I sent the following letter to the FDA and a similar one to the EFF. Many of you may not realize that insulin pumps that ship with a radio have a suite of commands that we can use to fix bugs in the therapeutic software and share/download data and logs with ease. Medtronic and the other vendors refuse to give us access to knowledge we need to make our therapy safe.
Please join me in contacting the FDA, who recently acknowledged the dangers of not having enough information to manage therapy, along with your pump vendor in order to demand access to the data we need on an ethical basis. Medtronic has told me that I will need lawyers in order to get the information we need. I am beginning to become convinced that a class action suite is indeed necessary.
TL;DR: Insulin pumps ship with features supported by the manufacturer to reduce the adverse events you've been facing, but refuses to let you have access to the information needed.
Here is the letter I sent.
-bewest
https://github.com/bewest/insulaudit/blob/master/questions/fda.markdown
-----------%<-------------------- Howdy, My name is Ben West, I'm a type 1 diabetic using an insulin pump and other gear made by Medtronic. The insulin pump infuses me with insulin using suggestions generated by special therapeutic software whenever I manually intervene, and on an ongoing basis.
The pump automatically keeps logs of its behavior I need in order to monitor and manage my ongoing therapy. In the process of setting out to reverse engineer the protocol https://github.com/bewest/insulaudit in order to audit my logs, I discovered that the protocol includes a suite of commands that can be used to control the pump's primitives.
The pump's therapeutic software has bugs that require me to use folk-lore passed to me to manually override the suggestions with newer "safe" suggestions without the support of science or software. Without constant action to manually over-ride the pump, the pump will give me the incorrect amount of insulin, causing insulin reactions and in some cases even contributing to severe hyperglycemia requiring hospitalization.
The FDA recently acknowledged the safety problems involved in pump therapy: http://www.fda.gov/ForHealthProfessionals/ArticlesofInterest/ucm295562.htm Many patients are actively harmed by lack of access to epistemic certainty of what to expect from their therapy. Eg, the fidelity of their care is poor because they are prevented from empirically understanding their own therapy or ensuring its safety. This lack of access provides the largest vendors with a market absent of competitors, ensuring they can always sell new pumps and other products in ways they can control. The priorities giving them this position in the market also create dangerous and unethical scenarios that I and other patients could fix or work around if only we had access to the right information.
I need the ability to inspect the device for bugs, to monitor it's ongoing behavior, and to use the primitive capabilities of the device as recommended by my doctor. Without this, I'm constantly suffering from incorrect dosages of insulin. There are some well known examples of this that many doctors will be familiar with, such as the life time of active insulin. The variable representing this value was hardcoded into early production models, ensuring an incorrect bolus. Software using the remote diagnostic protocol could circumvent the on board therapeutic dosage generator without modifying the device in any way, using commands they support with their remote control product to generate safer suggestions on demand, and could allow patients to audit logs without vendor software.
I've called Medtronic and repeatedly asked for access to documentation of the remote diagnostic protocol, and for access to the firmware so that I can analyze it for safety and provide tools to verify expected therapy outcomes. They have denied my request every time without arguing the merits of my request, simply admitting that it's proprietary. I want to make clear I am not talking about servicing or modifying my insulin pump. I am talking about the ability to correctly calibrate and fill my syringe, something Medtronic has expressly prevented me from doing. The vendor is preventing access to information necessary for safe therapy, and has employed bundling and misinformation on the technology in order to shape the market place in their favor at the cost of safety.
Originally I believed I only needed access to my own medical data and ended up discovering that the device has the capability to work around faults in the on board therapeutic software. I'm sick of suffering from insulin reactions and need access to the protocol in order to safely administer my therapy. Can anyone help? The FDA report http://www.fda.gov/ForHealthProfessionals/ArticlesofInterest/ucm295562.htm confirms that lack of epistemic certainty regarding therapy results in harming patients. It is a reflection on Medtronic that they refuse to share the knowledge needed to prevent these adverse events.
I shouldn't have to reverse engineer my own medical data. I don't understand how they can get away with doing harm to people this way. I believe it is their intent to work with industry groups to allow read-only access to filtered feeds, and few people will even know that bugs in the device can be mediated using capabilities the manufacturer supports. I cannot abide allowing someone to give insulin to me without empirically investigating their methods, it's just too dangerous.
-bewest
Ben West
San Francisco
http://openaccess.city.ac.uk/1069/1/1oo2-revised-13apr11.pdf