How to limit data sharing

[NoName9]

If you are that concerned simply remove the modem. It is an easy procedure that takes no more than a few minutes. You can then take your SD card to your doctor along with your laptop and run OSCAR to show them compliance. Not every doctor will accept OSCAR, so you may be stuck with the ResMed cloud if you want insurance to pay for things. 

The simplest thing to do is pay for your CPAP equipment and supplies out-of-pocket. No one then can see your data except those you choose to share it with e.g. this forum or others.

I just found ResMed's "privacy" notice online.  This is appalling.  How is this legal?  Aren't they bound by HIPPA?

We may collect the following categories of Consumer Health Data from you: 

• Health conditions, treatments, diseases, or diagnoses 
  
  
• Social, psychological, behavioral, or medical interventions 
  
  
• Health-related surgeries or procedures 
  
  
• Use or purchase of prescribed medication 
  
  
• Bodily functions, vital signs, symptoms, or measurements 
  
  
• Diagnoses or diagnostic testing, treatment, or medication 
  
  
• Biometric information 
  
  
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies 
  
  
• Information that could identify your attempt to seek health care services 
  
  
• Any inferences of the above categories of health data derived or extrapolated from non-health information
  

We may share each of the categories of Consumer Health Data listed above with the following categories of third parties:

• Affiliates, subsidiaries and business partners. We may disclose your Consumer Health Data to our affiliates, subsidiaries and any company owned or controlled by ResMed. ResMed also partners with other businesses to offer products and services and we may disclose your Consumer Health Data to those business partners.
  
  
• Vendors and service providers. We may disclose your Consumer Health Data to vendors and service providers who perform functions and provide services on our behalf, such as IT support services and website hosting, marketing and marketing research providers, customer support, data storage, data analytics providers, auditors, consultants and legal counsel.
  
  
• Healthcare or home medical equipment providers. We may disclose your Consumer Health Data to healthcare or home medical equipment providers whose use and disclosure of the Consumer Health Data is limited to flagging whether the machines they monitor are registered with the Service, unless you consent to share additional information.
  
  
• Business transfers. If we or our affiliates are or may be acquired by, merged with or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose or transfer the Consumer Health Data we have collected from you with or to the other company. We may also disclose certain Consumer Health Data as necessary before the completion of such a transaction or other corporate transaction, such as a financing or restructuring, to lenders, auditors and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
  
  
• Compliance and legal obligations. We may disclose your Consumer Health Data in response to legal processes, including if our legal or compliance obligations require us to do so. For example, we may disclose Consumer Health Data in response to subpoenas, court orders and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
  
  
• Security and protection of rights. We may disclose your Consumer Health Data where we believe doing so is necessary to protect our Services, our rights and property or the rights, property and safety of others. For example, we may disclose Consumer Health Data (1) to prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities and misuse of the Services, (2) to respond to situations involving potential threats to the health, safety or legal rights of any person or third party or (3) to enforce, detect, investigate and act in response to violations of our Terms of Use. We may also disclose Consumer Health Data related to litigation and other legal claims or proceedings in which we are involved and for our internal accounting, auditing, compliance, recordkeeping and legal functions.
  
  
• Aggregate and de-identified information. We may use, disclose and otherwise process aggregate and de-identified, pseudonymized and anonymized information related to our business and Services with third parties for quality control, analytics, research, development and other purposes.
  
  
• Health trend data. You may consent to providing health trend data (for example, trends between your therapy usage and health data) by syncing the health app on your device with your myAir app. If you consent to the sharing of such health trend data from Google Health Connect, the use of the information from Google Health Connect will adhere to the Google Heath Connect Permissions Policy, including the Limited Use requirements. Health information from Google Health Connect will not be disclosed to marketing and analytics providers.
  
  
• Other disclosures. We may disclose Consumer Health Data to others and in ways not described above and will notify you and/or obtain your consent to the extent required by applicable law.
  

[SakimaStorm]

Yes, a privacy nightmare.

Definitely get a 10 without the cell modem. Or get the regular 10 and disconnect / remove it. I removed mine from the AirCurve 10 (same body as the AS 10) and it is really pretty easy. You can find videos and/or instructions online.

My doctor was fine reading the card for my initial 3 month compliance visit. And since then I send him reports from OSCAR (overview and daily) once a year before our scheduled visit. He loves how much more data OSCAR provides than the software he normally uses.

[NoName9]

Yes, a privacy nightmare.

Definitely get a 10 without the cell modem. Or get the regular 10 and disconnect / remove it. I removed mine from the AirCurve 10 (same body as the AS 10) and it is really pretty easy. You can find videos and/or instructions online.

My doctor was fine reading the card for my initial 3 month compliance visit. And since then I send him reports from OSCAR (overview and daily) once a year before our scheduled visit. He loves how much more data OSCAR provides than the software he normally uses.

Thanks so much for your reply!  I'm hoping my doctor will work with me on all this, as this is all very disturbing.  All I want is to be able to breathe, and wasn't counting on having to navigate this too...

[PeaceLoveAndPizza]

As you are bothered by it, you need to talk to ResMed @ 1.800.424.0737 or submit a request via their website.

[NoName9]

Hi Sakima Storm

It looks like the data may be transferred to ResMed however you do it.  I looked at  the ResMed Air Sense 10 card-to-cloud version, which says:

Alternatively, you may bring your SD card to your healthcare provider who will then download your data and upload it to ResMed’s AirView tracking software. (which I believe is their cloud storage?)

Unless maybe your doctor is willing to look at your data using OSCAR? Or am I misunderstanding?

[NoName9]

Thank you for that phone number Peace, Love, and Pizza.    I cannot be the only person who finds this to be way overstepping.

[Narcil]

heh that's just the beginning.

i thought activating an optout mic in my bedroom via OTA was overstepping and i can't believe they don't get nailed for this. only the 11 has one and it's called AcousticSignal if you want to read about it.

[NoName9]

Thanks, Narcil. UGH. :-/  This seems very different from any other medical equipment rules. If insurance pays for a wheelchair do they put tracker on it to see if you’re using it? If they supply a bed do they put sensors on it to make sure you’re sleeping in it?  No, of course not. And the initial CPAP purchase is not actually THAT expensive. Wouldn’t it be nice if the manufacturer put their efforts into making a better product that was tolerable to more people, rather than expending all that effort on policing use?  Problem solved.

[Narcil]

well they need to data to improve therapy, improvements don't come out of thin air they need data to do research. if you read their European privacy policy they lay out their reasons but a wheelchair isn't connected to the internet so it's not quite the same.

ResMed will process your health data for the following purposes:
❶ Fulfillment of legal obligations in connection with the marketing of medical devices:
(i) to improve the usability, performance and security of its medical devices.
(ii) to run post market clinical follow-up of our medical devices.
(iii) to perform materiovigilance.
❷ Conducting health studies, research and evaluations

i'm not that bothered about them gathering data but activating a mic via ota is a bit much. at least they are forced to delete all my data if i delete my account. policing use means more insurance pays for it, better for them not that many ppl buy one without insurance.

[NoName9]

Agreed, the data can be used for a good purpose. So limit the use to defined reasearch needs, anonymize it, do not share without express permission, and let people opt in to data sharing rather than forcing it.