I sent the following letter to the FDA and a similar one to the EFF. Many of you may not realize that insulin pumps that ship with a radio have a suite of commands that we can use to fix bugs in the therapeutic software and share/download data and logs with ease. Medtronic and the other vendors refuse to give us access to knowledge we need to make our therapy safe.

Please join me in contacting the FDA, who recently acknowledged the dangers of not having enough information to manage therapy, along with your pump vendor in order to demand access to the data we need on an ethical basis. Medtronic has told me that I will need lawyers in order to get the information we need. I am beginning to become convinced that a class action suite is indeed necessary.

TL;DR: Insulin pumps ship with features supported by the manufacturer to reduce the adverse events you've been facing, but refuses to let you have access to the information needed.

Here is the letter I sent.
-bewest
https://github.com/bewest/insulaudit/blob/master/questions/fda.markdown
-----------%<-------------------- Howdy, My name is Ben West, I'm a type 1 diabetic using an insulin pump and other gear made by Medtronic. The insulin pump infuses me with insulin using suggestions generated by special therapeutic software whenever I manually intervene, and on an ongoing basis.

The pump automatically keeps logs of its behavior I need in order to monitor and manage my ongoing therapy. In the process of setting out to reverse engineer the protocol https://github.com/bewest/insulaudit in order to audit my logs, I discovered that the protocol includes a suite of commands that can be used to control the pump's primitives.

The pump's therapeutic software has bugs that require me to use folk-lore passed to me to manually override the suggestions with newer "safe" suggestions without the support of science or software. Without constant action to manually over-ride the pump, the pump will give me the incorrect amount of insulin, causing insulin reactions and in some cases even contributing to severe hyperglycemia requiring hospitalization.

The FDA recently acknowledged the safety problems involved in pump therapy: http://www.fda.gov/ForHealthProfessionals/ArticlesofInterest/ucm295562.htm Many patients are actively harmed by lack of access to epistemic certainty of what to expect from their therapy. Eg, the fidelity of their care is poor because they are prevented from empirically understanding their own therapy or ensuring its safety. This lack of access provides the largest vendors with a market absent of competitors, ensuring they can always sell new pumps and other products in ways they can control. The priorities giving them this position in the market also create dangerous and unethical scenarios that I and other patients could fix or work around if only we had access to the right information.

I need the ability to inspect the device for bugs, to monitor it's ongoing behavior, and to use the primitive capabilities of the device as recommended by my doctor. Without this, I'm constantly suffering from incorrect dosages of insulin. There are some well known examples of this that many doctors will be familiar with, such as the life time of active insulin. The variable representing this value was hardcoded into early production models, ensuring an incorrect bolus. Software using the remote diagnostic protocol could circumvent the on board therapeutic dosage generator without modifying the device in any way, using commands they support with their remote control product to generate safer suggestions on demand, and could allow patients to audit logs without vendor software.

I've called Medtronic and repeatedly asked for access to documentation of the remote diagnostic protocol, and for access to the firmware so that I can analyze it for safety and provide tools to verify expected therapy outcomes. They have denied my request every time without arguing the merits of my request, simply admitting that it's proprietary. I want to make clear I am not talking about servicing or modifying my insulin pump. I am talking about the ability to correctly calibrate and fill my syringe, something Medtronic has expressly prevented me from doing. The vendor is preventing access to information necessary for safe therapy, and has employed bundling and misinformation on the technology in order to shape the market place in their favor at the cost of safety.

Originally I believed I only needed access to my own medical data and ended up discovering that the device has the capability to work around faults in the on board therapeutic software. I'm sick of suffering from insulin reactions and need access to the protocol in order to safely administer my therapy. Can anyone help? The FDA report http://www.fda.gov/ForHealthProfessionals/ArticlesofInterest/ucm295562.htm confirms that lack of epistemic certainty regarding therapy results in harming patients. It is a reflection on Medtronic that they refuse to share the knowledge needed to prevent these adverse events.

I shouldn't have to reverse engineer my own medical data. I don't understand how they can get away with doing harm to people this way. I believe it is their intent to work with industry groups to allow read-only access to filtered feeds, and few people will even know that bugs in the device can be mediated using capabilities the manufacturer supports. I cannot abide allowing someone to give insulin to me without empirically investigating their methods, it's just too dangerous.

-bewest
Ben West
San Francisco

http://openaccess.city.ac.uk/1069/1/1oo2-revised-13apr11.pdf

Wow...why don't you just STOP using a pump, it sounds like your not happy with it's performance or safety... it's your choice. If I felt like you I would just rip it off and trough it up against a brick wall.

I don't think there's actually any harm or damages in having data floating around. It would be gibberish to anyone without other data. There is no utility for anyone else to have the data. Maybe the only scenario I could conceive of might be surveillance of the Grey Market Strip bandits that insurers are so concerned about?

Could you elaborate a little about the bugs you need to fix manually in the pump? It is hard to understand the problem you are addressing with your work without some technical background (problem, method, defective device model etc).

In reading the post again, I missed the point about your request for access to the nuts and bolts of their pumps and I'm inclined to think that they don't have the obligation to give that to you either. My experience with the pump is that the programmable parameters are plenty sufficient for me to make it do what I need it to do?

It's not just me, it's all pumps users!

Read the FDA report:
""A common theme of insulin pump problems experienced in the adult and youth populations involved the pump's failure to administer a proper insulin dose."""

Their analysis indicates that patients lack enough knowledge to use pumps safely and that more education is required. I couldn't agree more. These are issues we can fix without servicing or modifying the pump.

Again, the FDA acknowledges that pumps typically give incorrect doses of insulin. This is one problem we could solve with access to the protocol and nothing else.

I don't interpret that the same, I guess. They don't provide specific examples to say why there was under or over delivery. But, if you read that quote in the context of the paragraph, it references something which we have known for some time, that the position of the pump (these are tubed pumps) is a major contributing factor to the over/under delivery. That has to do w/ physics/gravity/forces being applied to the pump such as constant up and down jostling (for example when someone is running) with respect to the canula infusion site. The insulin is thus siphoned out (or fails to siphon correctly) due to the excess pressure (or a lack of pressure) created from that movement/location.
I am not quite sure that getting the code/data is going to fix a physics issue...?

You honestly think getting root access to a pumps firmware is going to solve this? People brick smartphones daily using root access to try and install custom ROMs to change default operations, that's a $300-$600 mistake that has nothing to do with their health. A $5000-$7000 medical device is not something 99.9% of pump users need root access to. Unless you have an advanced knowledge of the coding language used for the software and an understanding of how the routines and procedures are coded and linked most users would not have the ability to use this information regardless.

My interpretation is that due to conventional engineering methods, there are a large number of faults that are considered design-tolerant, but which cause unsafe issues when applied to the real world.

A very concrete example is the life time of active insulin. Early Medtronic models hardcoded this variable, ensuring inaccurate dosing suggestions. There are ways to tweaks the settings to accomodate this problem, but they have other side-effects. If I had access to the protocol, I could work with researchers to generate alternative suggestions on demand, and I could freely choose which suggestion to take, allowing me to exploit the safest knowledge available to dose myself. This is no different from filling my syringe myself, except that the vendor didn't get a chance to sell another product to me.

Later models allow customizing this variable that acts as a scaling factor for your dose, however, it remains statically misconfigured until you again reset the variable. My understanding is that there are probably people who need to do this several times per day. Use of the protocol could make this much easier, shortening the time required to manage therapy, allowing the patient to be a normal productive member of society.

Patients using older models supporting this protocol could choose to use alternate suggestions, and could even compare them for accuracy. The technology to do this is trivial and does not modify or service the pump in any way.

Above all, the ability to empirically investigate my therapy allows me to ensure safety. This is basic science. Even if the next model a vendor releases fixes all of the known issues, because of the methods used to conventionally engineer it, it will contain new faults potentially causing harm. We need to be able to investigate and remediate these issues, since these problems can be life threatening.

There are many other issues, the problem is that it's difficult to catalogue and discuss them while we rely on folk-lore.

-bewest

I disagree. The FDA acknowledges that pump use is so difficult and dangerous that despite the better therapeutic outcomes, many patients go back to multiple daily injections. A rising tide lifts all ships, my friend. If someone can work around bugs causing incorrect dosages, that will affect everyone who receives incorrect doses, regardless of their technical expertise.

Root access is not necessary. Please read my post again. The protocol in production models already contains untapped therapeutic value.

I'm talking about using the scientific method to ensure safe therapy, and providing tools to verify therapy outcomes. No vendor should fear independently verifying the safety of their products.

I suggest you read the FDA report. Without access to empirically verifying our therapy, the vendors' priority to control the market overwhelms the pressure to provide safe and effective therapy. Scott Hanselman recently gave a nice overview of how this has played out in the market: http://www.hanselman.com/blog/CommentView.aspx?guid=B67EB5A7-CAD1-4773-BFFE-91A8147DEAA1#ed219da7-75d1-401d-a34b-333e9e829387

Firmware access is not necessary to do the things I want to do. However, their refusal to allow open source developers to provide tools to verify therapeutic behavior of the pump starts to raise questions,

I agree that the programmable parameters are sufficient, if we had access to them. Currently, we are mediated by the software exposing what they have chosen to provide. That's fine, but the features they support allow software under my control to update my programmable parameters with ease. Why should I be forced to waste time and introduce errors inherent in the effort required to manually supervise the pump when I can use software to faithfully execute my therapy and communicate the details with my doctor?

My point is that there is therapeutic value untapped due to secrecy surrounding even trivial and life-threatening parts of the technology. This therapeutic value includes the ability to discover and work around therapeutic flaws making the therapy safer and more accessible.

If someone wiped off the calibration markings of a syringe before giving it you, wouldn't you ask for a syringe with the calibration markings entact?

The information from the pump is only as good as the information inputted by the user of the pump, you can't blame the pump for incorrectly dosing if you miscount carbs. The human element will always be the biggest limiting factor to whether pump therapy succeeds or not.

Also, the human body will not react the same to the same stimulus on every occurrence, be in insulin therapy, exercise, etc. Insulin absorption rates are not an absolute no matter how exact your dosing is. Diabetes is so challenging because of these factors and requires some effort to be successful whether shots or an insulin pump.

This is exactly the argument I'm using. I'm glad we agree.

Without understanding how the pump works, it cannot be used successfully. Without lots of error-prone manual effort, it is dangerous to use. With access to the right information, patient controlled software could reduce the error-pone nature of this work, help to verify expected outcomes. And when life throws unexpected events your way, use of the protocol could enable even more responsive therapy, without the side-effects of the vendor provided software.

The predominant concerns preventing our access are these:
* Access to the protocol could allow others to capitalize on areas of the market they cannot or have decided not to pursue. This innocent and reasonable priority has created an unethical situation.
* Access to the protocol brings about liability questions for the vendor. These are legitimate, and I share them, but I believe there is a moral imperative to discuss how to safely use insulin.

If I can calibrate my dose correctly, isn't it unethical to force an inaccurate dose on me?

If they are prone to giving the wrong dose, is it consistently wrong or is it random? If it's consistent, then all you would have to is adjust the amount of insulin you punch into it. (EX: I might type in 1.2 units per hour instead of 1.0. As long as my bloodsugar stays under control, would it really matter?) If the dosing is always a random amount, that doesn't trend high or low, then how could a device like that be approved by the FDA? Also, even if the pump IS imprecise in the amount it doses, is it any worse than the human error in drawing up or syringe, or the mechanical error in a pen?

Read the FDA article for more information on mis-dosing insulin. There are a variety of causes. Currently, many people use folk-lore to lie to the pump in order to trick it into giving the right amount. They should be able to use software and science instead of folk-lore.

What makes this worse than a human making a mistake, is that you can grab the syringe away from the human and do it properly yourself. Here, we are actually prevented from calibrating our syringes ourselves.

I encourage you to read the FDA article.

If my pump is a faulty mechanism than I'll stick with faulty because I am having much more stable blood glucose readings and an A1C of 5.7 on pump therapy. It doesnt work for you, you are always free to go back to MDI but I think for the VAST majority of us here we are quite satisfied with our pumps and the quality of life it is giving us. I see no problem that I feel needs addressing. Sorry you can count me out of your protest or whatever you are trying to accomplish.

Did you read the article by the FDA? I'm quite happy with the pump, it's a marvelous device with an elegant design. What about the next teenager who goes the hospital because no software has told them the pump is not working correctly while the logs clearly indicate this? Should the vendor prevent that teenager from being helped? According to the FDA report, people will die this year because they did not understand what the pump was doing. If the problem is fixable by me, should I be prevented from fixing it?

Faults are not the problem, I'm grateful for my device, faults and all. The problem is when someone interferes with my ability to resolve that fault.

Ok Im not trying to sound mean and callous...BUT it's a MECHANICAL device and if ANYONE thinks it CANT malfunction or fail or THINKS its a magic fix and by using a pump they don't have to dilligently stay on top of stuff, then MAYBE they don't need to be pumping. Or if parent's are THAT naive, maybe they should keep their kids on MDI therapy. It's NOT a magical fail safe device, ERRORS can and do happen, but overall I believe the safety rate on pumps are pretty darn good. I think there would be a bigger danger in allowing people to tinker with the bells and whistles and not knocking you as I do not know what your background is, but a lot of people tinkering around with stuff they have no business tinkering with and then what happens when they REALLY cause it to screw up? Your warantee Im sure will now be null and void for tampering with the device yourself. No sorry, I just can't get behind this one.