I recently got diagnosed with a condition (sleep apnea) which means I need to use a machine (CPAP) to have a proper sleep, probably for the rest of my life. The doctor wanted me use the device for a few months, and bring the “report” generated by the device to monitor my progress and discuss further treatment.
Sure, a report generated by the machine, it can’t be that complicated? - I thought - Access local server like a printer and download files - I guessed. However, as I consulted to the device distributors in my area… their sales pitch (disregarding the actual medical functions) were:
A) The machine is constantly connected via wi-fi or cellular to manufacturer('s server), and user only has to login to download the report file. User can also install an app for that. How convenient. /s
B) The machine has an SD card slot to which data is copied, but user have to bring its contents to the authorized distributor so they can convert them into a report file. You can send them by email. Wow. /s
Either choices seem like a nightmare to me.
Option A means it’s constantly phoning home. Who knows when it will be hacked? Of course the distributor will happily enter all my private info into the system without any fucking care. Of course they’ll redirect all inquiries to legal department. Of course the goddamn MBA suits were thinking “with this cloud shit we can have medical records for doctors and user data for sales! two birds with one stone baby!” while snorting cocaine up their buttholes.
Option B seems a little better, except that if I were to believe the poor salesman (who’s probably being paid to repeat whatever the training manual said) the contents must be in a proprietary/binary format which needs a specific program to convert it into a pdf or docx file for all I know.
I’m not even mad at this point. At the point of sounding like a cringe gamer youtube channel, I NEVER ASKED FOR THIS. I didn’t choose to have a condition that needs a machine to properly function in society, and for all I know of cybersecurity trends and willful negligence by both private and public institutions worldwide, this will end up badly. I bet healthcare-insurance companies in the US are already salivating at the trove of data.
Anyone on a similar situation like mine? I always felt healthcare institutions were always lagging heavily behind latest tech trends, but this is something that I am now facing personally, too.
Speaking of which, does anyone have more info on the specific situation I am facing? The manufacturers offering Option A is ResMed, while Option B are BMC or Yuwell. I’m about to go for Option B which means “lesser quality” chinese brands, but at least it’s not phoning home. Problem is the “SD card to report” part.
Is there no longer an option to use the machine without the report or connection to internet?
Considering that, but the doctor needs the report so my condition can be treated in a proper way. I need to contact more distributors and see if there are any “customer privacy conscious” kind, but I’m not getting my hopes up.
I’m not familiar with the companies mentioned, but have you tried talking to the doctor or the clinic? They may be able to provide you with better guidance, or tell you about other machines that are compatible with your treatment plan. Even if they don’t know about the privacy aspect, that might give you a shorter list to follow up on.
My guess (or hope) is that this is the option that the average person finds convenient, which is why the doctor recommended it. There should be other options that the doctor / clinic knows about, especially because an IOT CPAP machine is a fairly new thing.
Doctors modify treatment plans fairly often, even for things like patient comfort, and bringing this concern to their attention could also change what they recommend to future patients.
Personal thoughts unrelated to your case: This is a growing concern with healthcare technology and I think we need more attention on the harms. “Your insurance company will use it against you” is something that most people will understand.
That’s right. I will email the doctor and ask if any other patients have expressed concerns about it.
Can you order a GDPR-compliant one from Europe instead, or an older brand?
Too expensive. There’s an import tax I have to pay if I ordered anything abroad, and the devices price in general are high enough to hurt my wallets even more. Older brands can’t be acquired from stores, and “not supported” if I bought a used one, I was told.
What would a hacker even do with it? They would… maybe know how often you stop breathing at night?
The nature of his medical condition isn’t relevant here. It could be his blood pressure, heart beats, whatever that makes an insurance company charge a premium on that poor sucker.
CPAP machines only do one thing.
I get your message, but I was not referring to the machine. I was referring that the what kind of data logged by the machine didn’t matter in the context of privacy.
The kind of data logged by the machine is how often they stop breathing, and how long they sleep. That’s literally all it does.
You can’t be concerned about the data it transmits and also say the data it transmits doesn’t matter in the context.
It’s not the collected data itself that’s the problem you dipshit. Don’t you know that distributors often make customers sign contracts at lease or purchase for warranty and tie that customer data along with statistics? You must be fun at parties.
I am fun at parties. I actually go to them. And I don’t worry about things like how much my freaking CPAP machine is spying on me lmao
No sense talking to a chatbot taking things literally at face value.
So what? I post concerns about user privacy on a privacy forum and this is what I get? A gatekeeping comment about how my concerns are overblown? Way to promote the platform.
Ok. What privacy exactly are you concerned with?
Here’s something tangentially related that makes it difficult to find older options, the support. In the US a piece of medical device has to be supported for 7 years. My hospital has these bladder scanners that are in quite a few departments, regular fixture in hospitals (ultrasounds). Jan 1 2024 was when our came up on the 7 year mark. To do preventative maintenance calibration required logging on their server, guess what’s no longer accessible? So to stay in compliance all of us in the biomed department has to figure out how to get new ones to replace the 10 $11k each paperweights we have now.
I found some older models around my area, but are all used and not very clear on what functions are still supported. I wish companies were more open about those things.
Well fuck I’m suddenly looking at my pacemaker and the little box that sends the messages to the doctor with much more suspicion now.
As another has commented, medical devices (and especially pacemaker systems) are well regulated, such that misuse or illegal re-selling of patient health data is not worth it for most companies.
Cybersecurity is a big topic in the industry now and life-sustaining systems are scrutinised much more closely these days. I wouldnt be worried, but you can ask the company directly if you are still concerned.
I have and use a resimed that does the phone home option. Once my doctor got what he needed I put it in airplane mode.
Distributor used the stats while I was reporting to call me and tell me I need new filters or other parts. I lol’d and bought them online for way cheaper. They stopped trying even before the doctor got all the data he needed.
Also, AFAICT it’s only data out, so I’m not worried about some exploit being delivered to the machine.
Final thought: I work in med tech. We have better security than credit agencies because we get fined more if we screw up. Personal data leaks are so common no one even cares anymore, but leaking someone’s medical info will shut a company down. You are likely safe, but ultimately never as safe as a “dumb” machine would be except they just don’t exist anymore.
Actual final thought: you will be amazed at how much better you feel every morning after actually sleeping instead of the dirty pseudo sleep you’re currently getting.
I thought it was data out only too, but at my sleep apnea orientation was told (and I double checked that they really meant it) that they could also tweak settings remotely. ResMed. Always possible that they had misunderstood something too, of course.
Thank you. I asked some acquaintances in health industry and received similar answers.
I’ve used a ResMed Airsense 10 for years now, and I too have always been unhappy with its phone home features, and the way it has limited info for users so they have to go to a provider. I shouldn’t have to cough up extra for an appointment to get access to all of MY data from a machine that I OWN.
I would love to find an alternative.
How have been your experiences dealing with the provider? From what I’ve been asking, the provider “offers” the cloud or report-generating function for the duration of device’s warranty. That means acquiring used devices are out of question, at least officially speaking.
What about rental programs, OP? You can try one for a month and see what models suit your needs.
Considered that, but I got tight budgets to run around. I want to avoid spending more than I should. But thank you.
Just use OSCAR to get the data locally from the SD card.
https://www.sleepfiles.com/OSCAR/
Learn more about the machine and do your own management as well. It’s very easy to get into the machine settings to control your air flow, temperature settings, and so on. Take the time to learn what the data from the machine means.
Just like the other commenter, thank you for the link. I should find one of the models available listed in there.
I currently use a Resmed Airsense 10 and can’t recommend it enough; best sleep I’ve ever had.
Just avoid anything by Philips Respironics. They’ve been messing around hard, class action suits and recalls and haven’t really made anyone whole from the debacle (myself included, I came out of pocket to replace my old Dreamstation).
Yes, I read about the recalls. In fact the local distributor that used to deal with Phillips had stopped doing it for the same reason. Thanks for the warning.
Hey, check out the resmed airsense 10 autoset card-to-cloud version. It’s a lot cheaper and has no cellular connectivity, no wireless module. I just found out about it tonight, thinking of buying one as a backup machine. Looks like it ticks all your boxes.
CPAP.com has a starter bundle for it right now for $400.
