at least, in theory, could be — will be critical for those who are negotiating and creating these documents. And, at no point, should anyone assume that ThinSensor’s unlimited use — let alone ownership — of any level of the original or aggregated data sets will automatically follow.
The critical point is being aware of these issues, knowing what existing agreements are relevant and making sure that persons responsible for negotiating and implementing future and relevant agreements are aware of these issues too.
Protecting the Magic in the Device and System
Assuming the preliminary details of data ownership and use are successfully navigated, the question remains: What elements of the ThinSensor product line can be protected as the company’s intellectual property? To keep things simple (and recognizing they probably are not), we will break the technology elements into three broadly defined buckets: hardware (the sensor), software and data/data analytics. Intellectual property protection is likely available for elements of each of these various aspects of the device and system, but not necessarily the same kind of protection and not necessarily in the same way.
The U.S. Supreme Court has recently taken a metaphorical ax to the types of inventions that are eligible for patent protection. Among the technologies that have faced increased scrutiny for patent eligibility is software. See, e.g., Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347 (2014); American Well Corp. v. Teladoc, Inc., No. 15-CV-12274 (D. Mass. June 13, 2016) (finding that claims directed to “connecting a patient with an available doctor” to be a patent-ineligible abstract idea). This presents an obstacle to the ThinSensor team, as software elements are likely a crucial part of the ThinSensor system.
Notwithstanding the increased difficulty in obtaining patent protection for such technology, particular interactive features of the ThinSensor product line — in other words, the functionality allowing multiple individuals to interact with each other — may be eligible for patent protection. In fact, in an otherwise potentially crowded field of art, it may be that the interaction between various actors is a distinguishing feature of the ThinSensor system. That said, patent claims drafted to include elements performed by more than a single actor are generally hard to enforce (even if that patent is deemed otherwise allowable by the patent office). See, e.g., Akamai Techs., Inc. v. Limelight Networks, Inc., 797 F.3d 20 (Fed. Cir. 2016) (direct infringement occurs when all elements of a claimed method are performed or attributable to a single entity). It may be risky to invest heavily in patent claims that require multiple actors to meet each of the elements of a claim.
That said, the ThinSensor product line likely has a large number of other embedded features and technologies that should be reviewed for potential patentability in the United States: the technology in the sensors themselves (mechanical, electrical, chemical or otherwise), the methods and protocols for secure data transmission between multiple devices, or features of the alert system or analytical tools, to name a few. Whether any of those features adds competitive value to the system may be a useful subject to discuss as a management team before devoting resources to a patent-heavy portfolio. Further, if there is greater value in keeping some part of that system entirely out of the public domain, the disclosure requirements that are part of the patent prosecution process may dictate a different approach.
Trade Secret Protection
In cases where your technology may not be eligible for patent protection, where the patents that you could obtain would be difficult to enforce, or where there are critical aspects of your system that you would prefer not to disclose to the public, trade secret protection may be a good option. Trade secrets can be particularly useful in cases where the innovation is hard to replicate — such as one that relies on an extensive and meticulously created data set and a multidimensional analytic model.
The recently enacted federal Defend Trade Secrets Act makes trade secrets an even more attractive option, as it provides for the first time a uniform federal law governing trade secret protection and enforcement. Technology is not the only element of a trade secret, however. Equally important, whether under state or federal trade secret law, are the efforts that a trade secret owner takes to maintain its secrets as such.
Critical to the success of any trade secret regime are the internal efforts taken by trade secret owners, including careful management over who has access to trade secrets, adequate employee intake and exit interview procedures, ongoing employee training, and sufficient protection in licenses and third-party agreements in which technology may be shared or disclosed. While pursuing patent protection is an effort undertaken as a result of technology development efforts, trade secret protection requires the additional commitment of creating and enforcing a company culture that consistently treats its technology as a secret — this is an effort that will not have an expiration date.
Protection Through Contracts and Licenses
The ThinSensor project anticipates collaboration with a number of third parties, all of whom may have access to the integrated data sets and analytic models that are being created. Careful management of data rights and the ownership of any products, services or models that result from these collaborations will be critical to the ongoing success of the ThinSensor project. Any contracts governing these relationships should also address the nature of the information being shared during the course of the project: If trade secrets form a part of the IP strategy, efforts will need to be taken to restrict and/or carefully manage third-party access to those secrets.
Trade Dress, Design Patent and Copyright Protection
Novel innovation aside, a crucial component governing the success of your product line is whether people like to use it, and various aspects of the customer experience may be subject to intellectual property protection. Knowing what is driving customer decisions will be important for you to understand: Is it the color? The shape and size? Something particular about the design of the user interface or automatic reports? Whether or not the ThinSensor is first to market in its segment, if there are aspects of the user experience you anticipate being a sales driver, you should not neglect the value of potential protection through trade dress, design patents or copyrights. Such protection is particularly important if those same features are easy to mimic — and chances are high that they are.
 Pepper Hamilton LLP partner Sharon R. Klein, chair of the firm’s Privacy, Security and Data Protection Practice, has written about the related data privacy and security issues in several articles, including “Once More Unto the Breach: How Counsel Should Help Clients Prepare for and Respond to Data Incidents,” California Business Law Practitioner (Spring 2016), and “Beyond HIPAA: Connected Health Care and the Internet of Things” (April 2015).
 We assume, for today’s purposes, that freedom to operate is not of great concern.