(edit: removed redundant rants and added updates)
I recently got diagnosed with a condition (sleep apnea) which means I need to use a machine (CPAP) to have a proper sleep, probably for the rest of my life. The doctor wanted me use the device for a few months, and bring the “report” generated by the device to monitor my progress and discuss further treatment.
I thought it would be a simple task, like using a program or accessing a local network service like a printer would and download a file. However, as I consulted to the device distributors in my area… their sales pitch (disregarding the actual medical functions) were:
A) The machine is constantly connected via wi-fi or cellular to manufacturer’s server, and user downloads the report via manufacturer’s website or an app.
B) The machine has an SD card slot to which data is copied, but user have to bring its contents to the authorized distributor so they can convert them into a report file.
TL;DR: Very unsatisfied with either options. I never asked for this.
Update #1: For the reports, there’s a program called OSCAR (www.sleepfiles.com/OSCAR/) that supports conversion of SD card data. Check device compatibility first. For sleep apnea related discussion, there is a forum (www.apneaboard.com) dedicated to it.
Update #2: From all the available brands, I’m inclined to buy a Chinese brand (Yuwell) simply because of costs alone, even if it is not supported by OSCAR. I see a lot of people recommending ResMed (which has OSCAR support) both online and offline, but the cost is prohibitively expensive for someone in my financial situation with local market prices. Still have to think about it.
Update #3: There’s an asshole in the comments arguing “what’s so special” about sleep related statistics being copied around. My concern was how those statistics get associated with customer identification (metadata) as distributors often do. Anyways, won’t waste my time with the “got nothing to hide” type of dumbfucks.
Well fuck I’m suddenly looking at my pacemaker and the little box that sends the messages to the doctor with much more suspicion now.
As another has commented, medical devices (and especially pacemaker systems) are well regulated, such that misuse or illegal re-selling of patient health data is not worth it for most companies.
Cybersecurity is a big topic in the industry now and life-sustaining systems are scrutinised much more closely these days. I wouldnt be worried, but you can ask the company directly if you are still concerned.