Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Patient Just Wants To See Data From His Implanted Medical Device

timothy posted more than 2 years ago | from the crazy-hippie-pirate-moocher dept.

Medicine 262

An anonymous reader writes "Hugo Campos got an implanted cardiac defibrillator shortly after collapsing on a BART train platform. He wants access to the data wirelessly collected by the computer implanted in his body, but the manufacturer says No. It seems weird that a patient can't get access to data about his own heart. Hugo and several medical device engineers are responding to live Q/A on Sunday night on such topics via ACM MedCOMM webcast at ACM SIGCOMM."

cancel ×

262 comments

Sorry! There are no comments related to the filter you selected.

Since the editors are too lazy to do their job (5, Informative)

OverlordQ (264228) | more than 2 years ago | (#40959005)

Here's a link [blogspot.com] to the actual post.

Re:Since the editors are too lazy to do their job (5, Informative)

Anonymous Coward | more than 2 years ago | (#40959167)

I was close to posting pretty much the same thing, but actually there are many entries on the subject of patient access to ICD data. (Apparently this is a big issue for the ICD owner community.)

In addition to link OQ posted, there's:
http://icdusergroup.blogspot.com/2012/01/top-five-excuses-icd-manufacturers-give.html [blogspot.com]
http://icdusergroup.blogspot.com/2012/01/i-will-get-back-to-you.html [blogspot.com]
http://icdusergroup.blogspot.com/2012/01/fighting-for-right-to-access-my-hearts.html [blogspot.com]
http://icdusergroup.blogspot.com/2011/12/karen-sandler-cyber-lawyer-running-on.html [blogspot.com]
http://icdusergroup.blogspot.com/2011/07/it-isnt-nice-i-want-my-data.html [blogspot.com]

This is a personal first, but I'm actually going to defend the editors on this one. I think linking to the blog, rather than any single post, was appropriate.

/posting A/C because I work for one of the ICD manufacturers mentioned in the blog

//SW Dev but I don't work on devices

///dammit I had things to do thing weekend that won't get done. I have a feeling I'm going to spend a lot of time catching up on this blog.

Is it worth it? (0, Redundant)

Anonymous Coward | more than 2 years ago | (#40959011)

Not to sound against it, but
a) Would he understand what the data meant?
b) Maybe the software and what not is proprietary?

Just some thoughts that come to mind

Re:Is it worth it? (5, Insightful)

Forty Two Tenfold (1134125) | more than 2 years ago | (#40959125)

a) Would he understand what the data meant?

Maybe not, but maybe he wanted to get (n+1)th opinion.

b) Maybe the software and what not is proprietary?

But he doesn't want the 'ware. He wants the data it produces.

Just some thoughts that come to mind

In this case those are gross overstatements.

Re:Is it worth it? (5, Insightful)

sumdumass (711423) | more than 2 years ago | (#40959279)

But he doesn't want the 'ware. He wants the data it produces.

I suspect their refusal to allow access might be along the lines of hiding from potential liability if the product reacts or behaves improperly at any time. Imagine a grieving widow who discovers a pattern in the data where the device takes 3 minutes too long to respond properly every 500 or 1000 times it stimulates the heart or the input says it should.

You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor. Perhaps they are worried the control signals would be discovered and after a trip to an electronics store, the widow could be celebrating getting rid of her husband instead of grieving? I see no other reason for keeping it hidden other then to avoid liability or stop potential abuse.

Re:Is it worth it? (3, Insightful)

Forty Two Tenfold (1134125) | more than 2 years ago | (#40959373)

Concerning the (absence of) malfunctions, wasn't that the goddamn job of the FDA in the first place?

As for the remote tinkering, what does the output have to do with the input? Suppose some sort of requests are required to yank the data out. What possibly could be the problem in making the readout plain and setup secure?

Re:Is it worth it? (4, Interesting)

sumdumass (711423) | more than 2 years ago | (#40960313)

First, the FDA isn't some magic group that never gets anything wrong. They have approved devices, drugs and treatments that later was found to have significant life threatening problem. They are supposed to test and weed those problems out or even approve of the dangers as acceptable and manageable considering the goals of the device, drug or treatment. The FDA simply is not a magical group of people who never allow something potentially harmful outside of it's labs. It's design was traditionally to validate claims and ascertain harmful effects so we didn't have electrified dildos out there still treating female hysteria and hair loss or leaching to treat pneumonia.

Second, knowing the output can isolate the input not used to initiate the output. It can also be used to determine or differentiate the control signals verses the information. Also, if you are used to cracking wifi encryption, assuming these things use some sort of encryption, knowing what most of the signal will say- even just portions of it- goes a long way at finding the key to cracking the encryption and the signal altogether.

As for access to the output, I don't have a problem with it. I actually think it should be a right of the patient. I know the doctor gets access to the readout and makes changes to the devices based on it. Perhaps they don't want the patent influencing those changes by discussing them with the doctor? There are a load of reasons ranging from the paranoid to the idiotic and from the quality of operation to hiding the workings from competitors.

Re:Is it worth it? (3, Informative)

tomhath (637240) | more than 2 years ago | (#40959451)

The less data/information they give to personal injury lawyers the safer they are. Even if there's nothing wrong with the device a jury could be convinced that something was wrong with pretty graphs that show...something.

Re:Is it worth it? (4, Insightful)

maxwell demon (590494) | more than 2 years ago | (#40959483)

But then, the refusal itself could be construed as indication that something is wrong with the device, because otherwise, why hide the data?

Re:Is it worth it? (5, Insightful)

reve_etrange (2377702) | more than 2 years ago | (#40959881)

You would think that you would have a right to any data produced by your body or devices used in keeping it alive and it would be available to at least you or your doctor

You already have a right to all of your medical records. I don't understand how this data is not a "medical record."

Re:Is it worth it? (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#40959419)

Not to sound against it, but
a) Would he understand what the data meant?
b) Maybe the software and what not is proprietary?

Just some thoughts that come to mind

a) He certainly isn't going to have a better chance of understanding the data if he isn't allowed to see them... Would I be polishing my 'I told you so' reflexes if he decides to do a bit of amateur reprogramming? Sure. Does denying somebody access to even view data because they might not understand it make sense? About as much sense as keeping books away from children because they aren't yet literate...

b) Given that the manufacturer won't disclose it, it apparently is proprietary. That's sort of the entire issue. We have now(and, barring exciting economic apocalypse of some flavor) and will have in greater numbers and in more significant capacities, a population for which 'binary blobs' are inside their bodies, not their laptops. Some of them don't like this.

Re:Is it worth it? (1, Redundant)

ceoyoyo (59147) | more than 2 years ago | (#40959549)

The manufacturers take the fairly sensible approach of not giving the raw data directly to the patients. On his blog one of the reasons he says the manufacturers give is that patients with raw data would be worried by things they don't understand and constantly wanting to see their doctor for reassurance. He dismisses that objection out of hand.

Patients (and non-patients) DO this all the time. Med students are famous for diagnosing themselves with all sorts of problems. The tech who gives you an x-ray, CT or MRI scan won't give you the images either. You can request them from your doctor, and he will (or may have to) give them to you, but he'll probably want to sit down and go through them with you first.

Patients do try to interpret their own data, usually pessimistically. And besides the stress it causes them and the wasted time it causes their doctors, there was a Slashdot story just the other day about how believing there's something wrong can produce real, potentially dangerous physical effects.

If this guy really wants his data he can go to his doctor and ask for it. There are several very good reasons why he shouldn't have a raw feed from the device manufacturer.

Re:Is it worth it? (3, Insightful)

fredprado (2569351) | more than 2 years ago | (#40959751)

The same justification could be given to forbid patients from seeing their blood tests, or even reading any medical literature. That is bullshit. Medics are not all knowing and patients are not retarded children. Patients have the right to decide for themselves what they want done with their own bodies and to fully exert this right the more information they have the better.

Re:Is it worth it? (0)

ceoyoyo (59147) | more than 2 years ago | (#40959839)

Try asking a lab for your blood test results. They probably won't give them to you.

Medical literature is a step removed. It's not about YOU.

Yes, patients have the right to decide what they want done for them, and yes, they should have access to all their information. And they can get it, by asking their doctors.

Re:Is it worth it? (5, Informative)

fredprado (2569351) | more than 2 years ago | (#40960027)

They have to give them to you here in my country (Brazil), here your doctor can only see your tests through you. He asks for the exams, you go to the lab, they collect your samples, and when the results are ready you go there and get them (or get them through the internet) and bring them to the doctor, if you so wish. If you prefer you can just get the results and bring them to another doctor and never go back to the former one, who requested the tests, or you can bring them to both.

I don't know specifics about how the procedures are in US, but I do know that under HIPAA they must give you any results you request They can't legally refuse to do so.

Re:Is it worth it? (1)

PRMan (959735) | more than 2 years ago | (#40960235)

Really? Where do you live? My doctor always sits down with me and discusses it.

Re:Is it worth it? (1)

bws111 (1216812) | more than 2 years ago | (#40960303)

Uh, yeah. That is what he says. You get your results by asking your doctor, not the lab.

Re:Is it worth it? (1)

mrchaotica (681592) | more than 2 years ago | (#40960299)

My wife and I had our annual physicals recently, and got our blood test results in the mail without even asking for them. (Of course, it kind of proves the other post's point since my wife freaked out about hers even though all her numbers were [barely] normal.)

Re:Is it worth it? (0)

Anonymous Coward | more than 2 years ago | (#40959863)

WRONG: I requested my MRI both times and the tech was happy to print off a cd and give it to me.

Re:Is it worth it? (2)

Belial6 (794905) | more than 2 years ago | (#40959975)

There are several very good reasons why he shouldn't have a raw feed from the device manufacturer./quote? Yes, the same reason that some people shouldn't be allowed to vote, or should be owned instead of being responsible for their own well being....

Re:Is it worth it? (2, Informative)

ceoyoyo (59147) | more than 2 years ago | (#40960045)

"should be owned instead of being responsible for their own well being"

If someone is going to be responsible for his well being, he should be given the best possible information, not the raw, context free dump some engineering company e-mails him.

If you ever find a doctor who's willing to treat a close relative (or himself) for something serious, find another doctor. Most won't do it, and none of the good ones will. EVERYBODY's judgement is clouded when they're considering things seriously affecting their own health.

Yes, the ultimate responsibility lies with the patient. This guy should have access to his data (which he does), by asking the correct person for it.

My mechanic always explains what's wrong with my car when a decision needs to be made, and what was done when I pick it up. Is he being paternalistic, or giving me good service?

Re:Is it worth it? (4, Informative)

amoeba1911 (978485) | more than 2 years ago | (#40960251)

The tech who gives you an x-ray, CT or MRI scan won't give you the images either. You can request them from your doctor, and he will (or may have to) give them to you, but he'll probably want to sit down and go through them with you first.

Hey, that's false! My wife got an MRI recently, and I asked the technician to give us a copy of the data. There was no objection or hesitation, the technician simply burned a CD and handed it to us on our way out. I learned that their images are stored in a proprietary format, but conveniently the CD came with the software necessary to view the images.

Re:Is it worth it? (1)

Anonymous Coward | more than 2 years ago | (#40959907)

a) Maybe he would?
b) Why doesn't the FDA require all medical device software to be disclosed? THAT would make a lot of sense actually. Competitors couldn't copy it because when they build a device, they too need to disclose the source. Reviews would be much better.

Re:Is it worth it? (2)

Belial6 (794905) | more than 2 years ago | (#40959939)

That is an important point on this subject. Implants are only going to become more common in the future. That implant and it's software are a part of him now. What percent of a person can be outright owned by another person before we call them a slave? 1%, 10%, does it have to be 100%?

Re:Is it worth it? (3, Insightful)

WillDraven (760005) | more than 2 years ago | (#40960097)

"Oh, you own the implant, but the software is licensed. Make sure you keep up your license payments and come in for your monthly compliance review or we'll use the remote kill switch."

Re:Is it worth it? (5, Insightful)

Dunbal (464142) | more than 2 years ago | (#40960165)

You don't get to peek inside your machine to see for yourself it's a good one, just like the airline will not let you take a wrech to the jet engine or even kick the plane's tires.

I have one of these devices [bostonscientific.com] since last year after my (4th) heart attack. I am also a physician, so I would understand the data. But honestly I don't see the need. When I go get checked up, the Boston Scientific staff are more than happy to explain anything I ask - and I do ask some detailed questions. I am quite sure that the device and its software are proprietary and also trade secrets of the company.

But there's another reason: Honestly one shouldn't go around tinkering or "hacking" an implanted device. They come with limited battery life - most of which is covered by warranty (if my battery runs out before 10 years I get the device replaced and the procedure paid for by the company, anywhere in the world). Radio signals require energy, asking the device to read its cache requires energy, and the manufacturer would be put in a position where it might have to cover a warranty on a battery that didn't fail because of design, but because of tinkering. They can hardly say "no" and let the patient die. That, and of course what if the "hacker" manages to mistakenly change the machine's settings so it's firing inappropriately, draining the battery within days, or better yet firing and triggering a lethal arrhythmia. The company would be blamed (at least initially) for a "faulty" device. It's bad business, and I understand it.

I really don't feel like playing with my implant. I really don't feel like paying for someone else who wants to play with their implants, in the form of increased costs because the company has to set more aside for liability. I selected my device after both research into the company, the model, and this type of device as a whole. And my cardiologist's opinion. And a 2nd opinion. You can look at the statistics for the device, compiled in a scientific manner, and compare it to other devices, and that's it.

Unsurprising (5, Insightful)

girlintraining (1395911) | more than 2 years ago | (#40959019)

It seems weird that a patient can't get access to data about his own heart.

No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body, or any of the parts implanted in it... it's all covered by a patchwork of patents on genetic materials and derived medical uses. You should be careful with yourself... it's a felony to damage government property... Or was that corporations? I confuse the two so much these days... (-_-)

Re:Unsurprising (-1, Offtopic)

rayhanzhampiet (2696369) | more than 2 years ago | (#40959117)

I think you are wright..!! Iklan Internet Murah [rayhanzhampiet.com]

Re:Unsurprising (-1)

Anonymous Coward | more than 2 years ago | (#40959339)

Fuck you. Speak English. WTF is an Iklan Internet Murah? No I'm not clicking the link to your stupidly named domain.

Re:Unsurprising (0)

Anonymous Coward | more than 2 years ago | (#40960241)

Since the gp is Indonesian, I'm willing to cut him some slack on his use of English. Sure he misspelled a word, but he still uses English better than I and probably you, manage to use Indonesian.

On the other hand, you are right in being suspicious of the link he posted. Based on a Google translation of his web site, it's pretty clear that he is trying to pimp his SEO and ad networking services. (Iklan Internet Murah = Cheap Internet Advertising in Malay)

Re:Unsurprising (0)

Anonymous Coward | more than 2 years ago | (#40959133)

Exactly, sheesh, it's the company's IP for god sake!

Re:Unsurprising (2)

ThunderBird89 (1293256) | more than 2 years ago | (#40959195)

Wasn't it ruled that natural genetic sequences can't be patented, only the specific modifications biotech companies implement? And where ever did you get that stem cells are patentable, they're not even an idea to be patented. There was that case about the HeLa-line, but in that case, it was ruled that since the cells were considered medical waste, it was the hospital's responsibility to see to their disposal as they see fit, granting ownership over the cells, and their descendants (since they are identical to the mother cells).

Re:Unsurprising (5, Informative)

ceoyoyo (59147) | more than 2 years ago | (#40959571)

That case was about the opposite - a patient wanting to control (or profit from) the use of the descendants of her cells, not a company claiming rights over a cell line.

Re:Unsurprising (2)

fahrbot-bot (874524) | more than 2 years ago | (#40959287)

It seems weird that a patient can't get access to data about his own heart.

On the other hand... How much data do people w/o implanted devices have? Seems he's still in the same boat.

Re:Unsurprising (1)

hawguy (1600213) | more than 2 years ago | (#40959829)

It seems weird that a patient can't get access to data about his own heart.

On the other hand... How much data do people w/o implanted devices have? Seems he's still in the same boat.

For $2000, I could have quite a bit of information about my own heart:

http://storkmedical.com/Merchant2/merchant.mvc?Session_ID=dffb210245397c6228266362ec8a92df&Screen=PROD&Product_Code=CC-RESTING&Category_Code=EKG-Machines-PC-Based&gclid=COnzzJm24LECFWk0QgodlQMA3g [storkmedical.com]

Or if I wanted to go cheap, for $400 I could have a wearable device:

http://www.facelake.net/ekg80a.html [facelake.net]

But I still wouldn't know me what the defibrillator implanted in my chest sees.

Re:Unsurprising (1)

cpu6502 (1960974) | more than 2 years ago | (#40959317)

>>>No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body,

Does this mean if I want an abortion, I need permission from whoever owns the genetic material of my womb? I guess that would be the fertility pill corporation.

Re:Unsurprising (1)

camperdave (969942) | more than 2 years ago | (#40959551)

Does this mean if I want an abortion, I need permission from whoever owns the genetic material of my womb? I guess that would be the fertility pill corporation.

No, that would mean your son/daughter; and as soon as they are old enough to legally grant you permission to do so, you can get that abortion.

Re:Unsurprising (5, Informative)

ceoyoyo (59147) | more than 2 years ago | (#40959401)

You cannot patent someone's stem cells or genes. That's a pop journalism myth. You CAN patent treatments, given to other people, based on those stem cells or genes. It's okay though, if you have kids you won't be guilty of patent or copyright infringement.

Re:Unsurprising (1)

91degrees (207121) | more than 2 years ago | (#40959521)

You can patent the process of isolating specific genes as well though. The effective patent rights are pretty broad.

Re:Unsurprising (1)

ceoyoyo (59147) | more than 2 years ago | (#40959613)

Which doesn't have the least effect on anyone's ownership or use of their own body.

Re:Unsurprising (0)

Anonymous Coward | more than 2 years ago | (#40960125)

You can patent the process of isolating specific genes as well though. The effective patent rights are pretty broad.

The Supreme Court trimmed back those rights recently.

Re:Unsurprising (0)

Anonymous Coward | more than 2 years ago | (#40959425)

It seems weird that a patient can't get access to data about his own heart.

No more weird than your stem cells and DNA being patented. In fact, according to intellectual property law, you don't own your body, or any of the parts implanted in it... it's all covered by a patchwork of patents on genetic materials and derived medical uses. You should be careful with yourself... it's a felony to damage government property... Or was that corporations? I confuse the two so much these days... (-_-)

I don't own my body? Whew, that's a relief...for a minute there I thought I was responsible for controlling my own actions. Or being responsible for my own decisions.

Oh wait...that's right, I am.

Just go to Defcon (1, Interesting)

Anonymous Coward | more than 2 years ago | (#40959025)

Someone will have the data in a matter of minutes, and you might even live long enough to see it yourself.

Makes some degree of sense... (5, Funny)

Havenwar (867124) | more than 2 years ago | (#40959047)

While security through obscurity isn't a good approach I figure with something such as a that you'd want to take every step you can to make sure as little information gets out about it as possible.

Next year on defcon - learn how to hotwire your neighbour! Literally! From your android device! (or iphone, but you have to be jailbroken and pay 99c for the app. But it comes with a jump-o-meter to measure how high he jumps.)

Re:Makes some degree of sense... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40959217)

While security through obscurity isn't a good approach I figure with something such as a that you'd want to take every step you can to make sure as little information gets out about it as possible.

Next year on defcon - learn how to hotwire your neighbour! Literally! From your android device! (or iphone, but you have to be jailbroken and pay 99c for the app. But it comes with a jump-o-meter to measure how high he jumps.)

Access to data doesn't have to mean code review or access to command and control functions.

I have access to the event logs on my MS Windows O/S, doesn't mean I have the Windows code base.

/posting A/C because I work for one of the ICD manufacturers mentioned in the blog

Re:Makes some degree of sense... (2)

Havenwar (867124) | more than 2 years ago | (#40959305)

I'm aware of that, but as any hacker knows the more you know about something the more chances are of spotting something you can use to get into it. It might not be much of a risk, say one chance in a trillion that it lead to an exploit... but this is a defibrillator built in to some guys chest we're talking about here. You heard about the hackers that raped some guys icloud account just for the lulz on their way to take over his twitter? Yeah that. I don't want those kinds of people to have a one in a trillion chance of messing with something that's keeping someone alive. For the lulz, or for blackmail, or whatever.

One the other hand I support the idea that he should have the right to the data about his own body... I just don't think it's a good idea, right or not.

If the data is being "wirelessly" transmitted... (0)

John Hasler (414242) | more than 2 years ago | (#40959073)

...it is available to anyone with a receiver.

Re:If the data is being "wirelessly" transmitted.. (2)

The MAZZTer (911996) | more than 2 years ago | (#40959079)

Not very useful if it's encrypted unless you have the private key or can crack it.

Re:If the data is being "wirelessly" transmitted.. (1)

The MAZZTer (911996) | more than 2 years ago | (#40959095)

(To be clear, I didn't RTFA yet so I dunno if it is or not.)

Re:If the data is being "wirelessly" transmitted.. (3, Interesting)

crashumbc (1221174) | more than 2 years ago | (#40959099)

Not knowing his specific one I can't say for sure. But I can say MOST medical devices have very little in the way of security... its really pitiful how far back the medical field is.

Re:If the data is being "wirelessly" transmitted.. (1)

slazzy (864185) | more than 2 years ago | (#40959127)

This might be the reason they don't want to provide that information. Security through obscurity you know.

Re:If the data is being "wirelessly" transmitted.. (0)

Anonymous Coward | more than 2 years ago | (#40959103)

I get the feeling that cracking your own defibrillator isn't the best idea in the world.

Re:If the data is being "wirelessly" transmitted.. (1)

ceoyoyo (59147) | more than 2 years ago | (#40959405)

And perhaps the other people with this kind of implant would prefer this guy not be given the private key.

Re:If the data is being "wirelessly" transmitted.. (1)

Robert Zenz (1680268) | more than 2 years ago | (#40959443)

How often have you seen a device that transmits *something* wireless being properly secured when the companies goes "No, we can't give you access to that...because...it is too complex for you to understand!" or "Why should we give you that data?"?

Re:If the data is being "wirelessly" transmitted.. (4, Insightful)

tlambert (566799) | more than 2 years ago | (#40959723)

If it's encrypted, then this would give them access to both the cyphertext and cleartext of the data, which is the essentials of what you need to reverse engineer the cryptography.

Now ideally, the control and reporting cryptography would use different keys, but there is only so much code you can fit into a small embeddable medical devices, and it's likely they are the same code, if not the same key pair.

In this case, it's reasonable to not give samples of both sets of data out to prevent reverse engineering of the control channel which could then be used on someone else's implanted medical device.

Re:If the data is being "wirelessly" transmitted.. (2)

Jawnn (445279) | more than 2 years ago | (#40959525)

...it is available to anyone with a receiver.

Available, yes, but if you decrypt it, you have broken the law.

This is illegal under HIPAA. (5, Informative)

Immostlyharmless (1311531) | more than 2 years ago | (#40959091)

Any entity that collects medical data on you MUST provide a way to get you copies of that information. If he really wants the data that badly, I'd contact a lawyer and pursue it from the HIPAA angle. Chances are very good there's probably not a hell of a lot of information in it. If he's really worried about it, he should contact his cardiologist and have them order an interrogation the pacer. Pretty simple stuff really and that way its covered under insurance..(probably unless there's no medical reason to do so). They probably aren't going to come out and interrogate it in the home, because they fiddle with the settings to make sure its working right and for that reason it needs to be done only in a setting where he's on telemetry and has medical staff standing by.

Re:This is illegal under HIPAA. (1)

girlintraining (1395911) | more than 2 years ago | (#40959199)

The protocols on these systems aren't encrypted. It's entirely possible that the device and tech needed to decode it are very similar if not identical to what would be required to make modifications to the device. Maybe that's the reason the manufacturer doesn't want to give the patient direct access...

Re:This is illegal under HIPAA. (0)

Anonymous Coward | more than 2 years ago | (#40959361)

If it's not encrypted, then surely someone will try to reverse engineer it. So hiding doesn't really protect it much.

Re:This is illegal under HIPAA. (0)

Anonymous Coward | more than 2 years ago | (#40959503)

1) That's a stupid reason to deny a patient his own medical data.
2)That doesn't make it any less illegal to deny the patient his own medical data.

Re:This is illegal under HIPAA. (4, Insightful)

tomhath (637240) | more than 2 years ago | (#40959583)

True, but there's no definition of "data" in HIPAA. Suppose you get a cholesterol test, all you see is the final number, not the inner workings of the instrument that made the measurement. If they're recording the measurements and making them part of a medical record I agree that should be shared, but this is less clear.

It would be illegal under HIPAA to give it out (0)

tlambert (566799) | more than 2 years ago | (#40959745)

If the same control codes for device A implanted in patient Q would work with device B implanted in patient R. Specifically, disclosing the information to patient Q would disclose private health information for patient R, since the health information in this case is common to everyone with the same implant.

See my other posting relative to cryptography to see ow giving both cleartext and cyphertext to the same person would be tantamount to providing similar HIPAA protected information about another patient, if the control and/or reporting channel keys and algorithms were disclosed.

This is probably a case where "security through obsurity" is in line with Federal law, based on their (arguably poor, yet approved by the FDA) design choices.

Re:It would be illegal under HIPAA to give it out (4, Insightful)

profplump (309017) | more than 2 years ago | (#40960109)

If the information is common to everyone with the same implant is it, by definition, not personally identifiable or private health information. Disclosing the existence of patient Q to patient R, or visa versa, would be a violation. But merely telling either of both of them independently that they have their implant set to "Mode B" is not, just as telling patient Q that he has a heart rate of 79 is not a violation if patient R happens to also have a heart rate of 79.

Also, even if there is some private data that needs to be hidden, it's entirely possible to design a crypto system that's secure against known-plaintext attacks. Almost are modern crypto systems are; you'd have to do something dumb to not get that feature from any common crypto library.

he wants to hack his own heart (5, Funny)

Anonymous Coward | more than 2 years ago | (#40959107)

the dude is probably thinking of tampering with the device's firmware settings and increasing his own pulse so he can go on a rampage around town like in that movie "Crank"

Re:he wants to hack his own heart (2)

rvw (755107) | more than 2 years ago | (#40960077)

the dude is probably thinking of tampering with the device's firmware settings and increasing his own pulse so he can go on a rampage around town like in that movie "Crank"

Computer says no. [youtube.com]

His doctor should be entitled to the data, period (4, Interesting)

davidwr (791652) | more than 2 years ago | (#40959145)

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Now, if the company is refusing to share the raw data with the patient's doctor, that's just plain wrong and it should be illegal. Likewise, if they are refusing to share it with the patient's attorney, then the attorney should have an absolute right to subpoena it.

Likewise, if the doctor doesn't have a bona fide medical reason for refusing to pass that data on to the patient, that should be called medical malpractice.

Re:His doctor should be entitled to the data, peri (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40959337)

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

Now, if the company is refusing to share the raw data with the patient's doctor, that's just plain wrong and it should be illegal. Likewise, if they are refusing to share it with the patient's attorney, then the attorney should have an absolute right to subpoena it.

Likewise, if the doctor doesn't have a bona fide medical reason for refusing to pass that data on to the patient, that should be called medical malpractice.

He is not a psych patient so all his healthcare info legally belongs to the him...

Re:His doctor should be entitled to the data, peri (3, Funny)

stephanruby (542433) | more than 2 years ago | (#40959823)

He is not a psych patient so all his healthcare info legally belongs to the him...

How do you know? May be, he was just having a panic attack and they implanted an Altoids Tin Can into his chest to trigger the Placebo effect.

Re:His doctor should be entitled to the data, peri (3, Funny)

Hatta (162192) | more than 2 years ago | (#40959749)

This is particularly true in psychiatric medicine, where past therapists are required to pass on notes to future therapists, but patients don't necessarily have the right to read the notes themselves.

I don't see how that would help a paranoiac.

Re:His doctor should be entitled to the data, peri (-1, Flamebait)

Anonymous Coward | more than 2 years ago | (#40959761)

There are NO medical reasons to deny a patient data on himself. Psychiatry is not medicine. Fuck you.

Re:His doctor should be entitled to the data, peri (2)

sunwukong (412560) | more than 2 years ago | (#40959835)

For the last time -- off my couch!

Re:His doctor should be entitled to the data, peri (2)

cowboy76Spain (815442) | more than 2 years ago | (#40959909)

Don't tell that to your doctor...

Re:His doctor should be entitled to the data, peri (0)

Anonymous Coward | more than 2 years ago | (#40959967)

psychology != psychiatry

A therapist is not a medical doctor.

Re:His doctor should be entitled to the data, peri (1)

guttentag (313541) | more than 2 years ago | (#40960075)

There are legitimate medical reasons why some patients shouldn't have access to all raw medical data.

You never know, he could get stuck in a feedback loop. He sees that his heart is beating a little fast because he's anxious about what his heart rate is. This causes more anxiety which causes his heart to beat faster. Seeing that it is out of control sends him into a panic and pushes the rate even higher, etc. Eventually he has a heart attack and sues the company.

Like a gaming console (0)

Anonymous Coward | more than 2 years ago | (#40959149)

You are probably just licensing your heart, the Company still owns it.

Blame American Jurors (0)

mc6809e (214243) | more than 2 years ago | (#40959173)

A gas can maker was recently forced out of business [tulsaworld.com] when a jury found the maker 70% liable in the death of a 4-year-old that perished in a camper when her father poured gasoline into a wood burning stove.

Someone can pour gasoline from a can onto a fire and a jury will still blame the maker of the can.

Do you really think the maker of this device is going to take a chance of losing everything through potential misuse of this wireless capability?

Anyone in business needs to understand that they're seen at best by jurors as a necessary evil and as a source of money to help someone they sympathize with. Additional unnecessary features are just additional opportunities for big judgments against you and your firm.

Re:Blame American Jurors (0)

Anonymous Coward | more than 2 years ago | (#40959495)

A gas can maker was recently forced out of business [tulsaworld.com] when a jury found the maker 70% liable in the death of a 4-year-old that perished in a camper when her father poured gasoline into a wood burning stove.

Someone can pour gasoline from a can onto a fire and a jury will still blame the maker of the can.

Do you really think the maker of this device is going to take a chance of losing everything through potential misuse of this wireless capability?

Anyone in business needs to understand that they're seen at best by jurors as a necessary evil and as a source of money to help someone they sympathize with. Additional unnecessary features are just additional opportunities for big judgments against you and your firm.

Anyone in business (or not for that matter) these days needs to learn where the real problem lies. Attorneys and frivolous lawsuits.

Between bullshit patent wars and litigation, I don't predict it will be much longer before there will be no further drive to innovate. Not because the world isn't full of innovators, but because everyone is too goddamn afraid of getting sued into oblivion for breathing on a customer wrong.

Re:Blame American Jurors (1)

cheros (223479) | more than 2 years ago | (#40959959)

I don't predict it will be much longer before there will be no further drive to innovate

Not necessarily. AFAIK, all innovation has to do is to avoid the USA..

The problem isn't so much where there is *real* abuse, it's the ability for the bigger players to nuke a small innovator off the playing field by draining its pockets in court.

Wasn't it Mark Twain who said that courts are where justice is dispensed with?

Re:Blame American Jurors (0)

Anonymous Coward | more than 2 years ago | (#40960047)

A gas can maker was recently forced out of business when a jury found the maker 70% liable in the death of a 4-year-old that perished in a camper when her father poured gasoline into a wood burning stove.

Anyone in business (or not for that matter) these days needs to learn where the real problem lies. Attorneys and frivolous lawsuits.

Attorneys are hired guns. And both sides in the lawsuit have them. The problem is juries. Now, what to do about that is another question altogether.

Re:Blame American Jurors (0)

Anonymous Coward | more than 2 years ago | (#40959517)

Do you really think the maker of this device is going to take a chance of losing everything through potential misuse of this wireless capability?

Not their choice. Under HIPAA they must provide the patient with all of the patient's personal medical data. Not optional.

Re:Blame American Jurors (3, Informative)

91degrees (207121) | more than 2 years ago | (#40959593)

These things tend not to be quite so frivolous when you look into them.

Straight Dope Boards [straightdope.com] suggests that there was a design issue that the gas can manufacturer knew about, that would result in an explosion. A slight redesign would have meant that the 4 year old would have survived.

Re:Blame American Jurors (0)

Anonymous Coward | more than 2 years ago | (#40959643)

Another thing that might have saved the child would be if her idiot father didn't pour gasoline into fucking fire.

Re:Blame American Jurors (1)

91degrees (207121) | more than 2 years ago | (#40959747)

Yes. He was also found to be at fault.

Re:Blame American Jurors (0)

Anonymous Coward | more than 2 years ago | (#40960013)

But apparently only 30% at fault. I guess maybe he and two representatives of the gas can manufacturer got together and unanimously decided to perform the aforementioned activity?

Re:Blame American Jurors (2)

Lehk228 (705449) | more than 2 years ago | (#40959651)

i had a blitz brand gas can, it was a leaky piece of shit and the spout fell apart on me when i was pouring. i don't know the details of the lawsuit but i am not surprised they got sued out of business using such low quality construction for something as hazardous as holding gasoline.

http://www.lowes.com/pd_90258-1362-80033_0__?productId=3126289 [lowes.com] this is the nozzle mine had (smaller can not the 5 gallon). parts shattered and flew out from under the handle about 6 months after i got it, while trying to pour gas.

Bacardi 151 (1)

slackware 3.6 (2524328) | more than 2 years ago | (#40959701)

Come on even Bacardi 151 has a flame arrestor on the bottle. Get with the times other companies can make a better gas can so you better do so as well or you will lose your company. It is called the American Dream or Capitalism.

he just wants to overclock it (2)

FudRucker (866063) | more than 2 years ago | (#40959227)

so his heart will go pitter-patter like a 20 year old in love

The User Agreement Fine Print (0)

Anonymous Coward | more than 2 years ago | (#40959261)

I can imagine that buried within the 'User' agreement are words like, ...

'installation of the device makes the 'User' a medical subject. Medical subjects are not classified as human beings, lose all rights including under local, state, federal and international laws particularly to the treatment of prisoners of war and all human rights in general for the term of the installation.'

sol

Dr. van Nostrand (1)

Joe_Dragon (2206452) | more than 2 years ago | (#40959299)

Kramer at doctor's

Kramer : I like what you've done with that .

Attendant : May I help you ?

Kramer : Yes , yes . I am Dr. Vanostran from the clinic . I need Elaine Benes

chart . She's a patient of mine and she's not going to make it . It's uh very

bad very messy .

Attendant : I see and what clinic is that again ?

Kramer : That's correct .

Attendant : Excuse me .

Kramer : From The Hoffer-Mandale Clinic in Belgium .

Attendant : Really ?

Kramer : The Netherlands ?

Here is the data (0)

Anonymous Coward | more than 2 years ago | (#40959433)

Duplicates removed and sorted: 0 1

Good enough?

Great! (0)

AlienIntelligence (1184493) | more than 2 years ago | (#40959445)

Fucking DRM on our tickers now!

-AI

Re:Great! (0)

Anonymous Coward | more than 2 years ago | (#40959709)

well you could just die

A waste of time of time an energy (0)

Anonymous Coward | more than 2 years ago | (#40959545)

According to Karen Sandler, a lawyer with an implant, "I don’t want to rely on one company for any part of my life. I don’t want to rely on Medtronic for my heart, and I don’t want to rely on any other company for any other thing." Fine. Go have it taken out. Unless you were unconcious you agreed to have it put in. Make up your mind.

Re:A waste of time of time an energy (1)

cheros (223479) | more than 2 years ago | (#40959927)

What if the company goes bust, or refuses to fix a problem? What if the company screwed up and it can be hacked (not impossible)?

In addition, that is their data - you can't get more personal than heart data, I think..

This is why... (5, Funny)

seven of five (578993) | more than 2 years ago | (#40959619)

20120420 08:00:22 CARDIAC SYSTEM INIT
20120420 08:00:24 VENTRICLE TEST OK
20120420 08:00:25 AORTA TEST OK
20120420 08:00:26 BATTERY TEST OK
20120420 08:00:27 0MG GR0W B1GG3R P3N1$ 1N 3 W33K$!
20120420 08:00:27 CHINA HANDBAG SHOES FASHION LOWEST PRICE
20120420 08:00:27 MEET SEXY SINGLES IN UR AREA
20120420 08:00:27 URGENT FROM WELLS FARGO BANK ACCOUNT RESET!

America land of the free (0)

Anonymous Coward | more than 2 years ago | (#40959737)

If you want to know anything about yourself... not so free.

Boy are we the rest of the world jealous.

Had a friend in a similar position (UK NHS) (0)

Anonymous Coward | more than 2 years ago | (#40959917)

I had a friend a similar position. Difference being, he was a an IT professional and relatively young for a person to receive such a device. So he got the data and knew exactly what it was doing to his heart, because the doctors where very interested in his condition and he knew exactly how to interpret what they told him, and he could tell them that. He called it "learning how to hack his heart".

There are numerous issues with this. Firstly, an ICD has firmware that can be reprogrammed remotely (i.e. through skin, without the need for surgery). Which is good - kudos to the ICD manufacturers for implementing it. Secondly, ICDs are not dumb devices, Thirdly, because he was young (under 40), the data from his device was of interest to essentially everyone in the medical field, because they had very little data from that age group. I can understand it being valuable.

Caveat: He was in the UK, with a national health service. There may be different conditions on how much data can be revealed under such a system.

Patient Bill of rights.... (5, Interesting)

flogger (524072) | more than 2 years ago | (#40959997)

I usually avoid hospitals and the medical profession in general unless it is needed, ie, broken bones or donating a kidney (Which I did recently.) A couple years ago while camping my some broke a bone. I put it in a splint then took him to the hospital to get a get it set and placed in a cast. This was on a Saturday in a very "out-in-the-boonies" location. Before the staff would even look at my son, I had to sign a patient's "Bill of Rights." indicating that I had read the items on their list... There were around a dozen items and I don't remember what they were except for the first one. "The Patient has a Right to all medical records assembled during the visit." Maybe this is enforced in other hospitals. I don;t know.

Anyway, My son was X-Rayed and dealt with and released.

On the way out, I asked the secretary, who made me sign the "Patient's Bill of Rights," for a copy of my sons X-Rays and a print out of the Vitals they recorded. I was told "No, Those are not for you." I put on my "Contrary-Old-Bastard Hat" and stated that I have a "right" to those and read back the 1st item on theh "Patient's Bill of Rights." I explained that the X-Ray and vitals were records of the visit and that the hospital, before my son was allowed any medical attention, made me sign a form to acknowledge that I have a right to those records. I was told that I had to go through the Records department and Billing in order to get the records. These offices would not be open until the following Tuesday (due to a Holiday.) Not wanting to get mad at the secretary for doing her job, I asked to talk to her boss or whoever was in charge of the hospital that day. She informed to me with all of her arrogance that since it was the weekend, she was in charge. So I ranted to her for a while and then read the entire "Patient's Bill of Rights" to her. I strongly emphasized that nowhere in this document, which we both signed, did is mention that I should go through Billing and records. After ranting a bit more she let me know that my son's doctor can request the records and the records will be sent without charge. I explained more how I am his parent/Guardian and in charge of his primary care and that I want the records to that I can hand deliver the records when I can return and set an appointment for cast removal. Again I read the entire "Patient's Bill of Rights" to her and then explained that nowhere on it did it say that my doctor was to get the records. I asked her bluntly to obtain a copy of the records. She actually stomped her foot and said, "No."

"OK," I said, "since I have been forced to acknowledge that I have a right to my son's records, I am going to sit right here in the middle of this hallway until I get them." And I did; I sat down in the middle of the hallway. (My son was looking at me in a state of shock -- He was at that Jr. High age when anything a parent does is considered embarrassing .)

The secretary stared at me for about 30 seconds. then left. A minute after that she came out with a doctor and he asked what was up. I mentioned that I was waiting for a copy of my son's medical records. He nodded, went behind the counter and gave me the X-Rays and vitals papers. I said "Thank you" and left.

This anecdote is not so that I can say I am an old cantankerous fart, it it to illustrate that even though people have rights to information, the ones that hold the information feel compelled not to give it up. THis is true with software, medical data, music... I don;t know where this attitude comes from.

[off my soapbox]

Companies want to see data from fheir patients (1)

G3ckoG33k (647276) | more than 2 years ago | (#40960103)

Companies want to see data from fheir patients?

Why? Only make money? No.

Still, it is a serious moral contender to why Romney is so very much morally wrong.

For once, let the Moral Majority speak up - Dont Put A Price On My Child's Life.

How much is a Texan child worth compared to someone from Massachusetts?

Go to the source (1)

Local ID10T (790134) | more than 2 years ago | (#40960163)

HIPPA [hhs.gov]

U.S. Department of Health and Human Services
Office of Civil Rights
200 Independence Avenue, S.W.
Washington, D.C., 20201
Phone: (866) 627-7748
Web: www.hhs.gov

The Center for Medicare & Medicaid Services
toll free HIPAA Hotline: 1-866-282-0659

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>