ACTION ALERT: Your CPAP data is being held hostage - ACT NOW!

[FozzyDaBear]

It's a tough situation. Remember it's clinical data unencrypted on removable media (meant to be transportable). The only way for a doctor to see some patients' data might be through the SD card. My Resmed Airsense 10 hasn't had a cellular signal since April 7 so I can't see any recent data through the MyAir website. If I had to see a doctor, I'd have to take my SD card. If my doctor's office lost the SD card and my data was exposed, could Resmed get in trouble for not having the data encrypted? Lawyers and privacy teams would have to figure that out.

Not sure what the best solution is between a balance of patient access and security.

[SuperSleeper]

It's really not a tough situation to understand, really.

Here's the main issues: 

1)  Regardless of any supposed "security" measures (encryption) required by HIPAA or other regulations, any and all data on my own CPAP machine should be immediately available to ME (as a patient) via some easy-to-use system of decryption (they should provide the encryption key to the patient).  There is no security risk when I connect my own SD card to my own personal computer and no network security risk because nothing transfers over the airwaves and no data goes across the Internet when I download the data off my SD card onto my computer.

2)  Instead of giving me direct access to my own data, Philips is attempting to use my data to generate cash-flow via their "partners", as has been described in post #4 of this thread.

Both of these issues result in a direct attack against patient empowerment and this trend is absolutely unacceptable.

Solution:  Philips should either drop the encryption, or give patients the key to decrypt their own data.  And, they should stop trying to monetize something that they do not own (our data).

Very simple.

[Cam12]

My email to Philips-Respironics. Feel free to copy all or portions if you’d like.

Hello,

I am writing to express my concerns regarding the recent decision by Philips-Respironics to encrypt CPAP therapy data, beginning with the Respironics Dreamstation 2 CPAP models. Based on my sources, Phillips-Respironics has introduced data encryption that, if introduced across the industry, would prevent me as a patient from being able to directly access, view or analyze my CPAP data. 

This development is very concerning to patients who utilize this data to augment their participation in healthcare decisions and, in many cases, to improve their healthcare outcomes through early identification of clinically-important CPAP data that would, in most circumstances, be overlooked by busy sleep disorder clinicians. As such, if other CPAP models from Philips-Respironics and/or other manufacturers introduce data encryption that limit patient’s access to data, this will severely limit patient’s participation in their own healthcare and likely contribute to poorer healthcare outcomes.

I don’t believe that Philips-Respironics would support or, benefit from, such outcomes and would, instead, desire patients to be involved as much as possible in their healthcare and not limit their access to their healthcare data/records. I also believe that Philips-Respironics would not want the lack of patient access to CPAP data to become a major factor in patient’s decisions as to which CPAP manufacturer to purchase CPAP machines and supplies from. Based on encryption of data and lack of patient access to that data I, currently, would not purchase a Respironics device.

My hope is that there is a win-win solution here: that the drivers of the software changes that entail encryption can be aligned with the needs and desires of patients who use your products i.e. full, easy access to their CPAP data and full engagement in their healthcare.

I appreciate your time today and maintain hope that CPAP patients, like me, and manufacturers, such as Philips-Respironics, will continue to work cooperatively towards a mutually beneficial outcome. I look forward to your response.

Sincerely, 

[SuperSleeper]

Great email, Cam12 !

[SevereApnea]

PATIENT EMPOWERMENT AND INCLUSION.

Warning: A potentially offensive post containing sensitive material. Feel free to moderate!

From the Philips Website: PHILIPS STRATEGY

[attachment=41968]

How very considerate of them! I can just smell the "suits" coming down the passage from their vaunted Boardroom.

This is not a war, merely a Special Operation to "help" our customers to address their healthcare challenges.
Therefore, we do not need to abide by the Geneva Convention or other value systems, least of all  bother patients in their own decision-making process.

(Forward unbridled rape and plunder.)

THE FUTURE OF MEDICINE AS ENVISIONED BY PHILIPS

Password protected = Philips

Surely this is not progress or in line with Patient Inclusivity in the Modern Era?

In the end what is right will be wrong and what is wrong will be right. The end is getting closer.

[SevereApnea]

Warning: A potentially offensive post containing sensitive material. Feel free to moderate!

From where I stand there are two groups of people on xPAP therapy. 

1. Those who depend on DME/equivalents for treatment, Philips equipment supplies, insurance compliance and DOT licensing issues. These are the ones Philips are targeting and trying to hold hostage. The sooner this group is made as small as possible the better.

2. Those who do not. I find myself in this camp. I suspect this is a minority group.

We do need to be careful to find a balance between standing up against this intended bullying/reversion back to an antiquated model of medical care, and to be seen to somehow help with compliance issues. Especially for those who depend on Compliance for driver's licences and other legal issues. We should not be held hostage. 

But for those of us who own are not in the same boat, we should lock them out of our data.

I only ever take a copy of the SD card to my CPAP visits. They do NOT need to make any changes to my settings on the machine itself. I do that. 

My Vauto modem does not work here in Oz. Cool! 

My AirSense 10 Autoset For Her modem does work in Oz: I will have to disable this in case ResMed get any funny ideas. 

Disable your Modem for ResMed 3:41.

Is there something similar that Philips customers can do?

No new sleep apnea customers should accept any CPAP machine from Philips.

In the end what is right will be wrong and what is wrong will be right. The end is getting closer.

[Lazer1234]

Information and a link to this thread have now been shared with Sweden's 2 largest forums for sleep apnea with 5,400 members. There are members from the board of both resmed and philips, as well as employees at most sleep clinics.

We continue with personal emails to decision-makers in our healthcare regions and to journalists.

[SuperSleeper]

Awesome.  Thanks so much!

Also, not sure why I didn't think of this before, but I shortened up the automatic URL even more (by dropping the ".htm" off the end of the link).

So you can now refer automatically to this thread using the following shorter link:

www.ApneaBoard.com/alert

Note:  the old link still works as well:   www.ApneaBoard.com/alert.htm

[cathyf]

Do we have any expertise on laws about patient ownership of their data? Particularly the US & EU, and also  the rest of the world? (The EU has particularly stringent privacy laws, while HIPPA guarantees patients reasonable access to their data.)

About 6 months back the RT at my DME said to me something along the lines of I don't need to read my data because they can print out any reports for me. I didn't respond well to that (ok, I rolled my eyes...) but later when I thought about it I've been toying with the idea of going back and asking for a specific report. Or better, put it in writing:

Could you please print out a report for that night when the machine repeatedly reported a respiration rate, and tidal volume, and minute vent, all of zero for extended periods, while over these time periods the machine was recording flow rates showing clear inhalation and exhalation at 10-12 breaths per minute. During these periods the mask pressure was recorded as constant even though EPR was set to 3, which is the behavior that the machine shows during a detected apnea. These periods were all over 10 seconds long, but no apneas were flagged during any of them.

During two of those intervals, the machine powered itself off, once for 55 seconds, and the second time for 2 minutes and 52 seconds. At each of those power-offs, the machine powered back on at exactly the same pressure it was registering when it powered off (as opposed to coming back on at the minimum set pressure, which is the proper functioning of the machine.) The 55-second power off did NOT generate a new session, while the 2:52 power-off did. The ironically-named "Smart Start" feature was disabled.

During all of these periods, the machine calculated and reported excess leak rates between 6-11 L/min, well below the 24 L/min "redline". ResMed's patient-gaslighting app, named MyAir, scored leaks as excellent, giving 5/5 points for the night, and the machine itself reported a smiley face on the front panel.

Please provide these reports over 4-minute intervals.

What I have are recordings of me breathing in ways that the machine is not programmed to respond to, and it clearly records itself responding by powering itself off.

A few days after this night, I had an appointment with the major medical center specialty sleep center. I brought them my data card which had all of this information faithfully recorded on it. A specialist analyzed the recorded data, and the sleep center charged this as a separate line item and they were paid $82.66 for that analysis.

The specialist did not notice any of these ominous events at all. Because the "specialist" didn't look at the raw data, and only looked at the results that the ResMed reporting software outputted.

While the machine records the raw data which it uses as inputs to its algorithms, the ResMed analysis programs only report the analysis that those algorithms understand are important.


No provider has the resources to process raw data into analysis, and the standard practice of sleep medicine ignores the patient and the patient's raw data, and merely reports the analysis outputted by the machine manufacturer's software algorithms.

The manufacturer's software reporting system is designed only to report on the patient's obedience to the provider's instructions. The software does not report when the machine fails to treat the patient successfully, because according to the fundamental principals of "sleep medicine" success vs failure of treatment is defined as obedience vs disobedience of the patient. "Treatment" has nothing to do with the mechanics of airflow, pressure, respiratory drive, etc. If the patient wears the mask for the specified amount of time, then the treatment is "successful."

The fundamental "principles" of sleep "medicine" are, of course, ludicrous. So the only way that the patient has to know if the patient's sleep-disordered breathing is actually being treated is if the patient reads and analyzes the patient's own data.

Because no one else can afford to care.

[mesenteria]

Cam12 -  "...I am writing to express my concerns regarding the recent decision by Philips-Respironics to encrypt CPAP therapy data, beginning with the Respironics Dreamstation 2 CPAP models. Based on my sources, Phillips-Respironics has introduced data encryption that, if introduced across the industry, would prevent me as a patient from being able to directly access, view or analyze my CPAP data...."

I like the tenor and tone of the quoted text, but I hope you won't mind a suggestion:

Instead of, "...from being able to directly access, view, or analyze my CPAP data..."  I would suggest this: 

" ...from being able to access and to interpret the machine's recorded data of my sleep, and thence to modify the therapy when changes are necessary.  As examples of needed changes, people travel, and during travel to different climates and elevations, the machines' therapeutic delivery changes.  They need adjustments which the user must be able to effect themselves, free of the encumbrances that encryption might impose on them."

This is a lot wordier, but it provides those with the interest much more important context about why this is an issue worthy of note.