Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Medical devices and user privacy

(edit: removed redundant rants and added updates)

I recently got diagnosed with a condition (sleep apnea) which means I need to use a machine (CPAP) to have a proper sleep, probably for the rest of my life. The doctor wanted me use the device for a few months, and bring the "report" generated by the device to monitor my progress and discuss further treatment.

I thought it would be a simple task, like using a program or accessing a local network service like a printer would and download a file. However, as I consulted to the device distributors in my area... their sales pitch (disregarding the actual medical functions) were:

A) The machine is constantly connected via wi-fi or cellular to manufacturer's server, and user downloads the report via manufacturer's website or an app.

B) The machine has an SD card slot to which data is copied, but user have to bring its contents to the authorized distributor so they can convert them into a report file.

TL;DR: Very unsatisfied with either options. I never asked for this.

Update #1: For the reports, there's a program called OSCAR (www.sleepfiles.com/OSCAR/) that supports conversion of SD card data. Check device compatibility first. For sleep apnea related discussion, there is a forum (www.apneaboard.com) dedicated to it.

Update #2: From all the available brands, I'm inclined to buy a Chinese brand (Yuwell) simply because of costs alone, even if it is not supported by OSCAR. I see a lot of people recommending ResMed (which has OSCAR support) both online and offline, but the cost is prohibitively expensive for someone in my financial situation with local market prices. Still have to think about it.

Update #3: There's an asshole in the comments arguing "what's so special" about sleep related statistics being copied around. My concern was how those statistics get associated with customer identification (metadata) as distributors often do. Anyways, won't waste my time with the "got nothing to hide" type of dumbfucks.

tomkatt ,

Just use OSCAR to get the data locally from the SD card.

https://www.sleepfiles.com/OSCAR/

Learn more about the machine and do your own management as well. It’s very easy to get into the machine settings to control your air flow, temperature settings, and so on. Take the time to learn what the data from the machine means.

breeze OP ,

Just like the other commenter, thank you for the link. I should find one of the models available listed in there.

tomkatt ,

I currently use a Resmed Airsense 10 and can’t recommend it enough; best sleep I’ve ever had.

Just avoid anything by Philips Respironics. They’ve been messing around hard, class action suits and recalls and haven’t really made anyone whole from the debacle (myself included, I came out of pocket to replace my old Dreamstation).

breeze OP ,

Yes, I read about the recalls. In fact the local distributor that used to deal with Phillips had stopped doing it for the same reason. Thanks for the warning.

tomkatt ,

Hey, check out the resmed airsense 10 autoset card-to-cloud version. It’s a lot cheaper and has no cellular connectivity, no wireless module. I just found out about it tonight, thinking of buying one as a backup machine. Looks like it ticks all your boxes.

CPAP.com has a starter bundle for it right now for $400.

invertedspear ,

I have and use a resimed that does the phone home option. Once my doctor got what he needed I put it in airplane mode.

Distributor used the stats while I was reporting to call me and tell me I need new filters or other parts. I lol’d and bought them online for way cheaper. They stopped trying even before the doctor got all the data he needed.

Also, AFAICT it’s only data out, so I’m not worried about some exploit being delivered to the machine.

Final thought: I work in med tech. We have better security than credit agencies because we get fined more if we screw up. Personal data leaks are so common no one even cares anymore, but leaking someone’s medical info will shut a company down. You are likely safe, but ultimately never as safe as a “dumb” machine would be except they just don’t exist anymore.

Actual final thought: you will be amazed at how much better you feel every morning after actually sleeping instead of the dirty pseudo sleep you’re currently getting.

211 ,

I thought it was data out only too, but at my sleep apnea orientation was told (and I double checked that they really meant it) that they could also tweak settings remotely. ResMed. Always possible that they had misunderstood something too, of course.

TheaoneAndOnly27 ,

Well fuck I'm suddenly looking at my pacemaker and the little box that sends the messages to the doctor with much more suspicion now.

parpol ,

Can you order a GDPR-compliant one from Europe instead, or an older brand?

breeze OP ,

Too expensive. There's an import tax I have to pay if I ordered anything abroad, and the devices price in general are high enough to hurt my wallets even more. Older brands can't be acquired from stores, and "not supported" if I bought a used one, I was told.

WarmSoda ,

What would a hacker even do with it? They would... maybe know how often you stop breathing at night?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • random
  • incremental_games
  • meta
  • All magazines
    •