Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security DRM Software Technology Your Rights Online

Why Sleep Apnea Patients Rely On a Lone, DRM-Breaking CPAP Machine Hacker (vice.com) 154

Jason Koebler writes: "SleepyHead" is a free, open-source, and definitely not FDA-approved piece of software for sleep apnea patients that is the product of thousands of hours of hacking and development by a lone Australian developer named Mark Watkins, who has helped thousands of sleep apnea patients take back control of their treatment from overburdened and underinvested doctors. The software gives patients access to the sleep data that is already being generated by their CPAP machines but generally remains inaccessible, hidden by DRM and proprietary data formats that can only be read by authorized users (doctors) on proprietary pieces of software that patients often can't buy or download. SleepyHead and community-run forums like CPAPtalk.com and ApneaBoard.com have allowed patients to circumvent medical device manufacturers, who would prefer that the software not exist at all. Medical device manufacturers fought in 2015 to prevent an exemption to the Digital Millennium Copyright Act to legalize hacking by patients who wanted to access their own data, but an exemption was granted, legalizing SleepyHead and software like it.
This discussion has been archived. No new comments can be posted.

Why Sleep Apnea Patients Rely On a Lone, DRM-Breaking CPAP Machine Hacker

Comments Filter:
  • by Crashmarik ( 635988 ) on Thursday November 15, 2018 @09:14PM (#57652932)

    or garage door openers their remote codes, the system should have switched to needing an exception to having to prove that it was legitimately copyright material.

    But as I said elsewhere, I'll take "Evidence the USA is an Oligarchy" for $500

    • or garage door openers their remote codes, the system should have switched to needing an exception to having to prove that it was legitimately copyright material.

      But as I said elsewhere, I'll take "Evidence the USA is an Oligarchy" for $500

      Finally, after half a comment section of random flaming, a relevant comment. Bravo.

    • Evidence, as if needed: https://www.telegraph.co.uk/ne... [telegraph.co.uk]

      OT, but a friend brought me a bunch of CPAP machines from a tech junkyard. They're pretty nice little air supply devices for forced air cooling in my lab...quiet and powerful, and not all that hard to reprogram for that use.

  • by Anonymous Coward

    Visit alibaba and pick up an up to date advanced CPAP machine for the cost of your copay from these shit companies.

  • CPAP Lock-in (Score:3, Informative)

    by Dinjay ( 571355 ) on Thursday November 15, 2018 @09:52PM (#57653056)

    The data from each CPAP manufacturer is locked-in to their ecosystem. Often the only way for users access their data is upload it to the manufacturer's system. This means that if you change manufacturer, then you can't take your old data with you. Even worse, sometimes the manufacturer also lock-in the user to their agent where the user needs to visit the agent to get a detailed report to provide to the sleep physician.

    • by Anonymous Coward

      You car likely has the same feature, lots of data about you that "belongs" to the manufacturer.

      • Re: CPAP Lock-in (Score:4, Insightful)

        by Anonymous Coward on Thursday November 15, 2018 @11:59PM (#57653480)

        The particular aggregious thing about this is that these machines get FDA licensure as 'medical devices', and the US Congress, which empowers the FDA and all forms of US copyright protection by the weight of the laws they pass such as the DCMA allowing crap like DRM, has also passed laws making it a punishable crime (HIPPA) to withhold a patient's medical information from them whenever they request it. They can, at most, charge a nominal fee for the copying of the information to give to you, such as a $5 or $10 cost of burning a CD with your MRI images, etc. I wish someone with some time on their hands and some kahonas on them would sue the living shit out of the manufactures of these devices for violating the law. It's pretty pissy to hold data for a piece of property that someone owns from them, like auto data for the car in your own driveway, bad. But holding back data that affects their health? After they pay ridiculously marked-up prices for these little pumps and hoses? They need to go to 'get fucked-in-the-ass-every-night Federal prison' for a few years. Fucking pieces of shit. That's not a capitalism or socialism thing. That's just dickwads being low life scum.

    • Comment removed based on user account deletion
      • At the risk of talking out my ass, from having dealth with laboratory software, I will say that there is no way in hell the two databases and exportable data formats resemble one another in nearly any way beyond coming from a relational databse and being spat into a CSV.
      • by Anonymous Coward

        Re taking your data with you: How portable is this data anyway? Is it realistic to take data from one device and use it (perhaps with custom-programmed transformations) to directly control another device in a way that does not invalidate its certification and clinical testing results? I'm fairly ignorant on these issues so may be talking out of my ass.

        The main settings are air pressure levels measured in centimeters of water that can be displaced. Common CPAP (continuous) and APAP (automatic) machines have a range from 4 - 20 cm H2O. Those standard settings can be moved.

        Each vendor uses their own algorithms to detect & correct apnea events. There are usually some other comfort settings such as humidity & hose heating that are vendor-specific too

        It is realistic to take the settings from one brand to another but it is generally recommended to stay

    • by Anonymous Coward

      The data from each CPAP manufacturer is locked-in to their ecosystem. Often the only way for users access their data is upload it to the manufacturer's system. This means that if you change manufacturer, then you can't take your old data with you. Even worse, sometimes the manufacturer also lock-in the user to their agent where the user needs to visit the agent to get a detailed report to provide to the sleep physician.

      You are totally wrong!
      Almost all except some travel CPAP machines have SD cards. When you use Sleepyhead to access the SD card, the forst thing it does is make a backup copy of that data on your machine, Even if the card is erased, you still have your data,

      Disclaimer: I am a CPAP user and have used SleepyHead software.

  • I use CPAP... (Score:5, Informative)

    by argStyopa ( 232550 ) on Thursday November 15, 2018 @09:59PM (#57653074) Journal

    ...and I've used Sleepyhead. I certainly appreciate it, but nobody "relies" on it - all the machine settings are available on the unit and Sleepyhead basically just displays info. It's very cool.

    So for data nerds like me I like to dig into it, but the fact that I slept 7 hours 3 minutes last night with 4 wakeups vs 6 hours 52 minutes the night before with 6 wakeups really isn't critical information in any way.

    And let's be honest: as much as I'm a tech-head, me "using the data" to fuck around with the settings on my machine is about as likely to kill me as NOT 'using the data" to fuck around with the settings on the machine.

    • ...and I've used Sleepyhead. I certainly appreciate it, but nobody "relies" on it - all the machine settings are available on the unit and Sleepyhead basically just displays info. It's very cool.

      So for data nerds like me I like to dig into it, but the fact that I slept 7 hours 3 minutes last night with 4 wakeups vs 6 hours 52 minutes the night before with 6 wakeups really isn't critical information in any way.

      And let's be honest: as much as I'm a tech-head, me "using the data" to fuck around with the settings on my machine is about as likely to kill me as NOT 'using the data" to fuck around with the settings on the machine.

      It's not relied upon in the same way that a pacemaker is. However, if the CPAP is logging medical data generated by the user, and the user cannot access that data purely because of artificial means that benefits anybody other than the patient, and Sleepyhead helps to give those patients access to their data, then yes, I would argue that it's "relied upon". Either Sleepyhead is relied upon to get the data, the company's software which end users can't access is relied upon for that same data, or the data the

      • and the user cannot access that data purely because of artificial means that benefits anybody other than the patient,

        It takes me a half an hour to walk into the local medical device supplier and get a printout that the government will accept. It once took a day because I had changed suppliers and they had to get the account control away from the old company.

        Free. This costs them money.

        Either Sleepyhead is relied upon to get the data,

        I would be fascinated to hear from the people who try to send in "Sleepyhead" reports for their commercial driver's or pilot's licenses, and if the US government agencies involved accept third-party open-source software decoding the data.

        or the data the CPAP collects cannot be read at all, defeating the purpose of the CPAP.

        I

    • by Anonymous Coward

      Your doctor relies on the data to make sure it's working properly, or at least he should. If the company ever goes under, gets bought out, or decides to stop supporting the model, you'll be glad you can still read the data. It's also useful to people without insurance. They don't have doctors to review the info and look over it themselves.

    • Re:I use CPAP... (Score:4, Informative)

      by Mister Transistor ( 259842 ) on Friday November 16, 2018 @05:49AM (#57654318) Journal

      I'm also a data nerd, and I figured out how to get into the config menus, etc. on mine. I was able to turn on user info screens that were turned off by default so I get the previous night's data on my sleep, but for a weekly/monthly summary and chart I have to go do my doctor.

      The model I have has a cell phone in it! The older ones wrote data to an SD card, and you'd have to bring that in with you when you went to the doctor every 3 months or so for evaluation, but the cellular models download the data after every night's sleep so the doc can see problems, etc. right away.

      The other issue is insurance. They will only pay for it if it is providing a positive medical benefit to you, so the data uploaded to the doctors is also used as proof the item is being used and that it is indeed effective.

      I'm hoping I can use the software but without the machine snitching on me or failing to report the data to my doctor. I will have to surf the forums there to make sure that won't happen to me if I decide to try using the software.

    • The data in Sleepyhead is much more thorough than what my machine or my machine's mobile app shows me. You can use this info to have much better insight into the efficacy of your treatment and allows you to fine-tuning your machine.

  • by Anonymous Coward

    the manufacturer should be able to protect with DRM is an audit log.

    In court, it may be very handy to know that someone was operating the medical device with modifications not created, authorized, tested, or approved by the manufacturer (or the FDA, for that matter).

    Otherwise, it's their f***ing device; they should be able to do whatever they want with it.

    • But it's not theirs. It's yours. You rent it for a year and you own it after that. Or your insurance pays outright for it when you get it, depending on the type of insurance you have. But it is definitely yours, not theirs.

      • The hell I donâ(TM)t own it. I paid good money for my device. My insurance is crap, so I had to pay for everything- the at home testing, the device, masks, hoses. I own it, and I can do what I want with it, including decrypting the data so I can use it myself. They can go fork themselves.

    • Otherwise, it's their f***ing device; they should be able to do whatever they want with it.

      And they should even be allowed to sell the device, so that it becomes someone else's in exchange for money.

  • Sleepyhead (Score:5, Insightful)

    by dcollins117 ( 1267462 ) on Thursday November 15, 2018 @11:17PM (#57653380)

    Sleepyhead software is great. It allows you to view the medical data your CPAP machine tracks, but is not normally accessible to you, the patient. Did you get that? It's your medical records, they belong to you, but you are not normally allowed access to them. You need that information to track your progress and make informed decisions about your care. Without this software, if you want to view the data, you must request it from your doctor's office and they typically charge you a fee for copying it. Fuck that.

    My view is that the patient is responsible for their own health and doctors should only act in an advisory capacity to make recommendations for improved health. Software like this gives you back control and that's why I think it is so important.

  • I've got a Philips Respironics DreamStation, and use their Dreammapper app.

    Other than being able to save the data, what's the difference between Sleepyhead and Dreammapper?

    • by sxpert ( 139117 )

      I also have the app, which doesn't say anything, really, gives you a couple numbers and that's it.
      this software shows you everything there is to see in the much more detailed stats from the machine

    • by Anonymous Coward on Friday November 16, 2018 @03:13AM (#57653912)

      I prescribe CPAPs for a living as a licensed medical provider, and I also use a DreamStation as a CPAP user. Well, used. Once. And promptly decided it was so limited and user-focused as to be useless.

      The consumer view of the CPAP data is limited, trivial, and summary only. It doesn't show 1/10th of the things that I get from the proprietary software, that actually shows me *when* and *where* things are happening. For example, I can look, per night, at when the pressures on an AutoCPAP (yes, "AutoCPAP" sounds like an oxymoron. It's actually not) go up or down, and how the respiratory events changed on that basis. If a patient usually takes off his or her mask when the AutoCPAP pressure goes above 10 cm H2O, that tells me something very different than if they keep the mask on at that pressure, but that the pressure changes don't seem to be reducing apnea events,

      I get the rationale: patients, given unlimited access to medical data, might be inclined to fiddle with settings based on it, which then complicates the actual treatment. But the fact is it's trivial to find out how to change the pressure settings on any ?PAP machine (CPAP, BiPAP, etc.) by either fiddling or Googling, so there's really no prevention of patient meddling, just *informed* patient meddling.

      Oh, and I can't even give my patients their own data. I can give them summary printouts, and do on a regular basis, but that's not the raw data, suitable for further manipulation, it's a PDF that's pretty to print and look at, that has all the appropriate, reasonable, and customary summaries and common methods of displaying the data... but has no interface for someone else to go in and slice and dice it differently.

      Of all the problems in the sleep medicine world, I think the biggest is patient ignorance ("it's just snoring") and underscreening. Data obscurity isn't in the top 5, in my book, but I still understand the right to obtain one's own data.

      • by epine ( 68316 )

        Of all the problems in the sleep medicine world, I think the biggest is patient ignorance ("it's just snoring") and underscreening. Data obscurity isn't in the top 5, in my book, but I still understand the right to obtain one's own data.

        One of the reasons you hold this view is that you're looking at sleep medicine through the narrowest possible end of the telescope. Apnea has the thinnest etiology of all major sleep problems. The dimensionality is low enough that it almost becomes possible (even preferable)

  • by Applehu Akbar ( 2968043 ) on Friday November 16, 2018 @06:09AM (#57654372)

    Access to one's own medical records in full should be a basic right for us all. In line with this, all treatment machine records should be accessible by the patient. That most patients have no ability to make use of all this information is true but beside the point. That's what we hire medical experts to do.

    • I've had access to data from an expensive test - MRI - denied me due to admitted incompetence and lack of infrastructure. Back when this "only" cost ~ $1000, I had a scan done after a head injury. I wanted a copy of the data because, hey, being able to look inside yourself is kind of a cool thing, right? The nurse doing the test (after a most of the night wait for the MRI team to deign to show up at the emergency room), emailed the result to a doctor for analysis. I saw her do it, via some simple UI. S
      • Stories like this are why I’m so unsympathetic toward MDs who can’t be bothered to embrace technologies like electronic medical records. Sure, the early interfaces are generic and poorly differentiated by user (anesthesiologists need to interact with an EMR differently than do nephrologists, for example). But only if medical professionals care about simplifying their jobs in the long run by taking the trouble to learn new nsystems now, ad at the same time be proactive about keeping management in

      • You went to the wrong provider for your test. You didn't know it at the time you had the test performed, only after, when you wanted to get the images. I argued with my cardiologist and my vascular surgeon to get the images and results for my tests - ultrasounds and CT scans. Finally, I realized my error and went to a lab / test facility where I can get the images for the tests on CD / DVD. Usually, I take the CD / DVD to the doctors office to see if they want a copy. After a CT scan several months ago

    • Access to one's own __________________
      • medical records
      • credit score
      • automobile diagnostics
      • president's tax returns
      • ballot machine's source code
      • environment's sources of emitted toxins from local businesses

      Lots of information should be available to individuals. But information is money, and nobody gives away money for free.

  • by Anonymous Coward

    A lot of the problems people run into are that the needed pressure isn't the same every day - you get stuffy, clear up, allergies, no allergies, swelling, no swelling and so on. Just rolling over can change your needed pressure. Having the same sort of issues where it wouldn't work correctly I switched to APAP about 10 years ago and have never looked back. It uses that software and auto-adjusts your pressure on the fly so you never have to mess with anything. I used to have to change pressure almost sea

  • I certainly agree that the physicians are overburdened, but I don't agree with the accusation of "underinvested". They are not there to be data shepherds, their job is to get the patient set up and hopefully doing better with CPAP. The physicians have a limited amount of time - often dictated by the insurance industry - to work with patients and carving out time for them to handle machine data is pretty nearly a non-starter.

    After all, the physicians don't have a responsibility to provide patients with

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...