I started using a Medtronic Guardian CGM a little over a month ago, but when I read their Privacy Notice that came in the box, and it said that under some circumstances (like if I am unconscious) they could 'share' my data with my insurance company or the police or the emts, I got seriously nervous about privacy concerns. When I put my blood glucose readings in a spreadsheet for my doctor, I have a separate page on the spreadsheet for food intake and a page for physical activity, and produce graphs so that doctors who are mathematically 'challenged' in their ability to interpret data are given pretty pictures (my primary care is the only doctor I have found who actually looks at data rather than at the pictures) but that is between my doctor and me, not for someone else to backup, store securely, and 'share'. I am concerned that down the road, if I develop some other condition that might be considered by an insurance executive to be related to diabetes management, I could end up denied coverage if they determined that I was somehow "at fault" for some of my readings. That could end up being a very expensive loss of privacy!
So I am hoping that I am not the first member of the group to have considered this, and that someone has a way to download the data to my local PC, where I am certain that it is secure and private. I am certain that I can manage data analysis and graphing if I have access to the data - does anyone know how to get the data without giving it to Medtronics?
Medtronics Customer support told me that even the doctors' offices have to use the Medtronics website to access the data on these devices. I don't know if that is accurate, but it certainly worries me.
Thanks in advance!
I have been concerned about this too. I don't know of a way, but would be curious if anyone else does!
There are a lot of people with same concerns, which is why there are several groups trying to decode MiniMed protocol, to add it to their software or at least open it to public.
Group medevice (on google) decoded most of protocol, which means that might make a way into some software, which is not web based. I am developer of one of such software (GNU Gluco Control) and we are really hoping to have at least some of support by end of year, which would then allow you to bypass use of Minimed website.
I guess I never read that closely, this is somewhat alarming. I would call medtronic and ask them if they are bound by HIPAA regulations like your doctor's office. I believe medtronic will say of course your health information's confidential. If so they are required by law to (http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html):
•Covered entities must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.
•Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.
•Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.
•Business Associates also must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.
I believe Medtronic is a reputable law abiding company, therefore I bet they hold you Personal Health Information (PHI) in very high regard. I bet EMTs and/or police will only recieve you PHI when required by law. For instance, you sue your city/county because they provided poor emergency care that led to problem X. I have heard of other cases where regulatory agencies (possibly FDA) may investigate companies that they have a reasonable suspicion to believe they are not complying to HIPAA. In cases like this some FDA agents may be able to review personal records.
Thanks, Andy - that gives me some hope. The support person I talked to at Medtronic made it sound like I was the only one who had ever questioned putting my data on their site, and tried to make me feel like I was being paranoid!
The person I spoke to at Medtronic mentioned HIPAA, but the document I read was a carefully crafted legal device and there was that "free to modify this policy at any time" which makes me nervous that if our legislators are not perfect in their crafting of new laws or modifications of existing laws, that policy could become even worse at any time. Besides which, there was that note about my being 'unable to give consent', which means any time I am unconscious or sedated, they reserve the right to give away my info at their discretion. And what about post-mortem - I can't give consent, and they could conceivably give my data to an insurance company which could then make my estate a target, or refuse to pay my last set of medical bills. Sorry, but I just don't trust anyone but family with access to that much data that could be so harmful.