Slashdot Mirror

← Back to Stories (view on slashdot.org)

Patient Just Wants To See Data From His Implanted Medical Device

Posted by timothy on from the crazy-hippie-pirate-moocher dept.

An anonymous reader writes "Hugo Campos got an implanted cardiac defibrillator shortly after collapsing on a BART train platform. He wants access to the data wirelessly collected by the computer implanted in his body, but the manufacturer says No. It seems weird that a patient can't get access to data about his own heart. Hugo and several medical device engineers are responding to live Q/A on Sunday night on such topics via ACM MedCOMM webcast at ACM SIGCOMM."

12 of 262 comments (clear)

  1. Unsurprising by girlintraining · · Score: 5, Insightful

    It seems weird that a patient can't get access to data about his own heart.

    No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body, or any of the parts implanted in it... it's all covered by a patchwork of patents on genetic materials and derived medical uses. You should be careful with yourself... it's a felony to damage government property... Or was that corporations? I confuse the two so much these days... (-_-)

    --
    #fuckbeta #iamslashdot #dicemustdie
  2. Re:Is it worth it? by Forty+Two+Tenfold · · Score: 5, Insightful

    a) Would he understand what the data meant?

    Maybe not, but maybe he wanted to get (n+1)th opinion.

    b) Maybe the software and what not is proprietary?

    But he doesn't want the 'ware. He wants the data it produces.

    Just some thoughts that come to mind

    In this case those are gross overstatements.

    --
    Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  3. Re:Is it worth it? by sumdumass · · Score: 5, Insightful

    But he doesn't want the 'ware. He wants the data it produces.

    I suspect their refusal to allow access might be along the lines of hiding from potential liability if the product reacts or behaves improperly at any time. Imagine a grieving widow who discovers a pattern in the data where the device takes 3 minutes too long to respond properly every 500 or 1000 times it stimulates the heart or the input says it should.

    You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor. Perhaps they are worried the control signals would be discovered and after a trip to an electronics store, the widow could be celebrating getting rid of her husband instead of grieving? I see no other reason for keeping it hidden other then to avoid liability or stop potential abuse.

  4. Re:Is it worth it? by fuzzyfuzzyfungus · · Score: 4, Insightful

    Not to sound against it, but
    a) Would he understand what the data meant?
    b) Maybe the software and what not is proprietary?

    Just some thoughts that come to mind

    a) He certainly isn't going to have a better chance of understanding the data if he isn't allowed to see them... Would I be polishing my 'I told you so' reflexes if he decides to do a bit of amateur reprogramming? Sure. Does denying somebody access to even view data because they might not understand it make sense? About as much sense as keeping books away from children because they aren't yet literate...

    b) Given that the manufacturer won't disclose it, it apparently is proprietary. That's sort of the entire issue. We have now(and, barring exciting economic apocalypse of some flavor) and will have in greater numbers and in more significant capacities, a population for which 'binary blobs' are inside their bodies, not their laptops. Some of them don't like this.

  5. Re:Is it worth it? by maxwell+demon · · Score: 4, Insightful

    But then, the refusal itself could be construed as indication that something is wrong with the device, because otherwise, why hide the data?

    --
    The Tao of math: The numbers you can count are not the real numbers.
  6. Re:This is illegal under HIPAA. by tomhath · · Score: 4, Insightful

    True, but there's no definition of "data" in HIPAA. Suppose you get a cholesterol test, all you see is the final number, not the inner workings of the instrument that made the measurement. If they're recording the measurements and making them part of a medical record I agree that should be shared, but this is less clear.

  7. Re:If the data is being "wirelessly" transmitted.. by tlambert · · Score: 4, Insightful

    If it's encrypted, then this would give them access to both the cyphertext and cleartext of the data, which is the essentials of what you need to reverse engineer the cryptography.

    Now ideally, the control and reporting cryptography would use different keys, but there is only so much code you can fit into a small embeddable medical devices, and it's likely they are the same code, if not the same key pair.

    In this case, it's reasonable to not give samples of both sets of data out to prevent reverse engineering of the control channel which could then be used on someone else's implanted medical device.

  8. Re:Is it worth it? by reve_etrange · · Score: 5, Insightful

    You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor

    You already have a right to all of your medical records. I don't understand how this data is not a "medical record."

    --
    .: Semper Absurda :.
  9. Re:It would be illegal under HIPAA to give it out by profplump · · Score: 4, Insightful

    If the information is common to everyone with the same implant is it, by definition, not personally identifiable or private health information. Disclosing the existence of patient Q to patient R, or visa versa, would be a violation. But merely telling either of both of them independently that they have their implant set to "Mode B" is not, just as telling patient Q that he has a heart rate of 79 is not a violation if patient R happens to also have a heart rate of 79.

    Also, even if there is some private data that needs to be hidden, it's entirely possible to design a crypto system that's secure against known-plaintext attacks. Almost are modern crypto systems are; you'd have to do something dumb to not get that feature from any common crypto library.

  10. Re:Is it worth it? by Dunbal · · Score: 5, Insightful

    You don't get to peek inside your machine to see for yourself it's a good one, just like the airline will not let you take a wrech to the jet engine or even kick the plane's tires.

    I have one of these devices since last year after my (4th) heart attack. I am also a physician, so I would understand the data. But honestly I don't see the need. When I go get checked up, the Boston Scientific staff are more than happy to explain anything I ask - and I do ask some detailed questions. I am quite sure that the device and its software are proprietary and also trade secrets of the company.

    But there's another reason: Honestly one shouldn't go around tinkering or "hacking" an implanted device. They come with limited battery life - most of which is covered by warranty (if my battery runs out before 10 years I get the device replaced and the procedure paid for by the company, anywhere in the world). Radio signals require energy, asking the device to read its cache requires energy, and the manufacturer would be put in a position where it might have to cover a warranty on a battery that didn't fail because of design, but because of tinkering. They can hardly say "no" and let the patient die. That, and of course what if the "hacker" manages to mistakenly change the machine's settings so it's firing inappropriately, draining the battery within days, or better yet firing and triggering a lethal arrhythmia. The company would be blamed (at least initially) for a "faulty" device. It's bad business, and I understand it.

    I really don't feel like playing with my implant. I really don't feel like paying for someone else who wants to play with their implants, in the form of increased costs because the company has to set more aside for liability. I selected my device after both research into the company, the model, and this type of device as a whole. And my cardiologist's opinion. And a 2nd opinion. You can look at the statistics for the device, compiled in a scientific manner, and compare it to other devices, and that's it.

    --
    Seven puppies were harmed during the making of this post.
  11. Re:Patient Bill of rights.... by VortexCortex · · Score: 5, Insightful

    This anecdote is not so that I can say I am an old cantankerous fart, it it to illustrate that even though people have rights to information, the ones that hold the information feel compelled not to give it up. THis is true with software, medical data, music... I don;t know where this attitude comes from.

    Emboldening mine. I know where the attitude originates, and so doe Sid Meier...

    "Beware of he who would deny you access to information, for in his heart he dreams himself your master."
    - Commissioner Pravin Lal, Alpha Centauri

  12. Re:You also have the right to *not* be a dick. by Chris+Mattern · · Score: 5, Insightful

    a little speech about how civilized people act in a civilized society.

    Odd, I was thinking about the same thing. Except that it's the receptionist who needs that speech, not the poster. The poster wanted nothing more than that the reception spend literally a couple of minutes getting what he had a clearly documented right to have. Three cheers for the poster! If more people would refuse to put up with bureaucratic bullshit, the world would be a much better place. I hope his son grows up to be just like him.