I sent the following letter to the FDA and a similar one to the EFF. Many of you may not realize that insulin pumps that ship with a radio have a suite of commands that we can use to fix bugs in the therapeutic software and share/download data and logs with ease. Medtronic and the other vendors refuse to give us access to knowledge we need to make our therapy safe.
Please join me in contacting the FDA, who recently acknowledged the dangers of not having enough information to manage therapy, along with your pump vendor in order to demand access to the data we need on an ethical basis. Medtronic has told me that I will need lawyers in order to get the information we need. I am beginning to become convinced that a class action suite is indeed necessary.
TL;DR: Insulin pumps ship with features supported by the manufacturer to reduce the adverse events you've been facing, but refuses to let you have access to the information needed.
Here is the letter I sent.
-----------%<-------------------- Howdy, My name is Ben West, I'm a type 1 diabetic using an insulin pump and other gear made by Medtronic. The insulin pump infuses me with insulin using suggestions generated by special therapeutic software whenever I manually intervene, and on an ongoing basis.
The pump automatically keeps logs of its behavior I need in order to monitor and manage my ongoing therapy. In the process of setting out to reverse engineer the protocol https://github.com/bewest/insulaudit in order to audit my logs, I discovered that the protocol includes a suite of commands that can be used to control the pump's primitives.
The pump's therapeutic software has bugs that require me to use folk-lore passed to me to manually override the suggestions with newer "safe" suggestions without the support of science or software. Without constant action to manually over-ride the pump, the pump will give me the incorrect amount of insulin, causing insulin reactions and in some cases even contributing to severe hyperglycemia requiring hospitalization.
The FDA recently acknowledged the safety problems involved in pump therapy: http://www.fda.gov/ForHealthProfessionals/ArticlesofInterest/ucm295... Many patients are actively harmed by lack of access to epistemic certainty of what to expect from their therapy. Eg, the fidelity of their care is poor because they are prevented from empirically understanding their own therapy or ensuring its safety. This lack of access provides the largest vendors with a market absent of competitors, ensuring they can always sell new pumps and other products in ways they can control. The priorities giving them this position in the market also create dangerous and unethical scenarios that I and other patients could fix or work around if only we had access to the right information.
I need the ability to inspect the device for bugs, to monitor it's ongoing behavior, and to use the primitive capabilities of the device as recommended by my doctor. Without this, I'm constantly suffering from incorrect dosages of insulin. There are some well known examples of this that many doctors will be familiar with, such as the life time of active insulin. The variable representing this value was hardcoded into early production models, ensuring an incorrect bolus. Software using the remote diagnostic protocol could circumvent the on board therapeutic dosage generator without modifying the device in any way, using commands they support with their remote control product to generate safer suggestions on demand, and could allow patients to audit logs without vendor software.
I've called Medtronic and repeatedly asked for access to documentation of the remote diagnostic protocol, and for access to the firmware so that I can analyze it for safety and provide tools to verify expected therapy outcomes. They have denied my request every time without arguing the merits of my request, simply admitting that it's proprietary. I want to make clear I am not talking about servicing or modifying my insulin pump. I am talking about the ability to correctly calibrate and fill my syringe, something Medtronic has expressly prevented me from doing. The vendor is preventing access to information necessary for safe therapy, and has employed bundling and misinformation on the technology in order to shape the market place in their favor at the cost of safety.
Originally I believed I only needed access to my own medical data and ended up discovering that the device has the capability to work around faults in the on board therapeutic software. I'm sick of suffering from insulin reactions and need access to the protocol in order to safely administer my therapy. Can anyone help? The FDA report http://www.fda.gov/ForHealthProfessionals/ArticlesofInterest/ucm295... confirms that lack of epistemic certainty regarding therapy results in harming patients. It is a reflection on Medtronic that they refuse to share the knowledge needed to prevent these adverse events.
I shouldn't have to reverse engineer my own medical data. I don't understand how they can get away with doing harm to people this way. I believe it is their intent to work with industry groups to allow read-only access to filtered feeds, and few people will even know that bugs in the device can be mediated using capabilities the manufacturer supports. I cannot abide allowing someone to give insulin to me without empirically investigating their methods, it's just too dangerous.
Wow...why don't you just STOP using a pump, it sounds like your not happy with it's performance or safety... it's your choice. If I felt like you I would just rip it off and trough it up against a brick wall.
It's not just me, it's all pumps users!
Read the FDA report:
""A common theme of insulin pump problems experienced in the adult and youth populations involved the pump's failure to administer a proper insulin dose."""
Their analysis indicates that patients lack enough knowledge to use pumps safely and that more education is required. I couldn't agree more. These are issues we can fix without servicing or modifying the pump.
I don't interpret that the same, I guess. They don't provide specific examples to say why there was under or over delivery. But, if you read that quote in the context of the paragraph, it references something which we have known for some time, that the position of the pump (these are tubed pumps) is a major contributing factor to the over/under delivery. That has to do w/ physics/gravity/forces being applied to the pump such as constant up and down jostling (for example when someone is running) with respect to the canula infusion site. The insulin is thus siphoned out (or fails to siphon correctly) due to the excess pressure (or a lack of pressure) created from that movement/location.
I am not quite sure that getting the code/data is going to fix a physics issue...?
My interpretation is that due to conventional engineering methods, there are a large number of faults that are considered design-tolerant, but which cause unsafe issues when applied to the real world.
A very concrete example is the life time of active insulin. Early Medtronic models hardcoded this variable, ensuring inaccurate dosing suggestions. There are ways to tweaks the settings to accomodate this problem, but they have other side-effects. If I had access to the protocol, I could work with researchers to generate alternative suggestions on demand, and I could freely choose which suggestion to take, allowing me to exploit the safest knowledge available to dose myself. This is no different from filling my syringe myself, except that the vendor didn't get a chance to sell another product to me.
Later models allow customizing this variable that acts as a scaling factor for your dose, however, it remains statically misconfigured until you again reset the variable. My understanding is that there are probably people who need to do this several times per day. Use of the protocol could make this much easier, shortening the time required to manage therapy, allowing the patient to be a normal productive member of society.
Patients using older models supporting this protocol could choose to use alternate suggestions, and could even compare them for accuracy. The technology to do this is trivial and does not modify or service the pump in any way.
Above all, the ability to empirically investigate my therapy allows me to ensure safety. This is basic science. Even if the next model a vendor releases fixes all of the known issues, because of the methods used to conventionally engineer it, it will contain new faults potentially causing harm. We need to be able to investigate and remediate these issues, since these problems can be life threatening.
There are many other issues, the problem is that it's difficult to catalogue and discuss them while we rely on folk-lore.
You honestly think getting root access to a pumps firmware is going to solve this? People brick smartphones daily using root access to try and install custom ROMs to change default operations, that's a $300-$600 mistake that has nothing to do with their health. A $5000-$7000 medical device is not something 99.9% of pump users need root access to. Unless you have an advanced knowledge of the coding language used for the software and an understanding of how the routines and procedures are coded and linked most users would not have the ability to use this information regardless.
I disagree. The FDA acknowledges that pump use is so difficult and dangerous that despite the better therapeutic outcomes, many patients go back to multiple daily injections. A rising tide lifts all ships, my friend. If someone can work around bugs causing incorrect dosages, that will affect everyone who receives incorrect doses, regardless of their technical expertise.
Root access is not necessary. Please read my post again. The protocol in production models already contains untapped therapeutic value.
I'm talking about using the scientific method to ensure safe therapy, and providing tools to verify therapy outcomes. No vendor should fear independently verifying the safety of their products.
The information from the pump is only as good as the information inputted by the user of the pump, you can't blame the pump for incorrectly dosing if you miscount carbs. The human element will always be the biggest limiting factor to whether pump therapy succeeds or not.
Also, the human body will not react the same to the same stimulus on every occurrence, be in insulin therapy, exercise, etc. Insulin absorption rates are not an absolute no matter how exact your dosing is. Diabetes is so challenging because of these factors and requires some effort to be successful whether shots or an insulin pump.
This is exactly the argument I'm using. I'm glad we agree.
Without understanding how the pump works, it cannot be used successfully. Without lots of error-prone manual effort, it is dangerous to use. With access to the right information, patient controlled software could reduce the error-pone nature of this work, help to verify expected outcomes. And when life throws unexpected events your way, use of the protocol could enable even more responsive therapy, without the side-effects of the vendor provided software.
I don't think there's actually any harm or damages in having data floating around. It would be gibberish to anyone without other data. There is no utility for anyone else to have the data. Maybe the only scenario I could conceive of might be surveillance of the Grey Market Strip bandits that insurers are so concerned about?
The predominant concerns preventing our access are these:
* Access to the protocol could allow others to capitalize on areas of the market they cannot or have decided not to pursue. This innocent and reasonable priority has created an unethical situation.
* Access to the protocol brings about liability questions for the vendor. These are legitimate, and I share them, but I believe there is a moral imperative to discuss how to safely use insulin.
If I can calibrate my dose correctly, isn't it unethical to force an inaccurate dose on me?
Could you elaborate a little about the bugs you need to fix manually in the pump? It is hard to understand the problem you are addressing with your work without some technical background (problem, method, defective device model etc).
Again, the FDA acknowledges that pumps typically give incorrect doses of insulin. This is one problem we could solve with access to the protocol and nothing else.