Patient Just Wants To See Data From His Implanted Medical Device

An anonymous reader writes "Hugo Campos got an implanted cardiac defibrillator shortly after collapsing on a BART train platform. He wants access to the data wirelessly collected by the computer implanted in his body, but the manufacturer says No. It seems weird that a patient can't get access to data about his own heart. Hugo and several medical device engineers are responding to live Q/A on Sunday night on such topics via ACM MedCOMM webcast at ACM SIGCOMM."

Since the editors are too lazy to do their job

[OverlordQ]

Here's a link to the actual post.

Re:Since the editors are too lazy to do their job

I was close to posting pretty much the same thing, but actually there are many entries on the subject of patient access to ICD data. (Apparently this is a big issue for the ICD owner community.)

In addition to link OQ posted, there's:
http://icdusergroup.blogspot.com/2012/01/top-five-excuses-icd-manufacturers-give.html
http://icdusergroup.blogspot.com/2012/01/i-will-get-back-to-you.html
http://icdusergroup.blogspot.com/2012/01/fighting-for-right-to-access-my-hearts.html
http://icdusergroup.blogspot.com/2011/12/karen-sandler-cyber-lawyer-running-on.html
http://icdusergroup.blogspot.com/2011/07/it-isnt-nice-i-want-my-data.html

This is a personal first, but I'm actually going to defend the editors on this one. I think linking to the blog, rather than any single post, was appropriate.

/posting A/C because I work for one of the ICD manufacturers mentioned in the blog

//SW Dev but I don't work on devices

///dammit I had things to do thing weekend that won't get done. I have a feeling I'm going to spend a lot of time catching up on this blog.

Re:Since the editors are too lazy to do their job

Same excuses given by CPAP manufacturers that are data capable.

Re:Since the editors are too lazy to do their job

Boston Scientific seems to use 916.5Mhz. FCC ID: ESCCRMN11906
Google is your friend!
Don't rely on manufacturers to give you everything.

Is it worth it?

Not to sound against it, but
a) Would he understand what the data meant?
b) Maybe the software and what not is proprietary?

Just some thoughts that come to mind

Re:Is it worth it?

[Forty+Two+Tenfold]

a) Would he understand what the data meant?

Maybe not, but maybe he wanted to get (n+1)th opinion.

b) Maybe the software and what not is proprietary?

But he doesn't want the 'ware. He wants the data it produces.

Just some thoughts that come to mind

In this case those are gross overstatements.

Re:Is it worth it?

[sumdumass]

But he doesn't want the 'ware. He wants the data it produces.

I suspect their refusal to allow access might be along the lines of hiding from potential liability if the product reacts or behaves improperly at any time. Imagine a grieving widow who discovers a pattern in the data where the device takes 3 minutes too long to respond properly every 500 or 1000 times it stimulates the heart or the input says it should.

You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor. Perhaps they are worried the control signals would be discovered and after a trip to an electronics store, the widow could be celebrating getting rid of her husband instead of grieving? I see no other reason for keeping it hidden other then to avoid liability or stop potential abuse.

Re:Is it worth it?

[Forty+Two+Tenfold]

Concerning the (absence of) malfunctions, wasn't that the goddamn job of the FDA in the first place?

As for the remote tinkering, what does the output have to do with the input? Suppose some sort of requests are required to yank the data out. What possibly could be the problem in making the readout plain and setup secure?

Re:Is it worth it?

[fuzzyfuzzyfungus]

Not to sound against it, but
a) Would he understand what the data meant?
b) Maybe the software and what not is proprietary?

Just some thoughts that come to mind

a) He certainly isn't going to have a better chance of understanding the data if he isn't allowed to see them... Would I be polishing my 'I told you so' reflexes if he decides to do a bit of amateur reprogramming? Sure. Does denying somebody access to even view data because they might not understand it make sense? About as much sense as keeping books away from children because they aren't yet literate...

b) Given that the manufacturer won't disclose it, it apparently is proprietary. That's sort of the entire issue. We have now(and, barring exciting economic apocalypse of some flavor) and will have in greater numbers and in more significant capacities, a population for which 'binary blobs' are inside their bodies, not their laptops. Some of them don't like this.

Re:Is it worth it?

[tomhath]

The less data/information they give to personal injury lawyers the safer they are. Even if there's nothing wrong with the device a jury could be convinced that something was wrong with pretty graphs that show...something.

Re:Is it worth it?

[maxwell+demon]

But then, the refusal itself could be construed as indication that something is wrong with the device, because otherwise, why hide the data?

Re:Is it worth it?

[ceoyoyo]

The manufacturers take the fairly sensible approach of not giving the raw data directly to the patients. On his blog one of the reasons he says the manufacturers give is that patients with raw data would be worried by things they don't understand and constantly wanting to see their doctor for reassurance. He dismisses that objection out of hand.

Patients (and non-patients) DO this all the time. Med students are famous for diagnosing themselves with all sorts of problems. The tech who gives you an x-ray, CT or MRI scan won't give you the images either. You can request them from your doctor, and he will (or may have to) give them to you, but he'll probably want to sit down and go through them with you first.

Patients do try to interpret their own data, usually pessimistically. And besides the stress it causes them and the wasted time it causes their doctors, there was a Slashdot story just the other day about how believing there's something wrong can produce real, potentially dangerous physical effects.

If this guy really wants his data he can go to his doctor and ask for it. There are several very good reasons why he shouldn't have a raw feed from the device manufacturer.

Re:Is it worth it?

[fredprado]

The same justification could be given to forbid patients from seeing their blood tests, or even reading any medical literature. That is bullshit. Medics are not all knowing and patients are not retarded children. Patients have the right to decide for themselves what they want done with their own bodies and to fully exert this right the more information they have the better.

Re:Is it worth it?

[ceoyoyo]

Try asking a lab for your blood test results. They probably won't give them to you.

Medical literature is a step removed. It's not about YOU.

Yes, patients have the right to decide what they want done for them, and yes, they should have access to all their information. And they can get it, by asking their doctors.

Re:Is it worth it?

WRONG: I requested my MRI both times and the tech was happy to print off a cd and give it to me.

Re:Is it worth it?

[reve_etrange]

You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor

You already have a right to all of your medical records. I don't understand how this data is not a "medical record."

Re:Is it worth it?

a) Maybe he would?
b) Why doesn't the FDA require all medical device software to be disclosed? THAT would make a lot of sense actually. Competitors couldn't copy it because when they build a device, they too need to disclose the source. Reviews would be much better.

Re:Is it worth it?

[Belial6]

That is an important point on this subject. Implants are only going to become more common in the future. That implant and it's software are a part of him now. What percent of a person can be outright owned by another person before we call them a slave? 1%, 10%, does it have to be 100%?

Re:Is it worth it?

[Belial6]

There are several very good reasons why he shouldn't have a raw feed from the device manufacturer./quote? Yes, the same reason that some people shouldn't be allowed to vote, or should be owned instead of being responsible for their own well being....

Re:Is it worth it?

[fredprado]

They have to give them to you here in my country (Brazil), here your doctor can only see your tests through you. He asks for the exams, you go to the lab, they collect your samples, and when the results are ready you go there and get them (or get them through the internet) and bring them to the doctor, if you so wish. If you prefer you can just get the results and bring them to another doctor and never go back to the former one, who requested the tests, or you can bring them to both.

I don't know specifics about how the procedures are in US, but I do know that under HIPAA they must give you any results you request They can't legally refuse to do so.

Re:Is it worth it?

[ceoyoyo]

"should be owned instead of being responsible for their own well being"

If someone is going to be responsible for his well being, he should be given the best possible information, not the raw, context free dump some engineering company e-mails him.

If you ever find a doctor who's willing to treat a close relative (or himself) for something serious, find another doctor. Most won't do it, and none of the good ones will. EVERYBODY's judgement is clouded when they're considering things seriously affecting their own health.

Yes, the ultimate responsibility lies with the patient. This guy should have access to his data (which he does), by asking the correct person for it.

My mechanic always explains what's wrong with my car when a decision needs to be made, and what was done when I pick it up. Is he being paternalistic, or giving me good service?

Re:Is it worth it?

[WillDraven]

"Oh, you own the implant, but the software is licensed. Make sure you keep up your license payments and come in for your monthly compliance review or we'll use the remote kill switch."

Re:Is it worth it?

[Dunbal]

You don't get to peek inside your machine to see for yourself it's a good one, just like the airline will not let you take a wrech to the jet engine or even kick the plane's tires.

I have one of these devices since last year after my (4th) heart attack. I am also a physician, so I would understand the data. But honestly I don't see the need. When I go get checked up, the Boston Scientific staff are more than happy to explain anything I ask - and I do ask some detailed questions. I am quite sure that the device and its software are proprietary and also trade secrets of the company.

But there's another reason: Honestly one shouldn't go around tinkering or "hacking" an implanted device. They come with limited battery life - most of which is covered by warranty (if my battery runs out before 10 years I get the device replaced and the procedure paid for by the company, anywhere in the world). Radio signals require energy, asking the device to read its cache requires energy, and the manufacturer would be put in a position where it might have to cover a warranty on a battery that didn't fail because of design, but because of tinkering. They can hardly say "no" and let the patient die. That, and of course what if the "hacker" manages to mistakenly change the machine's settings so it's firing inappropriately, draining the battery within days, or better yet firing and triggering a lethal arrhythmia. The company would be blamed (at least initially) for a "faulty" device. It's bad business, and I understand it.

I really don't feel like playing with my implant. I really don't feel like paying for someone else who wants to play with their implants, in the form of increased costs because the company has to set more aside for liability. I selected my device after both research into the company, the model, and this type of device as a whole. And my cardiologist's opinion. And a 2nd opinion. You can look at the statistics for the device, compiled in a scientific manner, and compare it to other devices, and that's it.

Re:Is it worth it?

[PRMan]

Really? Where do you live? My doctor always sits down with me and discusses it.

Re:Is it worth it?

[amoeba1911]

The tech who gives you an x-ray, CT or MRI scan won't give you the images either. You can request them from your doctor, and he will (or may have to) give them to you, but he'll probably want to sit down and go through them with you first.

Hey, that's false! My wife got an MRI recently, and I asked the technician to give us a copy of the data. There was no objection or hesitation, the technician simply burned a CD and handed it to us on our way out. I learned that their images are stored in a proprietary format, but conveniently the CD came with the software necessary to view the images.

Re:Is it worth it?

[mrchaotica]

My wife and I had our annual physicals recently, and got our blood test results in the mail without even asking for them. (Of course, it kind of proves the other post's point since my wife freaked out about hers even though all her numbers were [barely] normal.)

Re:Is it worth it?

[bws111]

Uh, yeah. That is what he says. You get your results by asking your doctor, not the lab.

Re:Is it worth it?

[sumdumass]

First, the FDA isn't some magic group that never gets anything wrong. They have approved devices, drugs and treatments that later was found to have significant life threatening problem. They are supposed to test and weed those problems out or even approve of the dangers as acceptable and manageable considering the goals of the device, drug or treatment. The FDA simply is not a magical group of people who never allow something potentially harmful outside of it's labs. It's design was traditionally to validate claims and ascertain harmful effects so we didn't have electrified dildos out there still treating female hysteria and hair loss or leaching to treat pneumonia.

Second, knowing the output can isolate the input not used to initiate the output. It can also be used to determine or differentiate the control signals verses the information. Also, if you are used to cracking wifi encryption, assuming these things use some sort of encryption, knowing what most of the signal will say- even just portions of it- goes a long way at finding the key to cracking the encryption and the signal altogether.

As for access to the output, I don't have a problem with it. I actually think it should be a right of the patient. I know the doctor gets access to the readout and makes changes to the devices based on it. Perhaps they don't want the patent influencing those changes by discussing them with the doctor? There are a load of reasons ranging from the paranoid to the idiotic and from the quality of operation to hiding the workings from competitors.

Re:Is it worth it?

My goodness. How civilized.

Re:Is it worth it?

[jc42]

I don't know specifics about how the procedures are in US, but I do know that under HIPAA they must give you any results you request They can't legally refuse to do so.

Actually, the way it typically works in the US is: The company can make the judgement that you don't have the funds (or the time ;-) for a successful court challenge, which will take a decade for all the appeals and more money than you'd believe. In the meantime, they can continue to refuse to give you their medical info, without any further legal repercussions than your lawsuit, which they will delay with every legal trick available. If you actually do have the funds (and live long enough), yes, you can get them to obey the law -- and give you their data from a decade earlier. Meanwhile, they've upgraded your implants, and the court didn't order them to give you the data from your current model(s), so they don't.

;-)

Re:Is it worth it?

[fredprado]

I must concede that it seems like so, not only in this case but regarding anything else. Apparently you only have to obey the law there if the other part can buy the enforcement.

Justice is not that badly warped here in this matter and in a few others, but it is just as warped (and maybe even more) when big corporations or politicians are involved.

Re:Is it worth it?

[Chris+Mattern]

Try asking a lab for your blood test results. They probably won't give them to you.

They may try to discourage you, but if you are insistent, they will. They are legally required to.

Re:Is it worth it?

[Opportunist]

If you produce data from my body, I think it's only fair that I get access to it. I want to know what data a company collects about me, especially if it's as personal as data from one of my vital organs.

If I don't understand the data, I can go to a doctor and have him translate it. If the software is proprietary, I'll go to you and have you extract the data, then you may give me the data. I trust that you didn't copyright numbers and letters?

Re:Is it worth it?

[Opportunist]

Well, the problem with your airplane analogy is that this airplane doesn't collect very intimate details about me while I sit in it. I guess the main trouble isn't that he doesn't trust the device to keep him alive, what he might be worried about (and what I'd surely worry about) is just what data this thingie is going to collect.

Re:Is it worth it?

[Kalriath]

Do you really though? If you ask your hospital for a copy of your record, do they give it to you or do they redact it first?

I work for a hospital, and I can answer that: they redact the shit out of it. And they're so fired up about making sure they can redact the information that I would be fired if I ever opened my own medical record. The best part is that they claim in the pretty pamphlet they give new hires that medical records are copyrighted property of the hospital board.

Re:Is it worth it?

[Kalriath]

Did you just call DICOM proprietary?

Re:Is it worth it?

[AvitarX]

No, the FDA relies on the honesty of the submitter.

So if they get a thing saying thourgholy reviewed blah blah, they approve it.

They don't run studies either.

Re:Is it worth it?

[UncleTogie]

Did you just call DICOM proprietary?

Technically correct. It *is* a copyrighted standard, with the copyright being held by the National Electrical Manufacturers Association. When defining proprietary software as "computer software licensed under exclusive legal right of the copyright holder", this standard would fall into that category.

Re:Is it worth it?

[buzzsawddog]

As a former aircraft mechanic. I can tell you that kicking the airplanes tires would not tell you any thing. You should probably get out a tire gauge instead.

Re:Is it worth it?

[mister2au]

Just some thoughts that come to mind

In this case those are gross overstatements.

Re:Is it worth it?

[mister2au]

Oops - question was how did this get moderated "interesting" rather "rude a-hole" ? The OP contributed a quite reasonable thought to kick off the discussion !

Re:Is it worth it?

[Dunbal]

Neither does kicking automobile tires, but people seem to insist on doing it. I'm also sure a pressure gauge in the hands of joe 6-pack would do far more harm than good around airplane tires. What do you mean 230 PSI? No no there's too much pressure in those things!

Re:Is it worth it?

[Dunbal]

this airplane doesn't collect very intimate details about me while I sit in it.

Playing the devil's advocate, there's not really anything intimate about your heart rate and the shape of your QRS complexes. It's not really "personally identifiable information", unlike say your name, DOB, passport number, destination, seat number, who you are travelling with, all your previous travel history and your credit card number kept by the airline, for example.

Re:Is it worth it?

[pentalive]

Since when is it ok for us to say "If you have nothing to hide you should not worry" to others?

Re:Is it worth it?

That means doctor's notes contained in your medical record was legally a copyrighted work for hire. Destruction of such information is a crime. Likely a case for fraud also exists.

Re:Is it worth it?

[slashrio]

If you hit a truck tire with a stone and you are a bit experienced, then you can get an impression about tire pressure from the sound of it. You can also compare the tires (on the same axle). If one out of four sounds differently, you know you need to do something about it.

Re:Is it worth it?

Have you ever refused to give a patient information they asked for, even though you knew they were too ignorant to understand it?

Have you ever forced a patient to go through with a procedure they were hesitant to undergo, despite your being certain that it was vital for their long-term survival?

No? Why not?

Because they're fucking human beings, and as such they're entitled to fuck their own lives up if they so choose. Your job is to lead them to water, not to drown them if they're too stupid to drink.

Re:Is it worth it?

[IAmR007]

Data about your heart is very personal and matters to you a lot more than it does anyone else. The bad searches are the other way around.

Re:Is it worth it?

We have now(and, barring exciting economic apocalypse of some flavor) and will have in greater numbers and in more significant capacities, a population for which 'binary blobs' are inside their bodies, not their laptops. Some of them don't like this.

For those that don't like the binary blobs they can simply refuse the implants and be no worse off than they would have been 50 years ago. I would fight to defend someone from having such an implant made against their will but the implants mentioned here are all voluntary.

If I controlled one of the competing implant producing companies I would consider it rational to allow anyone to buy out any of my proprietary elements for a small profit over my research costs. A wealthy patient or a Kickstarter-like project could basically pay to have some of my companies research moved into the public domain. For people who can't afford or don't want to part with the sums required to fund the research they can be glad for cheaper, proprietary implants and take the risk that the code is buggy and insecure and/or data on you is being collected by others for nefarious purposes.

Another idea for funding medical research on the free market might be as follows. Have a research company with the ability for a person to "subscribe" with them. A member will pay a significant monthly fee and, in exchange, will have access to the most modern implants. These implants will be fully proprietary and the inner workings will be a carefully guarded secret of the research company. One condition of the subscription is that any products purchased by members must be made completely open within 5 years of being implanted (open hardware/software and detailed documentation). At this point any company would be free to create copies of the implant and non-members of the medical research group would be able to buy the implant. There are a number of problems with this approach but I feel the overall effect is more positive than anything other plan I've seen. I'd certainly be willing to become a member of a reputable such company.

Medical research is not cheap! You can't just wave a magic wand and have high quality, state-of-the-art, fully open implants for next to nothing. If people find distasteful the whole idea of having human life/health be just a variable in a free market equation then use the powers you have as a citizen of a free, democratic society to press for tax-funded medical research. If you don't live in a free society and don't want to or can't move to one and don't want to revolt then shut the fuck up and get back to your duties as a slave of your beloved leader.

Re:Is it worth it?

"Oh, you own the implant, but the software is licensed. Make sure you keep up your license payments and come in for your monthly compliance review or we'll use the remote kill switch."

I was going to mod this +1 funny, but it really isn't. Or is my tinfoil hat too tight?/p?

Re:Is it worth it?

[longbot]

And people think I'm cynical for refusing to trust doctors.

Re:Is it worth it?

[zippthorne]

In this case, it's more of a, "If you have nothing to hide, then why are you making me worry?" The medical device company might not need to worry about a lawsuit (if the data is hidden, only they can know if they need to worry), but the medical device bearer might prefer to catch something early rather than let his family obtain the data through the discovery process in an unlawful death suit....

Re:Is it worth it?

[arth1]

Oops - question was how did this get moderated "interesting" rather "rude a-hole" ?

There is no -1 rude. Flamebait, perhaps, but there hasn't been any flames, unless we count your post.

But more to the point, a post can be both interesting and rude. The latter does not invalidate the former. What was said tends to be more important than how it was said, at least to us ??TP types.

So, yes, +1 Interesting. And a rude one too.

Re:Is it worth it?

[arth1]

I am quite sure that the device and its software are proprietary and also trade secrets of the company.

That's a failure of the patent system then.
I see no reason for it to be a trade secret unless the medical company wants to (a) keep it secret because it violates patents, or (b) they want to keep it secret for longer than what patent protection offers. To hell with those who dies because they can't afford to buy it, but would have been able to buy a clone after the patent expiry.

Anyhow, the data produced by a device are not covered by trade secrecy. That you don't want to see the data doesn't mean that someone who wants to shouldn't be able to, like all other medical records. Not wanting a patient to be needlessly scared is not a valid reason. The road to hell is paved with good intentions.

Re:Is it worth it?

[zippthorne]

My mechanic always explains what's wrong with my car when a decision needs to be made, and what was done when I pick it up. Is he being paternalistic, or giving me good service?

Although it's a good idea to get this information from your mechanic, the raw data is not exclusively available only through mechanics. There is a standard interface to obtain the data - OBDII, which I think is kind of the opposite of the point you were trying to make....

Re:Is it worth it?

[lister+king+of+smeg]

when they shoved a computer chip in our chest.

Re:Is it worth it?

[shutdown+-p+now]

When we know (rather than merely suspect) that you do hide something, and that something pertains to us in a very direct and intimate way.

Re:Is it worth it?

[shutdown+-p+now]

If someone is going to be responsible for his well being, he should be given the best possible information, not the raw, context free dump some engineering company e-mails him.

The problem is that you decide for that person on who is best to give him "the best possible information". I would like to be able to decide that for myself, thank you very much. In other words, I want the raw data, which I will then take to the professional of my choice for interpretation. Or not, as it may be. It's not up to you, my doctor, or device manufacturer to tell me that I don't need to know.

Re:Is it worth it?

[KingMotley]

If you don't like it... Well, you always have the option of refusing to have it done or put in.

Re:Is it worth it?

[KingMotley]

No, but you might have copyrighted (or be a trade secret) the frequency the data is collected, or the structures the data is stored in or examined.

Re:Is it worth it?

[Leafheart]

It is not only that. But on every test you make there are a couple of things, by law, that must come: 1. The result; 2. The method; 3. The reference numbers; 4. The technician responsible for taking it, full name and medical register; 5. In case of X-rays, Pet scans, and similar, besides the results, they must give you the medical report. If you have to go to a hospital, when you are discharged they MUST give you every single exam they took. Unless YOU ask them NOT too.

Re:Is it worth it?

[FireFury03]

On his blog one of the reasons he says the manufacturers give is that patients with raw data would be worried by things they don't understand and constantly wanting to see their doctor for reassurance.

The correct way of dealing with this is to publish reference material explaining how the data can be interpretted rather than just denying access.

This likely wouldn't fly here in the UK - the data contained in the device constitutes data relating to an individual and therefore is covered by the DPA.

Re:Is it worth it?

[FireFury03]

No, but you might have copyrighted (or be a trade secret) the frequency the data is collected, or the structures the data is stored in or examined.

Something as trivial as a frequency isn't copyrightable. Nor are simple structs (plenty of case law showing that .h files containing structs aren't copyrightable). Complex data structures may be copyrightable, but there's also no requirement to provide the data in this form, it could just be exported into a simple form.

Re:Is it worth it?

[Jafafa+Hots]

Exactly. You should only trust faith healers and chiropractors.

And homeopaths.

Re:Is it worth it?

[Jafafa+Hots]

The tech who gives you an x-ray, CT or MRI scan won't give you the images either.

Nor really true anymore, but not for the reason you'd expect.
So many hospitals send you to private locations for imaging these days that you often ARE given your MRI and CT scan results simply because you're expected to cart them to your Dr. yourself. Saves them a buck.

Also, many hospitals no longer put casts on broken limbs, they simply diagnose & xray and send you with the xrays to an orthopedist.

I scanned the xrays of my broken ankle and put them on Flickr.

When I got a CT scan of my head, I used images of my brain as my Facebook profile photo.

When I got an MRI they handed me the data disc to take to the Dr. I made a copy, figured out the strange image format and will post those to flickr some day when I'm bored.

Meanwhile when I got to the Dr. with the original disc, I ended up having to show HIM how to use the included app and view the images.

Re:Is it worth it?

[KingMotley]

Something as trivial as a frequency isn't copyrightable.

I think you mean that only trivial frequency isn't copyrightable. There are many reasons why frequency would be copyrightable. For example, frequency that changes based on specified events.

Nor are simple structs (plenty of case law showing that .h files containing structs aren't copyrightable). Complex data structures may be copyrightable, but there's also no requirement to provide the data in this form, it could just be exported into a simple form.

Correct, but complex data structures are copyrightable. See i4i. See 17 U.S.C. I03(a)(1994). Here's a link for you to harvard law on data structure copyrightability: http://jolt.law.harvard.edu/articles/pdf/v10/10HarvJLTech239.pdf

Assume that the data structures are not "simple" and are either copyrightable, patented, or a trade secret. True, the data MAY be able to be exported, but could such data be exported in such a way as to fully represent all data collected, and if not, then who would be legally liable if "errors" were introduced, and by "errors" I am referring to an non-exact representation of the data collected? And even if so, who would be responsible for converting the data from that format to one that did not contain said copyrightable/patented/trade secret information? Why would any manufacturer in their right mind agree to such a thing when it would open them up to possible lawsuits and expenses?

Re:Is it worth it?

[mysidia]

Do you really though? If you ask your hospital for a copy of your record, do they give it to you or do they redact it first?

In the US, they redact it to protect your PHI, if they are sending records to third parties for certain purposes

You have a right under the law to your complete medical records.

Redaction, in case where you order all your medical records to be released to yourself, would be a violation of your patient privacy rights, and you could file a regulatory complaint against the hospital in that case.

Re:Is it worth it?

Neither does kicking automobile tires, but people seem to insist on doing it.

Wrong. If it's slightly flat you'll feel the difference.

Re:Is it worth it?

[kenorland]

I suspect their refusal to allow access might be along the lines of hiding from potential liability if the product reacts or behaves improperly at any time.

And that is one of the many reasons why the data should be released.

Re:Is it worth it?

[kenorland]

The same justification could be given to forbid patients from seeing their blood tests, or even reading any medical literature

The same justification has been used to restrict access to many kinds drugs, resulting in great profits for both doctors and drug companies.

Re:Is it worth it?

[kenorland]

so I would understand the data. But honestly I don't see the need.

So what happens if the company goes out of business? Or if there is new research results that would allow you to select better treatments? Or if the device has some kind of error and you want to prove your case in court?

But there's another reason: Honestly one shouldn't go around tinkering or "hacking" an implanted device.

Getting data doesn't mean any active interference with the device. However, given that it's implanted into your own body, I don't see why you shouldn't have the right to control the device.

I am also a physician,

You're also a fool.

Re:Is it worth it?

The FDA's mission is to promote and protect the public health. If the FDA and medical device companies could be trusted with making sure that all approved devices were safe and effective, there would be no Class I recalls where patients are harmed or killed by defective devices.

Re:Is it worth it?

[Dunbal]

Have you ever refused to give a patient information they asked for, even though you knew they were too ignorant to understand it?

No. I probably give them too much information in fact. As for "ignorant", I don't like that word. I wasn't born with a medical degree. A patient has no obligation to be an expert on his/her own body and health. So if a patient lacks education, it's my job to provide it. Not mock a patient for not knowing what he's not expected to know.

Have you ever forced a patient to go through with a procedure they were hesitant to undergo, despite your being certain that it was vital for their long-term survival?

I have never forced a conscious patient to do anything. I have performed life-saving procedures on unconscious patients in emergency situations without their permission. But apart from that I've never forced. Medicine is not about force. It's about educating, and helping a patient see why a particular treatment or procedure is in their best interest.

Because they're fucking human beings, and as such they're entitled to fuck their own lives up if they so choose. Your job is to lead them to water, not to drown them if they're too stupid to drink.

Where is this coming from? I don't see how it's pertinent to the discussion at all. Denying a patient access to information from a medical device is not forcing a patient to do anything, just like denying you the keys to the medicine cabinet where I keep the morphine and fentanyl is not "forcing you" to do anything. You are entitled to medical care, and you are entitled to ask me to do any appropriate medical procedure. However that's where it ends. You can't insist that your doctor do something illegal, immoral, or just plain unethical under the guise of patient "rights". A pacemaker is a proprietary device. If you want to build one yourself, go ahead. Make sure you clear all the government red tape before you use it in a human, though - including yourself. But their trade secrets are their trade secrets, and paying $20k for a device doesn't give you the right to fiddle with it. If you're so desperate to learn how it works then get a job at the pace-maker company.

Re:Is it worth it?

[Dunbal]

No, you see no reason for it to be a trade secret because it prevents you from winning the argument. Not the same. Go ask Coca Cola for their "secret formula". Or KFC for their secret "11 herbs and spices". Have fun.

Re:Is it worth it?

[Dunbal]

You're also a fool.

Perhaps I am. Do you feel better now?

Re:Is it worth it?

[arth1]

The difference is that without access to Coca-Cola's "formula X" or KFCs secret spice blend, no one dies.

Making sure that the public gets access to medical technology after a short patent period can save lives, and keeping it secret doesn't.

Re:Is it worth it?

[Dunbal]

Please cite an example where a patient has died because he could not access the data cache on his pace-maker. You act as if these devices were not tested in extensive clinical trials before being sold to the public. The software works - it's not miraculous, but it works well enough that it can be demonstrated scientifically that your odds are better off having it implanted than not. You can do that without looking at the code, by looking at the end result. In two groups of similar patients, the group with the device had fewer adverse events than the group without the device. And in fact that's really the only thing that matters. If you're upset, then don't get one implanted. It's not obligatory.

Re:Is it worth it?

[cthulhu11]

First, the FDA isn't some magic group that never gets anything wrong. They have approved devices, drugs and treatments that later was found to have significant life threatening problem.

And yet Nutrasweet was approved -- and remains on the market -- despite the data against it. Thanks a bunch, Rumsfeld.

Re:Is it worth it?

[longbot]

Actually, I don't buy into any of that crap. Except chiropractic. Despite all the MDs shitting all over it as useless, it has been more help for my chronic back problems (and cheaper!) than all the muscle relaxers and surgery they've tried to give me over the years. I have proof (in the form of xrays) that chiropractic undid a bone spur in my lower spine over the course of several years.

Re:Is it worth it?

[arth1]

Please cite an example where a patient has died because he could not access the data cache on his pace-maker

Uh? I never claimed that. LTFR.
The conversation you jumped was about whether the algorithms were patented or trade secrets. If patented, the design is made public, and others can build on it as long as they don't invalid the patent, and when it expires after a reasonable time, it becomes public domain, and every company can use it, which drives down prices.
With trade secrets, there is no such time limitation. That's the problem.

And there are enough of examples of life saving medical patents that have expired, and prices then dropped to where people could afford it.

If you're upset, then don't get one implanted. It's not obligatory.

That's disingenuous, if not downright stupid argumentation. It's the same logical argument that coal mine owners used to pay their workers in scrip - they didn't have to work there. They were free to go to jail for what they owed instead, and let their families starve to death.

When your life is at a line, it's not a real choice. At that time you don't have the luxury of saying no - you are in effect being strong-armed into accepting whatever they want you to sign, with your life as a hostage.

Re:Is it worth it?

[reve_etrange]

It's only legal to hide certain information from patients, such as information disclosed confidentially to a doctor.

Federally, right to access is guaranteed by HIPAA (though entities can charge a "reasonable" fee for access). There are also variety of state medical access laws. In New York, for example, a doctor may elect to redact information about a minor to prevent parents access, if they believe release would be harmful to the patient.

Re:Is it worth it?

[compro01]

When it concerns data about me.

Re:Is it worth it?

[Dunbal]

When your life is at a line, it's not a real choice. At that time you don't have the luxury of saying no

I think I have a little more experience than you in these situations. Real life medicine is not a tv drama show where the suspense is built in 5 minutes and the decision is made right after the next commercial. We have all sorts of ectopic (over the skin) and temporarily implantable pace-makers for those very rare situations when "your life is on the line", and that's all covered by the consent form you or your relative signed when you were admitted to hospital. Getting an implanted pace-maker or defibrillator is not an emergency process - there's plenty of time to make an informed decision. And you do have the luxury of saying no. Admittedly you may have quality of life issues which have been explained to you, but it's your decision. I find the rest of your discussion has no bearing on the point I was making that I can see, so I'll leave it at that.

Re:Is it worth it?

[Dunbal]

* Transcutaneous, not ectopic.

Re:Is it worth it?

Uh, same here. In the USA, I got a CT renal angiogram and they gave me a CD. It was in preparation for donating a kidney so I wasn't even paying the bill (the recipient did).

Re:Is it worth it?

[kenorland]

Your patients might feel better if you take them a little more seriously in the future than you seem to.

Re:Is it worth it?

[Kalriath]

Filing a regulatory complaint against my employer would likely be a career-limiting-move.

Re:Is it worth it?

[tibit]

Every written creative output is copyrighted, unless it's in public domain, so that's a moot point. Whether the licensing terms allow free access is an entirely different issue. Please don't conflate them.

Re:Is it worth it?

[tibit]

Trade secrets are such until someone independently figures them out. It would be 100% legal for anyone to reverse-engineer the formula for Pepsi or Coca-Cola and publish it. In spite of it being a trade secret.

Re:Is it worth it?

[tibit]

What the heck would prevent the manufacturer granting their patients the license, then? Copyright is not some law that binds the manufacturers' hands. It gives them the sole disposition of certain aspects of their intellectual property. They are free to grant access to it as they please.

Re:Is it worth it?

[FireFury03]

Why would any manufacturer in their right mind agree to such a thing when it would open them up to possible lawsuits and expenses?

In order to avoid a lawsuit and expenses? in the UK this would probably be covered under the DPA and they would likely be required to provide this data under penalty of criminal proceedings.

Re:Is it worth it?

Dunbal, whatever works for you works for you, but if you go into a-fib for the first time, then 48 hours later get 8 inappropriate shocks, the first of which blows you down a stairwell, you might change your tune and decide, well, yes, I guess I'd prefer to get that alert real-time, especially since the remote monitoring technology is already in place.

I want the remote monitoring information at the same point it goes to the EP's office, and I have good reasons for believing that would be useful.

Don't get distracted by a non-issue -- nobody wants to "tinker" with their device.

Re:Is it worth it?

The device in my chest is linked to me by name and serial number, and collects all kinds of sensitive information, such as my heart rate for every hour of the day, the amount of fluid coursing in my veins, the amount of "activity" I engage in on a regular basis, when I am most likely to have episodes of arrhythmia, and how many hours I sleep. The belief that none of it is "personally identifiable" or "intimate" is absolutely absurd.

Unsurprising

[girlintraining]

It seems weird that a patient can't get access to data about his own heart.

No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body, or any of the parts implanted in it... it's all covered by a patchwork of patents on genetic materials and derived medical uses. You should be careful with yourself... it's a felony to damage government property... Or was that corporations? I confuse the two so much these days... (-_-)

Re:Unsurprising

Exactly, sheesh, it's the company's IP for god sake!

Re:Unsurprising

[ThunderBird89]

Wasn't it ruled that natural genetic sequences can't be patented, only the specific modifications biotech companies implement? And where ever did you get that stem cells are patentable, they're not even an idea to be patented. There was that case about the HeLa-line, but in that case, it was ruled that since the cells were considered medical waste, it was the hospital's responsibility to see to their disposal as they see fit, granting ownership over the cells, and their descendants (since they are identical to the mother cells).

Re:Unsurprising

[fahrbot-bot]

It seems weird that a patient can't get access to data about his own heart.

On the other hand... How much data do people w/o implanted devices have? Seems he's still in the same boat.

Re:Unsurprising

[cpu6502]

>>>No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body,

Does this mean if I want an abortion, I need permission from whoever owns the genetic material of my womb? I guess that would be the fertility pill corporation.

Re:Unsurprising

[ceoyoyo]

You cannot patent someone's stem cells or genes. That's a pop journalism myth. You CAN patent treatments, given to other people, based on those stem cells or genes. It's okay though, if you have kids you won't be guilty of patent or copyright infringement.

Re:Unsurprising

It seems weird that a patient can't get access to data about his own heart.

No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body, or any of the parts implanted in it... it's all covered by a patchwork of patents on genetic materials and derived medical uses. You should be careful with yourself... it's a felony to damage government property... Or was that corporations? I confuse the two so much these days... (-_-)

I don't own my body? Whew, that's a relief...for a minute there I thought I was responsible for controlling my own actions. Or being responsible for my own decisions.

Oh wait...that's right, I am.

Re:Unsurprising

[91degrees]

You can patent the process of isolating specific genes as well though. The effective patent rights are pretty broad.

Re:Unsurprising

[camperdave]

Does this mean if I want an abortion, I need permission from whoever owns the genetic material of my womb? I guess that would be the fertility pill corporation.

No, that would mean your son/daughter; and as soon as they are old enough to legally grant you permission to do so, you can get that abortion.

Re:Unsurprising

[ceoyoyo]

That case was about the opposite - a patient wanting to control (or profit from) the use of the descendants of her cells, not a company claiming rights over a cell line.

Re:Unsurprising

[ceoyoyo]

Which doesn't have the least effect on anyone's ownership or use of their own body.

Re:Unsurprising

[hawguy]

It seems weird that a patient can't get access to data about his own heart.

On the other hand... How much data do people w/o implanted devices have? Seems he's still in the same boat.

For $2000, I could have quite a bit of information about my own heart:

http://storkmedical.com/Merchant2/merchant.mvc?Session_ID=dffb210245397c6228266362ec8a92df&Screen=PROD&Product_Code=CC-RESTING&Category_Code=EKG-Machines-PC-Based&gclid=COnzzJm24LECFWk0QgodlQMA3g

Or if I wanted to go cheap, for $400 I could have a wearable device:

http://www.facelake.net/ekg80a.html

But I still wouldn't know me what the defibrillator implanted in my chest sees.

Re:Unsurprising

You can patent the process of isolating specific genes as well though. The effective patent rights are pretty broad.

The Supreme Court trimmed back those rights recently.

Re:Unsurprising

Since the gp is Indonesian, I'm willing to cut him some slack on his use of English. Sure he misspelled a word, but he still uses English better than I and probably you, manage to use Indonesian.

On the other hand, you are right in being suspicious of the link he posted. Based on a Google translation of his web site, it's pretty clear that he is trying to pimp his SEO and ad networking services. (Iklan Internet Murah = Cheap Internet Advertising in Malay)

Re:Unsurprising

[jc42]

No, that would mean your son/daughter; and as soon as they are old enough to legally grant you permission to do so, you can get that abortion.

Reminds me of the old Jewish joke, to the effect that Jews believe abortion should be legal until the fetus gets its law or medical degree.

(This has gotta work for a few other ethnic groups, too, but I've only heard it from Jewish sources. ;-)

Re:Unsurprising

[BluBrick]

Does this mean if I want an abortion, I need permission from whoever owns the genetic material of my womb? I guess that would be the fertility pill corporation.

No, that would mean your son/daughter; and as soon as they are old enough to legally grant you permission to do so, you can get that abortion.

No, that would be an aggressive uterine tumour which should be excised as early as possible in order to prevent many years of mental, emotional and financial trauma. Such tumours are the primary cause of many chronic social ills, including SUV's, sitcoms and stick-figure-family rear window stickers.

Re:Unsurprising

[Impy+the+Impiuos+Imp]

I clicked it -- it's for advertising on Indonesian Internet sites. Presumably it's his business.

But enough about him. How's your mom's basement?

Re:Unsurprising

Tell that to Monsanto.

Descendants of cells used in "Roundup ready" crops are apparently owned by Monsanto.

What is the difference between plants and animals? Or maybe plants and humans when it comes to patent law?

Or is this going to descend into the stupid "is the organism aware" bullshit? Because *all* organisms are aware to a certain point. That's actually one of the definitions of life.

Re:Unsurprising

Not true, read the book DNA by James Watson himself for the story how companies were patenting sequences as soon as they were mapped, before anybody had any clue what they do or what treatment could come out of it. In fact when other people then did the hard work of correlating genes with symptoms, and building a treatment by blocking it, they had to pony up to the guys who did nothing but spell it out... :(

Re:Unsurprising

[kenorland]

Neither "your" DNA nor "your" stem cells are patented. What is patented is useful applications of DNA sequences or stem cells. It's still questionable whether even that should be allowed (medical procedures, after all, are not supposed to be patentable), but it's very different.

About "confusing corporations and the government", corporations are just one of many special interests trying to use the government for rent seeking through regulations, licensing, and other restrictions; public sector unions, seniors, welfare recipients, renters, police, prison guards, cosmetologists, doctors, you name it, they are all doing it. You can't overhaul government and address this problem if you get hung up on just one of the many groups.

Re:Unsurprising

[Smauler]

If I want to isolate some of my genes, and someone has a patent on the process used to do it, what do I do?

Re:Unsurprising

I would think that he can get access to data about his own heart, just ask for an ECG; what he can't have is access to data about the device. I would think that that is where the problem is, he gets data from the devices sensors, not really from the heart. The don't want an amature second guessing their (softwares) analysis.

If he asks nicely he might be able to get depersonalized data from someone elses device if he needs it for a study (after signing an NDA) . If he can show them that he can get something good from the data they might even use his algorithms.

Just go to Defcon

Someone will have the data in a matter of minutes, and you might even live long enough to see it yourself.

Makes some degree of sense...

[Havenwar]

While security through obscurity isn't a good approach I figure with something such as a that you'd want to take every step you can to make sure as little information gets out about it as possible.

Next year on defcon - learn how to hotwire your neighbour! Literally! From your android device! (or iphone, but you have to be jailbroken and pay 99c for the app. But it comes with a jump-o-meter to measure how high he jumps.)

Re:Makes some degree of sense...

While security through obscurity isn't a good approach I figure with something such as a that you'd want to take every step you can to make sure as little information gets out about it as possible.

Next year on defcon - learn how to hotwire your neighbour! Literally! From your android device! (or iphone, but you have to be jailbroken and pay 99c for the app. But it comes with a jump-o-meter to measure how high he jumps.)

Access to data doesn't have to mean code review or access to command and control functions.

I have access to the event logs on my MS Windows O/S, doesn't mean I have the Windows code base.

/posting A/C because I work for one of the ICD manufacturers mentioned in the blog

Re:Makes some degree of sense...

[Havenwar]

I'm aware of that, but as any hacker knows the more you know about something the more chances are of spotting something you can use to get into it. It might not be much of a risk, say one chance in a trillion that it lead to an exploit... but this is a defibrillator built in to some guys chest we're talking about here. You heard about the hackers that raped some guys icloud account just for the lulz on their way to take over his twitter? Yeah that. I don't want those kinds of people to have a one in a trillion chance of messing with something that's keeping someone alive. For the lulz, or for blackmail, or whatever.

One the other hand I support the idea that he should have the right to the data about his own body... I just don't think it's a good idea, right or not.

Re:Makes some degree of sense...

So, you are talking chances in the neighbourhood of one in a trillion.

Wouldn't that be the same neighbourhood of you getting a computer and an internet connection and thus having a chance of taking down, say, the electrical grids of the Americas through hacking? That will clearly have the possibility of causing a few deaths! We are talking about ELECTRICITY here!

I just don't think it's a good idea to give you, or anyone, access to the internet. You know, because of the remote possibility of death if you are a mischievous f***.

Re:Makes some degree of sense...

When men discovered fire, there was a risk of being burnt or even killed by it. People like you would think that risk was unacceptable and would get rid of the dangerous fire (yes, you would: since then, many people have died because of fire and there are much less than a trillion humans (therefore the risk is more than one in a trillion)).

Re:Makes some degree of sense...

[Havenwar]

No I'm fine with fire. Chances of a mentally stunted anonymous coward from across the world to set me on fire for the lulz is non-existent. It has a completely different safety-aspect to it, physical and direct security, and personal responsibility - i.e. if I don't stick my hand in it, I don't get burned. If someone wants to stick my hand in it, they have to get close enough to me to do so. It's a completely different issue and argument. Now if someone found a way to remotely set me on fire over the internet, then I would indeed start to worry about the security implications of this. True crazy nutjobs who would do such a thing are really rare, but in a pool of billions of internet users you are much more likely to find them than in a pool of a few thousand people you encounter physically.

Once hurting someone becomes too easy then bored or careless people start doing it. For fun, for profit, just because they can, or even by accident while just digging through something that looked interesting.

Re:Makes some degree of sense...

This *IS* actually possible. That's why they won't release the protocol details to this guy. Its just 916.5Mhz, but knowing the protocol would help immensely. Look at the user manual. Look at this youtube video: http://www.youtube.com/watch?v=nFZGpES-St8
User manual can be found under FCC ID: ESCCRMN11906
It looks like the damn thing doesn't even use encryption! :-(
Please don't ever have one installed in me with these obvious bugs/security holes.

Re:Makes some degree of sense...

As someone who worked on software for one of the big ICD manufacturers, I can tell you it isn't a one in a trillion chance. It is completely security by obscurity. I used to get in arguments about it with other engineers. The rationale for limited security was that it just wasn't a significant concern. Of course someone could hack a device and cause it to kill someone, but the range they would have to be in to reprogram the device (for communication) was close enough that they could have just stabbed the person.

I still don't buy that argument.

If the data is being "wirelessly" transmitted...

[John+Hasler]

...it is available to anyone with a receiver.

Re:If the data is being "wirelessly" transmitted..

[The+MAZZTer]

Not very useful if it's encrypted unless you have the private key or can crack it.

This is illegal under HIPAA.

[Immostlyharmless]

Any entity that collects medical data on you MUST provide a way to get you copies of that information. If he really wants the data that badly, I'd contact a lawyer and pursue it from the HIPAA angle. Chances are very good there's probably not a hell of a lot of information in it. If he's really worried about it, he should contact his cardiologist and have them order an interrogation the pacer. Pretty simple stuff really and that way its covered under insurance..(probably unless there's no medical reason to do so). They probably aren't going to come out and interrogate it in the home, because they fiddle with the settings to make sure its working right and for that reason it needs to be done only in a setting where he's on telemetry and has medical staff standing by.

Re:This is illegal under HIPAA.

[girlintraining]

The protocols on these systems aren't encrypted. It's entirely possible that the device and tech needed to decode it are very similar if not identical to what would be required to make modifications to the device. Maybe that's the reason the manufacturer doesn't want to give the patient direct access...

Re:This is illegal under HIPAA.

If it's not encrypted, then surely someone will try to reverse engineer it. So hiding doesn't really protect it much.

Re:This is illegal under HIPAA.

1) That's a stupid reason to deny a patient his own medical data.
2)That doesn't make it any less illegal to deny the patient his own medical data.

Re:This is illegal under HIPAA.

[tomhath]

True, but there's no definition of "data" in HIPAA. Suppose you get a cholesterol test, all you see is the final number, not the inner workings of the instrument that made the measurement. If they're recording the measurements and making them part of a medical record I agree that should be shared, but this is less clear.

Re:This is illegal under HIPAA.

[timeOday]

The summary isn't clear (and the link is just to a blog that seems to have moved on...) about whether he's requesting copies of his medical data, vs. technical information that would allow him to interoperate with the device such as extracting data from it himself. I would imagine they are treated differently under the law.

Re:This is illegal under HIPAA.

[baKanale]

Ironically, the last time I went for a blood test the lab told me that HIPAA prevented them from sending me a copy of my test results, and that I would have to get a approval from my doctor for them to do so. The doctor's office gave me a copy, but the whole thing still confuses me. I mean, I'm attached to the arm they're drawing the blood from, so there's no doubt I'm the person the test results pertain to. I should be able to decide where the test results go, right?

Re:This is illegal under HIPAA.

[zippthorne]

If that's the case, then the patient may want to have the device removed sooner, rather than later. What's to stop someone with malicious intent from deliberately sending commands that would interfere with his heart's normal operation, instead of correcting abnormal behavior?

Hell.. if their checksums are as good as their encryption, what's to stop random EM fluctuations from happening to trigger an undesired command?

Re:This is illegal under HIPAA.

[Immostlyharmless]

The thing is HIPAA laws only allow that they have a system in place through which you can get those results. They do, it's through your doctor.

Here's what's even MORE dumb. I'm a nurse, and if I went into my hospital due to a medical issue or sickness, I'm not even allowed to look up my own results. Hows *that* for stupid. I'd have to go through a medical records request at discharge like anyone else. I'd be fired if I didn't and someone found out.

Re:If the data is being "wirelessly" transmitted..

[The+MAZZTer]

(To be clear, I didn't RTFA yet so I dunno if it is or not.)

Re:If the data is being "wirelessly" transmitted..

[crashumbc]

Not knowing his specific one I can't say for sure. But I can say MOST medical devices have very little in the way of security... its really pitiful how far back the medical field is.

Re:If the data is being "wirelessly" transmitted..

I get the feeling that cracking your own defibrillator isn't the best idea in the world.

he wants to hack his own heart

the dude is probably thinking of tampering with the device's firmware settings and increasing his own pulse so he can go on a rampage around town like in that movie "Crank"

Re:If the data is being "wirelessly" transmitted..

[slazzy]

This might be the reason they don't want to provide that information. Security through obscurity you know.

His doctor should be entitled to the data, period

[davidwr]

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Now, if the company is refusing to share the raw data with the patient's doctor, that's just plain wrong and it should be illegal. Likewise, if they are refusing to share it with the patient's attorney, then the attorney should have an absolute right to subpoena it.

Likewise, if the doctor doesn't have a bona fide medical reason for refusing to pass that data on to the patient, that should be called medical malpractice.

Like a gaming console

You are probably just licensing your heart, the Company still owns it.

Blame American Jurors

[mc6809e]

A gas can maker was recently forced out of business when a jury found the maker 70% liable in the death of a 4-year-old that perished in a camper when her father poured gasoline into a wood burning stove.

Someone can pour gasoline from a can onto a fire and a jury will still blame the maker of the can.

Do you really think the maker of this device is going to take a chance of losing everything through potential misuse of this wireless capability?

Anyone in business needs to understand that they're seen at best by jurors as a necessary evil and as a source of money to help someone they sympathize with. Additional unnecessary features are just additional opportunities for big judgments against you and your firm.

Re:Blame American Jurors

A gas can maker was recently forced out of business when a jury found the maker 70% liable in the death of a 4-year-old that perished in a camper when her father poured gasoline into a wood burning stove.

Someone can pour gasoline from a can onto a fire and a jury will still blame the maker of the can.

Do you really think the maker of this device is going to take a chance of losing everything through potential misuse of this wireless capability?

Anyone in business needs to understand that they're seen at best by jurors as a necessary evil and as a source of money to help someone they sympathize with. Additional unnecessary features are just additional opportunities for big judgments against you and your firm.

Anyone in business (or not for that matter) these days needs to learn where the real problem lies. Attorneys and frivolous lawsuits.

Between bullshit patent wars and litigation, I don't predict it will be much longer before there will be no further drive to innovate. Not because the world isn't full of innovators, but because everyone is too goddamn afraid of getting sued into oblivion for breathing on a customer wrong.

Re:Blame American Jurors

Do you really think the maker of this device is going to take a chance of losing everything through potential misuse of this wireless capability?

Not their choice. Under HIPAA they must provide the patient with all of the patient's personal medical data. Not optional.

Re:Blame American Jurors

[91degrees]

These things tend not to be quite so frivolous when you look into them.

Straight Dope Boards suggests that there was a design issue that the gas can manufacturer knew about, that would result in an explosion. A slight redesign would have meant that the 4 year old would have survived.

Re:Blame American Jurors

Another thing that might have saved the child would be if her idiot father didn't pour gasoline into fucking fire.

Re:Blame American Jurors

[Lehk228]

i had a blitz brand gas can, it was a leaky piece of shit and the spout fell apart on me when i was pouring. i don't know the details of the lawsuit but i am not surprised they got sued out of business using such low quality construction for something as hazardous as holding gasoline.

http://www.lowes.com/pd_90258-1362-80033_0__?productId=3126289 this is the nozzle mine had (smaller can not the 5 gallon). parts shattered and flew out from under the handle about 6 months after i got it, while trying to pour gas.

Re:Blame American Jurors

[91degrees]

Yes. He was also found to be at fault.

Re:Blame American Jurors

[cheros]

I don't predict it will be much longer before there will be no further drive to innovate

Not necessarily. AFAIK, all innovation has to do is to avoid the USA..

The problem isn't so much where there is *real* abuse, it's the ability for the bigger players to nuke a small innovator off the playing field by draining its pockets in court.

Wasn't it Mark Twain who said that courts are where justice is dispensed with?

Re:Blame American Jurors

But apparently only 30% at fault. I guess maybe he and two representatives of the gas can manufacturer got together and unanimously decided to perform the aforementioned activity?

Re:Blame American Jurors

A gas can maker was recently forced out of business when a jury found the maker 70% liable in the death of a 4-year-old that perished in a camper when her father poured gasoline into a wood burning stove.

Anyone in business (or not for that matter) these days needs to learn where the real problem lies. Attorneys and frivolous lawsuits.

Attorneys are hired guns. And both sides in the lawsuit have them. The problem is juries. Now, what to do about that is another question altogether.

Re:Blame American Jurors

[91degrees]

Doesn't seem much different from a car exploding if driven recklessly. If a car explodes killing nearby pedestrians when driven above the speed limit, the manufacturer would be at fault as well.

Are you surprised that someone did something so stupid? If someone does do this, then there's a limit to how much harm you can prevent for the idiot doing so, but this then resulted in the death of bystanders, when the company knew full well how to prevent that. Manufacturers are expected to make things as safe as possible in the manner they're typically used. If they're typically used incorrectly, then this should be considered in the design.

he just wants to overclock it

[FudRucker]

so his heart will go pitter-patter like a 20 year old in love

The User Agreement Fine Print

I can imagine that buried within the 'User' agreement are words like, ...

'installation of the device makes the 'User' a medical subject. Medical subjects are not classified as human beings, lose all rights including under local, state, federal and international laws particularly to the treatment of prisoners of war and all human rights in general for the term of the installation.'

sol

Dr. van Nostrand

[Joe_Dragon]

Kramer at doctor's

Kramer : I like what you've done with that .

Attendant : May I help you ?

Kramer : Yes , yes . I am Dr. Vanostran from the clinic . I need Elaine Benes

chart . She's a patient of mine and she's not going to make it . It's uh very

bad very messy .

Attendant : I see and what clinic is that again ?

Kramer : That's correct .

Attendant : Excuse me .

Kramer : From The Hoffer-Mandale Clinic in Belgium .

Attendant : Really ?

Kramer : The Netherlands ?

Re:His doctor should be entitled to the data, peri

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Now, if the company is refusing to share the raw data with the patient's doctor, that's just plain wrong and it should be illegal. Likewise, if they are refusing to share it with the patient's attorney, then the attorney should have an absolute right to subpoena it.

Likewise, if the doctor doesn't have a bona fide medical reason for refusing to pass that data on to the patient, that should be called medical malpractice.

He is not a psych patient so all his healthcare info legally belongs to the him...

Re:If the data is being "wirelessly" transmitted..

[ceoyoyo]

And perhaps the other people with this kind of implant would prefer this guy not be given the private key.

Here is the data

Duplicates removed and sorted: 0 1

Good enough?

Re:If the data is being "wirelessly" transmitted..

[Robert+Zenz]

How often have you seen a device that transmits *something* wireless being properly secured when the companies goes "No, we can't give you access to that...because...it is too complex for you to understand!" or "Why should we give you that data?"?

Great!

[AlienIntelligence]

Fucking DRM on our tickers now!

-AI

Re:Great!

well you could just die

Re:If the data is being "wirelessly" transmitted..

[Jawnn]

...it is available to anyone with a receiver.

Available, yes, but if you decrypt it, you have broken the law.

A waste of time of time an energy

According to Karen Sandler, a lawyer with an implant, "I don’t want to rely on one company for any part of my life. I don’t want to rely on Medtronic for my heart, and I don’t want to rely on any other company for any other thing." Fine. Go have it taken out. Unless you were unconcious you agreed to have it put in. Make up your mind.

Re:A waste of time of time an energy

[cheros]

What if the company goes bust, or refuses to fix a problem? What if the company screwed up and it can be hacked (not impossible)?

In addition, that is their data - you can't get more personal than heart data, I think..

Re:A waste of time of time an energy

brain data.

This is why...

[seven+of+five]

20120420 08:00:22 CARDIAC SYSTEM INIT
20120420 08:00:24 VENTRICLE TEST OK
20120420 08:00:25 AORTA TEST OK
20120420 08:00:26 BATTERY TEST OK
20120420 08:00:27 0MG GR0W B1GG3R P3N1$ 1N 3 W33K$!
20120420 08:00:27 CHINA HANDBAG SHOES FASHION LOWEST PRICE
20120420 08:00:27 MEET SEXY SINGLES IN UR AREA
20120420 08:00:27 URGENT FROM WELLS FARGO BANK ACCOUNT RESET!

Bacardi 151

[slackware+3.6]

Come on even Bacardi 151 has a flame arrestor on the bottle. Get with the times other companies can make a better gas can so you better do so as well or you will lose your company. It is called the American Dream or Capitalism.

Re:If the data is being "wirelessly" transmitted..

[tlambert]

If it's encrypted, then this would give them access to both the cyphertext and cleartext of the data, which is the essentials of what you need to reverse engineer the cryptography.

Now ideally, the control and reporting cryptography would use different keys, but there is only so much code you can fit into a small embeddable medical devices, and it's likely they are the same code, if not the same key pair.

In this case, it's reasonable to not give samples of both sets of data out to prevent reverse engineering of the control channel which could then be used on someone else's implanted medical device.

America land of the free

If you want to know anything about yourself... not so free.

Boy are we the rest of the world jealous.

It would be illegal under HIPAA to give it out

[tlambert]

If the same control codes for device A implanted in patient Q would work with device B implanted in patient R. Specifically, disclosing the information to patient Q would disclose private health information for patient R, since the health information in this case is common to everyone with the same implant.

See my other posting relative to cryptography to see ow giving both cleartext and cyphertext to the same person would be tantamount to providing similar HIPAA protected information about another patient, if the control and/or reporting channel keys and algorithms were disclosed.

This is probably a case where "security through obsurity" is in line with Federal law, based on their (arguably poor, yet approved by the FDA) design choices.

Re:It would be illegal under HIPAA to give it out

[profplump]

If the information is common to everyone with the same implant is it, by definition, not personally identifiable or private health information. Disclosing the existence of patient Q to patient R, or visa versa, would be a violation. But merely telling either of both of them independently that they have their implant set to "Mode B" is not, just as telling patient Q that he has a heart rate of 79 is not a violation if patient R happens to also have a heart rate of 79.

Also, even if there is some private data that needs to be hidden, it's entirely possible to design a crypto system that's secure against known-plaintext attacks. Almost are modern crypto systems are; you'd have to do something dumb to not get that feature from any common crypto library.

Re:It would be illegal under HIPAA to give it out

[tlambert]

"“Individually identifiable health information” is information, including demographic data, that relates to:

* the individual’s past, present or future physical or mental health or condition,
* the provision of health care to the individual, or
* the past, present, or future payment for the provision of health care to the individual,

and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual."

I agree that it's possible to design such a system; I do not agree that medical device vendors have designed their systems in that way. Generally, they were probably more concerned with making working medical devices rather than information security, since that's the problem right in front of them. See also:

http://www.massdevice.com/news/update-insulin-pump-hacker-outs-medtronic-company-responds

Note that this is the same company (Medtronic) that manufactures two of the pacemakers he was blogging about wanting data from.

Re:His doctor should be entitled to the data, peri

[Hatta]

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

I don't see how that would help a paranoiac.

Re:His doctor should be entitled to the data, peri

[stephanruby]

He is not a psych patient so all his healthcare info legally belongs to the him...

How do you know? May be, he was just having a panic attack and they implanted an Altoids Tin Can into his chest to trigger the Placebo effect.

Re:His doctor should be entitled to the data, peri

[sunwukong]

For the last time -- off my couch!

Re:His doctor should be entitled to the data, peri

[cowboy76Spain]

Don't tell that to your doctor...

Had a friend in a similar position (UK NHS)

I had a friend a similar position. Difference being, he was a an IT professional and relatively young for a person to receive such a device. So he got the data and knew exactly what it was doing to his heart, because the doctors where very interested in his condition and he knew exactly how to interpret what they told him, and he could tell them that. He called it "learning how to hack his heart".

There are numerous issues with this. Firstly, an ICD has firmware that can be reprogrammed remotely (i.e. through skin, without the need for surgery). Which is good - kudos to the ICD manufacturers for implementing it. Secondly, ICDs are not dumb devices, Thirdly, because he was young (under 40), the data from his device was of interest to essentially everyone in the medical field, because they had very little data from that age group. I can understand it being valuable.

Caveat: He was in the UK, with a national health service. There may be different conditions on how much data can be revealed under such a system.

Re:His doctor should be entitled to the data, peri

psychology != psychiatry

A therapist is not a medical doctor.

Patient Bill of rights....

[flogger]

I usually avoid hospitals and the medical profession in general unless it is needed, ie, broken bones or donating a kidney (Which I did recently.) A couple years ago while camping my some broke a bone. I put it in a splint then took him to the hospital to get a get it set and placed in a cast. This was on a Saturday in a very "out-in-the-boonies" location. Before the staff would even look at my son, I had to sign a patient's "Bill of Rights." indicating that I had read the items on their list... There were around a dozen items and I don't remember what they were except for the first one. "The Patient has a Right to all medical records assembled during the visit." Maybe this is enforced in other hospitals. I don;t know.

Anyway, My son was X-Rayed and dealt with and released.

On the way out, I asked the secretary, who made me sign the "Patient's Bill of Rights," for a copy of my sons X-Rays and a print out of the Vitals they recorded. I was told "No, Those are not for you." I put on my "Contrary-Old-Bastard Hat" and stated that I have a "right" to those and read back the 1st item on theh "Patient's Bill of Rights." I explained that the X-Ray and vitals were records of the visit and that the hospital, before my son was allowed any medical attention, made me sign a form to acknowledge that I have a right to those records. I was told that I had to go through the Records department and Billing in order to get the records. These offices would not be open until the following Tuesday (due to a Holiday.) Not wanting to get mad at the secretary for doing her job, I asked to talk to her boss or whoever was in charge of the hospital that day. She informed to me with all of her arrogance that since it was the weekend, she was in charge. So I ranted to her for a while and then read the entire "Patient's Bill of Rights" to her. I strongly emphasized that nowhere in this document, which we both signed, did is mention that I should go through Billing and records. After ranting a bit more she let me know that my son's doctor can request the records and the records will be sent without charge. I explained more how I am his parent/Guardian and in charge of his primary care and that I want the records to that I can hand deliver the records when I can return and set an appointment for cast removal. Again I read the entire "Patient's Bill of Rights" to her and then explained that nowhere on it did it say that my doctor was to get the records. I asked her bluntly to obtain a copy of the records. She actually stomped her foot and said, "No."

"OK," I said, "since I have been forced to acknowledge that I have a right to my son's records, I am going to sit right here in the middle of this hallway until I get them." And I did; I sat down in the middle of the hallway. (My son was looking at me in a state of shock -- He was at that Jr. High age when anything a parent does is considered embarrassing .)

The secretary stared at me for about 30 seconds. then left. A minute after that she came out with a doctor and he asked what was up. I mentioned that I was waiting for a copy of my son's medical records. He nodded, went behind the counter and gave me the X-Rays and vitals papers. I said "Thank you" and left.

This anecdote is not so that I can say I am an old cantankerous fart, it it to illustrate that even though people have rights to information, the ones that hold the information feel compelled not to give it up. THis is true with software, medical data, music... I don;t know where this attitude comes from.

[off my soapbox]

Re:Patient Bill of rights....

[VortexCortex]

This anecdote is not so that I can say I am an old cantankerous fart, it it to illustrate that even though people have rights to information, the ones that hold the information feel compelled not to give it up. THis is true with software, medical data, music... I don;t know where this attitude comes from.

Emboldening mine. I know where the attitude originates, and so doe Sid Meier...

"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
- Commissioner Pravin Lal, Alpha Centauri

Re:Patient Bill of rights....

[davester666]

So this is the fault of some motherfucking foreigner?

Re:Patient Bill of rights....

[mkiwi]

As a child in a medical type family, let me first say to you: Never, ever ask a secretary, head nurse, or anyone else for anything like that. Go straight to the doctor. The doctors have all the power and their subordinates like to think they do.

The doctors know the rules, and if you had just gone to the doctor and asked, there should have been no problem. However, since you asked someone who either (a) did not know how to get the records, (b) did not know if they had the authority to give the records, or (c) you've just made the women's life a lot more complicated, because if she gives you the records herself she may be fired and/or sued. Don't even ask a technician for the results, they probably won't tell you for fear of being disciplined.

Basically, you asked the wrong person for the right information. Always ask the doctor––they can get it to you. He/she ordered the test, he/she is on the top of the totem pole, and he/she can do whatever the hell they want because they have passed board exams, medical school, and have M.D. after their name.

That said, the lady was stupid for not having a nurse ask the doctor about the issue. As to your manner, there are some good posts above that highlight the benefits of not being a dick.

Re:Patient Bill of rights....

The problem is that for the health care entity to provide you your records this has to be done in accordance with HIPPA or they will get their asses handed to them. To get your own records, you have to sign a records release allowing the entity to release them to you. This release must be handled appropriately and kept with your record. In most cases the people who handle such requests are the medical records department - who are open 9-5M-F at most hospitals. (I have no idea what billing had to do with this... but maybe they were in the same department?) So in this case, the secretary was adhering to the HIPPA law and quite likely hospital policy based on that law. The doc was being a cowboy and deciding that a small violation of HIPPA is worth not having to call the cops on some jerk who is making a scene and making the ER less accessible to other patients and staff by blocking a hallway.

With regard to the basis of your complaint: No, HIPPA and the patient bill of rights you signed do not grant you the right to get *immediate* access. There is a stipulation in HIPPA about immediate access – for provider to provider communication even without the patient's consent. HIPPA specifically says that non-emergent information can be provided in a timely fashion that is defined in business days. So yes, you have a right to your records, but no you don't have the right to your records immediately and to be released to you in violation of HIPPA. You also don't have a right to be a flaming asshole who disrupts the function of an ER – but I don't fault the doc who gave you the info. He was taking a risk on himself (violating HIPPA) rather than call the cops on some jerk who is making a scene and blocking access to the ER till he gets his way like a toddler.

Re:His doctor should be entitled to the data, peri

[guttentag]

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

You never know, he could get stuck in a feedback loop. He sees that his heart is beating a little fast because he's anxious about what his heart rate is. This causes more anxiety which causes his heart to beat faster. Seeing that it is out of control sends him into a panic and pushes the rate even higher, etc. Eventually he has a heart attack and sues the company.

Re:he wants to hack his own heart

[rvw]

the dude is probably thinking of tampering with the device's firmware settings and increasing his own pulse so he can go on a rampage around town like in that movie "Crank"

Computer says no.

Companies want to see data from fheir patients

[G3ckoG33k]

Companies want to see data from fheir patients?

Why? Only make money? No.

Still, it is a serious moral contender to why Romney is so very much morally wrong.

For once, let the Moral Majority speak up - Dont Put A Price On My Child's Life.

How much is a Texan child worth compared to someone from Massachusetts?

Re:Companies want to see data from fheir patients

[gl4ss]

money/debugging.

mostly it's about money.

this way they just don't sell a device, they sell a service with on-going fees.

Go to the source

[Local+ID10T]

HIPPA

U.S. Department of Health and Human Services
Office of Civil Rights
200 Independence Avenue, S.W.
Washington, D.C., 20201
Phone: (866) 627-7748
Web: www.hhs.gov

The Center for Medicare & Medicaid Services
toll free HIPAA Hotline: 1-866-282-0659

You also have the right to *not* be a dick.

[Brannon]

You chose not to exercise that right. If it was me, I would have given you the records but along with them a little speech about how civilized people act in a civilized society. The speech wouldn't be for you--it would be for the benefit of your poor embarrassed son in the hope that he wouldn't grow up to be a huge dick like you.

Re:You also have the right to *not* be a dick.

He asked, politely, for the medical records that were assembled during the visit. His request of a copy of the records that he was entitled to was flatly denied. He was *forced* to acknowledge that he was entitled to these records by the same staff that was -later- denying that he was entitled to those records. He attempted to correct the misunderstanding of the staff by reading back the first item on the document that he was forced to sign. When he was met by bureaucratic non sense, he persisted with logic and reason.

What would you have done in his situation? Gone home after the first denial of your rights? (Note, his access to the records was described as a *right* in the document that the staff required him to sign.)

Re:You also have the right to *not* be a dick.

[guises]

Obviously I don't know what he actually said here, there are polite ways to ask for things and impolite ways, but I've been on the receiving end of this "We won't give you your own information" bullshit before. In my case, the lady behind the counter claimed that there was some law preventing her from giving the information to me. I didn't have a piece of paper stating exactly the opposite, so I ultimately just had to leave without getting the test that I had come for.

It doesn't sound to me like he was being a dick. Maybe a lawsuit would have been more appropriate than sitting in the hallway, but this is a significant problem and I'm glad he stuck to his guns.

Re:You also have the right to *not* be a dick.

[Chris+Mattern]

a little speech about how civilized people act in a civilized society.

Odd, I was thinking about the same thing. Except that it's the receptionist who needs that speech, not the poster. The poster wanted nothing more than that the reception spend literally a couple of minutes getting what he had a clearly documented right to have. Three cheers for the poster! If more people would refuse to put up with bureaucratic bullshit, the world would be a much better place. I hope his son grows up to be just like him.

Re:You also have the right to *not* be a dick.

[Iskender]

Now tell me why the secretary is allowed to be a dick and break the written rules in that situation.

Re:You also have the right to *not* be a dick.

I'd hope his son would use this experience to strengthen his own critical thinking and subsequent behavior.

His dad did not become violent. He asked for records that he ought to have access to. The request was not unreasonable or inconsiderate. The requested documentation should have been handed over upon request. It was not. The secretary chose to be unreasonable -- and if it was not within her purview to give them out, doctors with that power were clearly available. If she did not want to decide on her own, all she had to do was ask for one. Now, reading the bill to her does sound inconsiderate. But not in context.

Civilized people in a civilized society would produce the documents when requested. In fact, I have received documents exactly like that before; though admittedly I did not have to ask for them. And all I did with em was ... give them to my doctor. That's what civilized people do.

Re:You also have the right to *not* be a dick.

You chose not to exercise that right. If it was me, I would have given you the records but along with them a little speech about how civilized people act in a civilized society. The speech wouldn't be for you--it would be for the benefit of your poor embarrassed son in the hope that he wouldn't grow up to be a huge dick like you.

Sorry, but nothing in OP's story suggests that he was anything other than civilized.

He was (both legally and contractually) entitled to a copy of those records. He was denied.

If he'd wanted to be a dick, he'd have gotten lawyers involved.

Presumably, you think that sitting peacefully in a public space constitutes uncivil behavior. I shudder to think of what you might have done to, say, Dr. King or Ghandi,

Re:You also have the right to *not* be a dick.

+1. There is a fine line between being polite and being a coward and the difference in people's opinions on this matter generally stems from how much they value contracts in general. If you are the kind of person who simply never reads what they sign and just accepts any perceived future unfairness (most people) then you're a lazy coward in my book who only has rights because of the "dicks" of this world. If you don't read what you sign but later resolve to fight perceived unfairness (by refusing to pay a termination fee for a phone contract for example) or you often/always read what you sign and frequently refuse to sign things until certain conditions are changed then you are a complete dick and the lazy, cowardly fucks of this world are indebted to you for making their lives easier.

TL;DR. When dealing with any organisation, company, or government, being a dick is a true virtue and being polite is selfish.

Re:You also have the right to *not* be a dick.

You chose not to exercise that right. If it was me, I would have given you the records but along with them a little speech about how civilized people act in a civilized society.

Doubtful. Highly doubtful. That you consider someone sticking up for himself and his rights to be a "huge dick" shows that you're basically a doormat for people to wipe their feet on. Enjoy your life as a fawning, servile toady.

Turing word: obedient
In a sentence: Brannon (221550) was nothing if not obedient, a highly desirable trait for a contemptible lickspittle such as himself.

Re:You also have the right to *not* be a dick.

After reading the story i was firmly convinced that the lady not giving up teh info was the dick.
You realy must be an apathetic asshole to deny someone the thing that you just before acknowedged by signature they had a right to.
Fuck people that abuse power.

Re:You also have the right to *not* be a dick.

[mysidia]

Odd, I was thinking about the same thing. Except that it's the receptionist who needs that speech, not the poster.

Exactly. It's an iconic example of BAD customer service.

Yes... "go bother someone else, ask the records department" may meet the legal requirements. In reality, the secretary with that kind of an attitude towards customers should be fired.

Re:You also have the right to *not* be a dick.

Here's a bit of civilization for you. Fuck that chick that wouldn't give up the goods, and fuck you. Preferably with the same bullshit stick that fills you both with holier than thou attitude. I'll beat you both with it. Civilization writ large.

Re:You also have the right to *not* be a dick.

[kenorland]

So, the secretary that tells someone to drive back for another couple of hours after the weekend to get the records she could get in a minute right now is supposed to be "civilized"?

If you drive a modern car,

[cvtan]

you can't even see the raw data from the water temperature gauge, so of course we are all too dumb to see complex health data. The temp data is manipulated so the gauge needle stays in the middle nearly all the time. Exceptions are when the engine is very cold or when it overheats. Normal fluctuations are not shown because they cause unnecessary service calls. There was a recall on Jag sedans to put a resistor in series with the temp sender to damp out needle fluctuations. My MINI does the same thing (checked with data from the OBDII port).

Re:If you drive a modern car,

[jittles]

My MINI does the same thing (checked with data from the OBDII port).

I thought you said you didn't have access to this info? What this guy wants is exactly like an ODBII port for his heart. Most people don't care if their gauge fluctuates some. That's normal. If you care, do like I do and leave a Bluetooth reader hooked up and get the android app torque that let's you pull that up whenever.

Re:If you drive a modern car,

[mysidia]

I thought you said you didn't have access to this info? What this guy wants is exactly like an ODBII port for his heart.

Except well, you know... ODBII devices aren't necessarily passive, there's a possibility that some could make invasive changes, that could effect the operation of the vehicle, which could have an adverse impact on the vehicle's warranty.

Allowing a third-party to interface with the medical device could be inherently dangerous, if this involves/requires two-way communications.

It's understandable that the manufacturer wouldn't allow this.

What they should be required to do is to provide the patient with access to any data that is stored by the device, at the time when the persistent data is gathered from it, the record should be preserved and made available just as all their other medical records are.

If the device doesn't actually store any data, then you don't actually have a record. But it's also reasonable for a patient to want to pick the device that does keep a record, given alternate choices from different manufacturers, model numbers, etc, etc.

Re:he wants to hack his own heart

[cvtan]

Defibrillator app error message: "Your heart has unexpectedly quit. OK?"

Patient Needs Conflict with Manufacturer's Profits

[wagonlips]

The only reason this isn't happening is that the manufacturers want more money. The patients are basically asking for the data so that they can go wherever with it, do whatever with it, and that looks like dollar signs flying out the window to the manufacturers. What the patients might achieve with the data is irrelevant.

then give the data after it's read

So then, it should be ok to give him the data once it's read from the device, no ?

Re:then give the data after it's read

[Dunbal]

I personally wouldn't see a problem with it. After all it's only data. I can't speak for the implant maker though. Maybe they'll burn a CD for you one day, like they do with almost everything else. Ultrasound? Here, take this CD home. Angioplasty? Here, have a CD... Heck it could even be a selling point.

Am I missing something important here?

[westlake]

"Hugo Campos got an implanted cardiac defibrillator shortly after collapsing on a BART train platform. He wants access to the data wirelessly collected by the computer implanted in his body, but the manufacturer says No.

If he wants information about his heart, why isn't he talking to his cardiologist?

Someone who knows his medical history? Someone who can interpret the data correctly?

Does the manufacturer have the data he wants?

What Is Follow-Up Like with ICDs?

After your ICD is implanted, the doctor will want to see you four to six weeks after surgery to make sure the surgical site is fully healed and to answer any additional questions that may have occurred to you in the interim. Afterward, the doctor will usually want to see you in the office two to four times per year. During all these visits, your ICD will be wirelessly "interrogated" using the programmer. This interrogation gives the doctor vital information on how the ICD is functioning, the status of its battery, the status of the leads and whether and how often the ICD has needed to deliver therapy - both pacing therapy and shocking therapy.

Some modern ICDs have the capacity to wirelessly send this kind of information to the doctor from your home, through the Internet. This "remote interrogation" feature allows the doctor to evaluate your ICD whenever needed, without requiring you to come to the office. Even if your ICD has this remote feature, however, the doctor will want to see you in the office at least once a year.

The Implantable Defibrillator

Re:Am I missing something important here?

Those wireless transmissions are sent through the device company and into a database on a server until the doctor or device clinic logs in to see the info. The information does not go directly "to the doctor."

Furthermore, what would you say to the uninsured patient who can't afford a cardiologist? Or to the patient who wants to access his info 24/7 (an option given to the doctor, but not the patient)? Or a patient who simply wants to analyze and interpret on their own? "Sorry, we don't think you have that right?"

Device patients should not have to go through a third party in order to receive their own medical information.

Karen Sandler

The delightful FOSS advocate & lawyer who is the current legal head of GNOME has the same issue.

Her talk 'From My Heart to the Desktop (https://www.youtube.com/watch?v=nFZGpES-St8) is really worth watching.
The FDC doesn't even require any company to submit sourcecode to them...because, you know, bugs are only 1 in every 100 lines of code aka 'nothing to worry about!'.

Here's the right way to handle this situation.

[Brannon]

Call again later when someone more senior is available. Contact the patient's advocate at the hospital to lodge your complaint for the bureaucratic hoops you were forced to jump through. Move on with your life.

These are white people problems--get over it. The guys isn't Rosa Parks.

Re:Here's the right way to handle this situation.

[guises]

These are white people problems--get over it.

Are you honestly suggesting that this has something to do with his race? I think you meant to say "rich people problems" but you fucked it up.

Your solution is that he should jump through more bureaucratic hoops of the hospital's complaint process in order to complain about the bureaucratic hoops that he was already forced to jump through. That is not moving on your your life. He seems to have handled this in the most expedient way possible.

Re:Here's the right way to handle this situation.

[tqk]

Call again later when someone more senior is available. Contact the patient's advocate at the hospital to lodge your complaint for the bureaucratic hoops you were forced to jump through. Move on with your life.

These are white people problems--get over it. The [guy] isn't Rosa Parks.

Good advice, but you're wrong. The guy shouldn't have needed to get bitchy to get what they'd just made him sign away his life to get. On the other hand, the "one in charge" had an obligation to protect the kid's documentation, so good on her. She overdid it, but I'd prefer she did that than the alternative.

These are not "white people problems", and you're a jerk for suggesting they are. You people need to fix your tort law system, which is what causes this imbecility. Hauling out the "sue" card first is the silliest course of action possible.

Re:Here's the right way to handle this situation.

[LordLucless]

Ahh, yep. Because if you can point to anyone, anywhere, in any point of time who had it worse than you, any otherwise-legitimate complaint you have is rendered irrelevant, since it's only a "white people problem". Enjoy the taste of bootsole as the rest of the world walks over you - and remember, you have no reason to complain. It's not like you're some Egyptian slave; it's only a white person problem.

Re:Here's the right way to handle this situation.

[Lando]

Yep, always good to call again later, especially if you are in a foreign state. I always appreciate being as inconvinced as possible. It's not his problem that they didn't have any senior staff at the time. And since when is a receptionist in charge? There is always a contact number. But it's all in how you chose to handle it

Sound like a good HIPPA case...

Health Information Privacy and PORTABILITY Act,

  Sort of growing tired of fines being thrown around for the Privacy portion of this $@# piece of paper, where is the Portability enforcement?

Sounds like a HIPPA case to me....

[elkto]

Health Information Privacy and PORTABILITY Act,
Sort of growing tired of fines being thrown around for the Privacy portion of this $@# piece of paper, where is the Portability enforcement?

This is a nonstory

[Stickerboy]

Disclosure: I am a doctor, and I work with patients with pacemakers on a frequent basis.

If he wants a raw printout of the data generated, he should make an appointment, stop by his cardiologist's office, and ask the cardiologist. I've been asked a few times by curious patients to see the readouts. I always show it to them, give them the clinical interpretation of the data, and let them keep it if they want. Most don't; it's several hundred small pages of gibberish to an untrained eye, linked together like the old dot matrix printer pages.

If he feels uncomfortable with having a machine in his body that he can't check out himself every second of every day, he can ask to have it turned off ("turned off" being simplistic) or for a surgeon to remove it. [Insert belief system here] didn't give him the pacemaker growing in him when he was born - he can choose to use it as designed or choose not to use it, which is a valid choice. There are real potential harms to widely propogating machines that could decrypt the data; the exact same machines allow us to reprogram the device, including settings that could harm or kill the patient. The encryption IS the security on implantable, reprogrammable medical devices; password, 2 step authorization or the like is not possible due to the existence of medical emergencies in which prompt access by medical personnel not normally involved in his care to the input and output of the device can mean the difference between life and death.

Re:This is a nonstory

Why shouldn't he be able to do it himself into an electronic format? It's a lot of data as your printout indicates, so it would likely be far more use to someone in an electronic format.

This reminds me of the medical opinion on blood glucose readers when they were first introduced. Good for doctors, good for the police (to tell the drunks and diabetics apart), but not good for the diabetics. But a diabetic engineer with a wife who was a doctor, and thus able to obtain one for him, was able to use the information it provided to radically improve his health. He eventually went to medical school himself, and became a vocal proponent for their use in patient care. Today, home blood glucose testing is considered a standard part of diabetes care. Who is to say home pacemaker readings might not be as useful?

Re:This is a nonstory

[longbot]

Doctors.They always know better than you, because they're so smart(tm!)

Re:This is a nonstory

[zippthorne]

I get why two-step authorization might not be clinically desirable, but why does it need to use the same key for encrypting the output that it uses for decrypting the input, other than to provide an excuse not to allow the patient to see his own info?

The patient, btw, has the greatest personal investment in a positive outcome, and while it's certainly plausible that they are not and will not study medicine and become a doctor, most people can afford to invest the time to become experts or near-experts in a narrow enough field - like the specific operation of the medical device implanted in their own bodies. Certainly enough to be able to say, "woah, that looks like something I should go see a doctor about right away."

Doctors are supposed to be knowledgable people who can interpret results and come to reasonable conclusions. Not opaque oracles pronouncing their decrees from on-high.

Re:This is a nonstory

There are real potential harms to widely propogating machines that could decrypt the data; the exact same machines allow us to reprogram the device, including settings that could harm or kill the patient. The encryption IS the security on implantable, reprogrammable medical devices; password, 2 step authorization or the like is not possible due to the existence of medical emergencies in which prompt access by medical personnel not normally involved in his care to the input and output of the device can mean the difference between life and death.

Hmm that's weird. I have a real heart that I was born with, it's not encrypted, and the average person in my country knows at least it's basic functions. Regardless of the existence of a machine implanted/attached to my heart, the average person in my country knows multiple ways to "reprogram the device, including settings that could harm or kill me".

Three come to mind immediately: "reprogramming" by means of electricity (aka, shocking my heart into arrhythmia or cessation), puncturing it with a knife (aka, stab wound), traumatizing it with a projectile (aka, gunshot wound). Oh and a fourth could be cardiovascular depression from a chemical substance (aka, drug overdose).

Get the fuck off your almighty doctoral high horse your pretentious prick. Our bodies are ours, not yours, and we have more rights to the data they produce than any extant external body.

Re:This is a nonstory

[Jiro]

While people can do things to your natural heart that can make cease to function, they know better than to just casually meddle in such things (unless they're major criminals, or too stupid to live.) And it takes more than a slip of a finger or an accidentally typed zero to do it. As a practical matter, this is not going to be true of implants.

Re:This is a nonstory

[martin-boundary]

Especially Bambi. 'Cause he's the smartest!

Re:This is a nonstory

[mysidia]

I always show it to them, give them the clinical interpretation of the data, and let them keep it if they want.

The problem with printouts is they are not machine-readable. For records keeping and trends analysis purposes, that is a pretty unsavory proposition, versus a suitable digital file format for gathering the raw datapoints instead of displaying some visualization of them.

There are real potential harms to widely propogating machines that could decrypt the data; the exact same machines allow us to reprogram the device, including settings that could harm or kill the patient. The encryption IS the security on implantable, reprogrammable medical devices; password, 2 step authorization or the like is not possible

UNLESS every implant in use has a unique non-shared encryption key, that cannot possibly be obtained except with proper authorization, then the encryption is not really "security" in the first place.

If there is one shared key and no unique password; then the key material is available.... for the right price, and with the right reverse-engineering skills applied.

I don't suppose it occurs to you to have the device send a serial number, and for there to be a central clearinghouse capable of authorizing any device to be reprogrammed, by lookup up the password, and giving it to the emergency responder, but to keep the device READ-ONLY otherwise?

Re:This is a nonstory

[Stickerboy]

The problem with printouts is they are not machine-readable. For records keeping and trends analysis purposes, that is a pretty unsavory proposition,
versus a suitable digital file format for gathering the raw datapoints instead of displaying some visualization of them.

The raw printouts themselves are pretty worthless. (At least for pacemakers/defibrillators.) It's the interpretation of them that is worth something. The signal/noise ratio is astoundingly low, simply because the heart functions are expected to be stable if not normal for someone who is an outpatient. There's an old adage of anesthesia: "2 hours of boredom (or crosswords, or sudoku, depending on how up to date the adage is), and 2 minutes of sheer terror." For reading a printout of the raw data of a pacemaker, it's more like 1,209,530 seconds of boredom, and 30 seconds of clinically relevant material.

And, welcome to electronic medical records. Half of it is still scanned-in digitalized versions of hard copies. Until there is a mandated-from-high, universal standardized medical data output, it's going to stay that way.

UNLESS every implant in use has a unique non-shared encryption key, that cannot possibly be obtained except with proper authorization,
then the encryption is not really "security" in the first place.

If there is one shared key and no unique password; then the key material is available.... for the right price, and with the right reverse-engineering skills applied.

It might surprise you that I agree. It's certainly a double-edged sword; having a device that you don't have to surgically remove every time you need to adjust its settings is a blessing for the patient for routine healthcare maintenance. (Plug-ins are not an option due to infection risk.) The real problem is this: in order to get maximum benefit (and prevent potential harm) from these devices, in the right situation complete strangers with no personal knowledge of who you are or what device is in you needs to be able to access the device, read the data, and make changes if necessary. And in the wrong situation, if a complete stranger has access to the same tools, they can do a world of harm.

In a way, it's similar to who gets to own a set of lockpicks. The best compromise seems to be to keep them with certified professionals with an accountable paper trail. The general rule for tools like this in medicine is this: if you are qualified to fix something should it go wrong, and in a position to do so, you have access to the tools. Otherwise you don't.

I don't suppose it occurs to you to have the device send a serial number, and for there to be a central clearinghouse capable of authorizing any device to be reprogrammed, by lookup up the password, and giving it to the emergency responder, but to keep the device READ-ONLY otherwise?

So what happens when the central clearinghouse, or access to communications, goes down? The more complicated you make the interface for medical devices, the more potential points of failure you introduce when it comes to an emergency for any particular patient. The last thing you want to see in an emergency is a message pop up on a machine "CANNOT FIND WI-FI SIGNAL (TRY AGAIN LATER)".

Re:This is a nonstory

[Stickerboy]

I get why two-step authorization might not be clinically desirable, but why does it need to use the same key for encrypting the output that it uses for decrypting the input, other than to provide an excuse not to allow the patient to see his own info?

The patient, btw, has the greatest personal investment in a positive outcome, and while it's certainly plausible that they are not and will not study medicine and become a doctor, most people can afford to invest the time to become experts or near-experts in a narrow enough field - like the specific operation of the medical device implanted in their own bodies. Certainly enough to be able to say, "woah, that looks like something I should go see a doctor about right away."

Doctors are supposed to be knowledgable people who can interpret results and come to reasonable conclusions. Not opaque oracles pronouncing their decrees from on-high.

Patient care is always better when the patient is interested in helping themselves. I encourage patients to keep their own medical records. The way the system works does nothing to prevent that; any time a doctor reads his device's data, he should be able to get his own copy. What this guy really wants seems to be the tools to decrypt the working of his ICD/pacer, and the medical equipment company is understandably leery of such a request, since such tools are currently universal.

It's interesting you mention insulin pumps. Until very recently, it used to be the input and output were completely separate (and 2 separate devices). The output (data) from the glucometer was easily read by anybody, and there are wireless data gathering tools to help with that. The input (insulin pump) you had to change the function by hand. There is less security risk because these devices are all external to the body; the only thing that is actually inside is the insulin delivery needle. But FOR CONVENIENCE ONLY, there are several models coming out or already out which tie the two functions together wirelessly; i.e., the patient can either manually or automatically adjust their insulin pump based on the glucometer so it requires no physical input, which introduces a security risk for the patient.

This setup, by the way, can't work for permanent pacemakers. The leads run straight to the heart, so anything externally protruding is a serious infection risk.

Re:This is a nonstory

[hugooc]

Disclosure: I am a doctor, and I work with patients with pacemakers on a frequent basis.

After reading your comments, if you were my doctor you'd be fired.

If he wants a raw printout of the data generated, he should make an appointment, stop by his cardiologist's office, and ask the cardiologist.

HIPAA guarantees my right to see and get copies of my health records. My interrogation reports are part of my records, I'm aware of that. (I have every single interrogation report ever since receiving the device in 2007.) I am not after printouts. That is not data. What I am after is the raw data collected remotely by the manufacturer of the device. Even doctors do not have access to the raw data. All doctors have access to are the reports. Although doctors have 24/7, unrestricted, and convenient access to reports online and on their mobile devices. At the very least, I want the same level of access my doctor has to my remote monitoring interrogations. End of story.

Most don't; it's several hundred small pages of gibberish to an untrained eye, linked together like the old dot matrix printer pages.

Now I'm actually thinking you're not a cardiac electrophysiologist. The reports are never "several hundred" pages long. The full interrogation report for an ICD is rarely longer than about two dozen 8½ x 11 pages. And whether it's gibberish to the untrained eye is besides the point.

If he feels uncomfortable with having a machine in his body that he can't check out himself every second of every day, he can ask to have it turned off ("turned off" being simplistic) or for a surgeon to remove it. [Insert belief system here] didn't give him the pacemaker growing in him when he was born - he can choose to use it as designed or choose not to use it, which is a valid choice.

So, it's your way or the highway? Sorry, no deal. I choose to have the device AND its data. The ICD works and is paid for 100%. All I'm missing is the data. Nothing about me without me.

There are real potential harms to widely propogating machines that could decrypt the data; the exact same machines allow us to reprogram the device, including settings that could harm or kill the patient. The encryption IS the security on implantable, reprogrammable medical devices

I am not asking for the wide propagation of machines to decrypt data. I'm asking for the raw data collected by the manufacturer. Also, there's currently no encryption in these devices, as demonstrated by Dr. Kevin Fu of UMASS in his research.

Re:This is a nonstory

[bill_mcgonigle]

The encryption IS the security on implantable, reprogrammable medical devices; password, 2 step authorization or the like is not possible due to the existence of medical emergencies

So it's security by obscurity for a system that can kill somebody, remotely and wirelessly? C'mon, an Ask Slashdot could come up with a better plan than that!

Re:This is a nonstory

[mysidia]

So what happens when the central clearinghouse, or access to communications, goes down? The more complicated you make the interface for medical devices, the more potential points of failure you introduce when it comes to an emergency for any particular patient.

You issue a time-based certificate from the central clearinghouse, good for authenticating for READ-WRITE access to devices that trust the certificate for 21 days, and on day 7, you immediately start applying for certificate renewal.

Also, you provide a manual override / temporary "security disable switch" that disables authentication for a specified period of time and absolutely requires something that can only be done with intimate physical access, but is not required to grant READ-ONLY data access.

Re:This is a nonstory

Disclosure: I am an ICD patient. And if you were my doctor, I would fire you. You should know that we, as patients are not really given a "choice" in the implantation of an ICD. It's ICD or DIE. Which would YOU choose?

And why should I have to go through YOU for MY DATA? The data is already there, sitting on a server somewhere, after it has been collected from MY BODY. What if I can't afford an appointment? What if I can't afford a cardiologist? WHAT IF I CAN'T AFFORD TO HAVE THIS DEVICE REMOVED FROM MY CHEST (a procedure that is harder than it sounds, considering it has LEADS which have been SCARRED into my heart...) Does that mean that the device company has the right to continue to collect data from me and then refuse to provide it?

Re:This is a nonstory

Disclosure: I don't believe you are a practicing Doctor. I work on these machines in the Hospital.Once the data is downloaded there is absolutely no reason it can not be given to the patient. The whole "There are real potential harms to widely propogating machines that could decrypt the data; the exact same machines allow us to reprogram the device" is just pure crap. Accessing the device and giving the patient the raw data and reprogramming it are two completely different things.

That's like telling me that I can't know my checking balance because they would have to give me the combination to the bank vault.

Does this so called Doctor want us to believe that any real Cardiologist would even know or care how this technical device works. An EKG Technician would download the data and then present it to the very Busy Cardiologist to look at. No real Doctor even has time to post to a forum as this and a Cardiologist wouldn't work with pace makers on a "Frequent" basis but all the time. The "several hundred pages of gibberish" would present themselves as a waveform representing a "QRS" waveform and certainly a person should have the right to look at it and say "Hey Doc how come it looks different here" The whole use it or not or remove it is just more pure crap and the life or death is just more exaggeration.

There are always different levels of security; ie the lowest level can read only, and the higher level and change critical parameters.

Any real Doctor should be willing to show you the data and explain to you what is happening....
Doctor's haven't operated in an arrogant manner since the 1920's or 40's if your Doctor does then find another Doctor.

Always ask questions and Always get the data and test results; after all we are paying for it.

Re:This is a nonstory

[Stickerboy]

After reading your comments, if you were my doctor you'd be fired.

And I'd welcome it. I have more sick patients to deal with and little enough time than to spend hours focusing on the queries of a single recalcitrant patient who demands to stare at meaningless, asymptomatic 1s and 0s. As a doctor I support your principle of owning your own medical records. I don't have a problem with getting you the same reports I have access to, whenever you want to come make an appointment. I also don't have a problem with you gaining 24/7 access to the online reports that cardiologists receive.

What I question is your wisdom in what amounts to spending everyone else's precious time (our most precious commodity) just because either A) you want to make a point or B) you really are a hoarder of meaningless junk. If you're discounting the reports as data, then what you're doing is akin to asking for a copy of War and Peace, because you have "A Universal Human Right to A Copy of War and Peace". After I give you a copy of War and Peace and the Cliff's Notes for it, you throw them away and demand a copy of it in Russian, even though you don't speak or read Russian. And after I give you a copy of War and Peace in Russian, you throw that away and demand the original hard copy manuscript from Tolstoy because apparently you don't trust the Russian publishers.

I'm curious. How do you dine at any restaurant, without seeing a list of the ingredients in your meal, the validated shipping manifests of where they're sourced from, and the food handling certifications of every employee of the restaurant? Because your odds of landing in the hospital are a lot higher from someone at the restaurant botching your meal than the machines botching the interpretation of your ICD/pacer's raw data into recognizable rhythm strips. That meal you just ate? It goes into you, too, and becomes a part of you too.

HIPAA guarantees my right to see and get copies of my health records. My interrogation reports are part of my records, I'm aware of that. (I have every single interrogation report ever since receiving the device in 2007.) I am not after printouts. That is not data. What I am after is the raw data collected remotely by the manufacturer of the device. Even doctors do not have access to the raw data. All doctors have access to are the reports. Although doctors have 24/7, unrestricted, and convenient access to reports online and on their mobile devices. At the very least, I want the same level of access my doctor has to my remote monitoring interrogations. End of story.

And I'm confused. Once again, what exactly is this "raw data" to you? As a doctor, I have to wade through enough meaningless drivel in records already in order to cut to the point that will help my patient. You say below you're not interested in the report, which includes the raw rhythm strips to be interpreted by the device as well as the interpretations and how it acts on them. Well then...you lost me. It seems that at the heart of this dispute is the interpretation of what constitutes a reasonable fulfillment of the duty to provide you "with a copy of your medical records". If you came into my office and asked for a copy of your blood pressures from your office visits of the last five years, I'd fire up the EMR, generate a report of your blood pressures from your office visits of the last five years, and give it to you. If you came back and said, "I demand a copy of the electronic database file that those blood pressures are stored in, because I don't trust your EMR in interpreting the raw bits into numbers on-screen", at that point I'd throw up my hands and hope that you would fire me as a doctor, because you're frankly being unreasonable and wasting my time.

Now I'm actually thinking you're not a cardiac electrophysiologist. The reports are never "several hundred" pages long. The full interrogation report for an ICD is rarely longer than about two dozen 8

Re:This is a nonstory

Glad you're not MY doc. You can't really work with pacemaker users and know so little about ICDs -- or is that the case? ICD users want real-time access to alerts and to the same data the remote monitor sends to the EP's office. Get a clue here.

Re:This is a nonstory

Stickerboy, your "professional" response is nothing more than one long fallacious argument. First, you start with the ad hominem attacks ("recalcitrant... hoarder of meaningless junk"), then you move on to ridiculous straw men (War and Peace in Russian, dining in a restaurant, preposterous surgical requests, EMR database files)...I could literally spend all day pointing out the inanity of your post.

But no matter, no one here is requesting copies of War and Peace in Russian, or that you learn a new surgical technique for one and only one surgery...

What Hugo and others patients like him are requesting is this: a copy of data which already exists, which has been collected from our bodies, and which is certainly already databased by the device companies and analyzed on a regular basis. Data which may or may not be integral to our lives and deaths.

What do you care whether we can "read" it? That's none of your damn business. Most of your alleged patients probably can't read their own charts, but that doesn't mean you should deny them copies.

And what's it to you if we want the data? We're not wasting your time. Unless you count the time you've wasted on your ridiculous posts here on Slashdot. We wouldn't be wasting the device company's time, either, if they didn't put so much energy into fighting the request. They already have this data, it is most certainly already saved into a data file, and it is undoubtedly easily-accessible, so what's the problem with providing it?

About the only thing that you say in your post which makes any sense is this: "Setting up, maintaining, and running datacenters (or paying someone else to do so) costs. How much, I can't say, but it's not trivial. Doctors are subsidized for this system because we generate future revenue." I'm willing to bet that the $30,000+ pricetag of these devices (before leads) more than compensates for that. And as far as "future revenue" goes, keeping patients happy, alive, and willing to continue choosing your device company is well worth the investment. I received my device in my mid-30s, and any company which treats me well will be guaranteed to receive another $40,000+ every 7-10 years for however long I continue to live.

You say, "I don't have a problem with getting you the same reports I have access to, whenever you want to come make an appointment. I also don't have a problem with you gaining 24/7 access to the online reports that cardiologists receive." I shouldn't have to make an appointment with a third-party to get my information and data. PERIOD. And perhaps you should realize that we are not given the option of 24/7 access to the same online reports that cardiologists receive. The device companies use the same ridiculous paternalistic responses that you use in your arguments. And you wonder why we device patients don''t "trust" them?

Finally, you say, "I could care less if you did get your hands on the original Tolstoy manuscript." A little syntax lesson: it's COULDN'T care less. Unless you really COULD care less, which would be downright pathetic and odd, considering the rest of your post.

Re:His doctor should be entitled to the data, peri

[cdrudge]

That could explain his curious increase in strength...

Re:he wants to hack his own heart

I was thinking along the lines of Gattaca. "Jerome, Jerome, the metronome."

Re:If the data is being "wirelessly" transmitted..

...it is available to anyone with a receiver.

If and only if that receiver is within 15 feet of the device, according to the makers of my ICD (Medtronics). The wireless feature has a deliberately limited range; I have to use a magnetic pickup every 90 days to provide a detailed report to my cardiologist -- and he makes all the information available to me whenever I ask for it. For that matter, my primary care physician puts all my test results on a web-based system that's as secure as my banking or shopping software, which is to say that it uses SSL for full encryption and accounts have to be created by the doctor, not the patient. Not all healthcare providers treat their patients like children...

podcast of Karen Sandler speech about medical devi

[MCRocker]

More from Karen Sandler... IT Conversations has an interesting podcast featuring Karen Sandler talking about her efforts to get source code for her defibrillator.

If you have access to the actual data.

We cant sell you a bunch of bull shit.

nothing new

http://www.youtube.com/watch?v=5XDTQLa3NjE

Re:His doctor should be entitled to the data, peri

"I don't see how that would help a paranoiac."

Who said they were actually there to help him, huh?

I call shenanigans!

[tickticker]

I've had 5! Count 'em 5 ICDs. When they do the reading, you can always get a copy of the readout. They print them up, and clear the memory.

Every time, without exception no matter the technician, over the course of at least a hundred of these data dumps did I NEVER get a copy and I still have quite a few of them. They even go over them with you. You do have to have a modicum of cardiac AND electric knowledge or it's pointless of course. I have plenty of both so it wasn't an issue. EVER.

Re:I call shenanigans!

[tickticker]

First sentence second paragraph makes my head hurt on reflection.

Re:His doctor should be entitled to the data, peri

[rohan972]

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Since psychiatric diagnoses are used to detain and forcibly treat people I don't see how it can possibly be justified to deny patients the same access rights as anyone else. Especially when they are not in an acute stage of their illness.

Re:His doctor should be entitled to the data, peri

[kenorland]

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

It is not the doctor's job to decide what's "better" for a legally competent person. For example, a doctor may guess that a medical test result may make it likely that a patient will commit suicide, but the suicide is the patient's choice and the doctor has no moral right to interfere with it.

Wants to open himself to a DOS attack

The outcome will be a the Blue Skin of Death.

Re:If the data is being "wirelessly" transmitted..

[TheCabal]

I had a similar problem with my wife's insulin pump manufacturer. The unit is controlled by a wireless PDA. I read everything I could about the unit, but as a penetration tester, I was concerned that their security was not up to standard. I emailed and phoned the company, who flatly refused to disclose the details of their wireless technology or how it was secured. I even offered to sign a non-disclosure agreement. They just said "trust us, it's really complicated stuff". Fast forward a couple of years, and it appears that someone has indeed, broken their layer of obscurity. I've seen papers detailing how it may be possible to send commands to the pump to deliver the entire insulin reservoir. I again contacted the company, one of their managers answered "Who would want to do a thing like that?". I guess he never heard of 'For the Lulz'.

Re:His doctor should be entitled to the data, peri

I can see your little mind bouncing around the paradigm we set for it, kind of like an 1980 Atari Pong,
where we supply the paddles and you're that little white square. Yes we did start this idea that
people can have their medical records withheld from themselves in psychiatry but we have since
expanded this concept.

  Our basic premise is, you can not know better than our specialists and you should not have the access
to even attempt it. This is why we have made access to medical journals unaffordable to read
for the general public. Unaffordable unless you're willing to pay $1500 for a yearly subscription or
$35 per article. Incidentally did you know we author most of what you'll find in there ourselves and
in many cases we even reserve this information to medical professionals in the first place so you can't
get it unless you're certified regardless of how much you are willing to pay.

Here I'll toss you a freebie, statins cause diabetes and accelerate arteriosclerosis. We admitted
that in our publications this summer but we'll tell you to keep taking them because they're good for you.
We have a plan for you and it isn't pretty but has to be done. The less you know, the less you will make
a fuss.

Re:If the data is being "wirelessly" transmitted..

OMG to state that somehow someone could capture the WIFI data (Cypher text ) then get the actual data ( Clear text ) and then use that to reverse engineer the device and then affect someone else's implanted medical device is ridiculous and sounds more like a late night Science Fiction movie more that logic. I suggest actually learning about encryption before making such a statement. What makes you believe that the device actually transmits WIFI? Do you really believe that every implantable pacemaker patient is also a WIFI hot spot ???? WIFI data is WPA or WEP encrypted and the actual device data is encrypted differently.

I am embarrassed.... Having the decoded message ( clear text ) and the Cyper text does allow you to decode future messages... Obviously the "public key" technology is not known here.

Moderator: You should check this before stamping this Insightful.

Re:If the data is being "wirelessly" transmitted..

The poster obviously has no idea of cryptography. I suggest listening to the podcast Security Now to get an idea if you can't attend a local college.

The Device May be a product of Scientologists

[Timtimes]

If so, then it is going to be copyrighted down to the last bit. Can you imagine the fuss it would cause if somebody found out they were being kept alive by broadcasts emanating from the inner planetary broadcasting XENU channel? Enjoy.

OT/ Re: sig line "NoScript"

[davidwr]

Slashdot is unusable without noscript.

If you aren't logged in, you are absolutely right.

At least "classic" mode gives you some of the usability of the older user interface.

OT: Organ donation

[davidwr]

donating a kidney (Which I did recently.)

On behalf of everyone who has needed or who may need a donated organ, let me say THANK YOU.

Well, from the hospital's point of view

[davidwr]

The bill of rights doesn't say you are entitled to such records immediately.

I wonder how long before they update their paperwork to clarify that most of the right you have can only be enforced during normal business hours.

Demo hacks at Defcon (2008) and Black Hat (2011)

[tlambert]

What part of "wireless" implies WiFi frequencies or protocols? The Medtronic Minimed Paradigm insulin pump, and the Deltec Cozmo, Animas Ping, Insulet OmniPod, Accu-chek Spirit Combo, and Sooil DiabecareIIS pumps all communicate wirelessly (one via infrared) and a couple will adjust dosing automatically based on an unencrypted wireless signal from a glucose meter (basically: lie about the glucose level to the pump until it empties its 200 dose unit cartridge into the wearer, or lie about it so they don't get any insulin whatsoever).

http://www.startribune.com/business/128427593.html?refer=y
Demonstrated at Black Hat in 2011: wireless forced shutdown of the device.

http://venturebeat.com/2008/08/08/defcon-excuse-me-while-i-turn-off-your-pacemaker/
A similar turn-off attack on Legend RF controlled pacemakers was shown at Defcon in 2008, and which demonstrated the ability to pull out HIPAA protected information from the device itself, including the identity of the patient, the doctor, the diagnosis, and the pacemaker instructions.