Who pays for Resmed cellular connection

General Discussion on any topic relating to CPAP and/or Sleep Apnea.
User avatar
OkyDoky
Posts: 2870
Joined: Mon Aug 25, 2014 5:18 pm

Re: Who pays for Resmed cellular connection

Post by OkyDoky » Tue Dec 01, 2015 3:02 pm

Heart Jumping wrote:
OkyDoky wrote:And yes settings can also be changed through the wireless.

Your AirCurve 10 device is equipped with cellular communication. This allows your therapy data to
be wirelessly transmitted to your care provider to enhance the quality of your treatment. It also
allows therapy settings to be updated in a more timely manner or your device software to be
upgraded.
Reread that. It could just mean that having your care provider be able to read your treatment could allow them to tell you to change your settings in a more timely manner. It could also be something they put in the manual for legal reasons. OR your interpretation could be correct and it's possible.
This is from Resmeds provider info.

Using AirView™ ResMed’s cloud-based patient management system, you can access nightly therapy data, troubleshoot remotely (using the remote assist feature) and change device settings remotely.

From this link http://www.resmed.com/us/en/healthcare- ... -cpap.html
ResMed Aircurve 10 VAUTO EPAP 11 IPAP 15 / P10 pillows mask / Sleepyhead Software / Back up & travel machine Respironics 760

Heart Jumping
Posts: 276
Joined: Wed Jul 22, 2015 3:06 pm

Re: Who pays for Resmed cellular connection

Post by Heart Jumping » Tue Dec 01, 2015 3:07 pm

xyz wrote:If you follow the news, you'll remember the following stories:

A techie demonstrated (for the media) how he could apply the brakes (and other functions) on another car that he was following.

At a security conference in Las Vegas there was a demonstration how an insulin pump (worn by some type 1 diabetics) could have its settings changed. Potentially lethal.

And if you follow the news and have an IT background, you'll know that the media routinely reports things in a highly inflated and inaccurate manner for ratings, grossly exaggerating risk. That's not to say there is no risk or that we shouldn't be concerned about these things, but most of the media stories are laughable.
There are more examples like this. Whether something is likely is not the point. It should not be possible.
False, and the argument that because something might contain some risk is should never be possible is a logical fallacy and a misuse of the precautionary principle.
That is, there is no good argument to be made to allow this to happen.
There are many good reasons and we experience them in our lives every day. Those need to be weighed along with the risk.

_________________
Machine: ResMed AirSense™ 10 AutoSet™ CPAP Machine with HumidAir™ Heated Humidifier
Mask: DreamWear Nasal CPAP Mask with Headgear - Fit Pack (All Cushions Included with Medium Frame)
Additional Comments: AirFit F10 Full Face Mask is my backup mask for when congested.

Heart Jumping
Posts: 276
Joined: Wed Jul 22, 2015 3:06 pm

Re: Who pays for Resmed cellular connection

Post by Heart Jumping » Tue Dec 01, 2015 3:18 pm

OkyDoky wrote:This is from Resmeds provider info.

Using AirView™ ResMed’s cloud-based patient management system, you can access nightly therapy data, troubleshoot remotely (using the remote assist feature) and change device settings remotely.

From this link http://www.resmed.com/us/en/healthcare- ... -cpap.html
I'll instantly admit when I see I'm wrong and based on that verbiage it certainly does look as though it's possible (to change settings), also here: http://www.resmed.com/us/en/healthcare- ... ystem.html

What I'd want to know is how the system works. Does the provider need to call the patient and have them do something to hand over temporary control? Can someone just log in and change the settings? I agree that it sounds like the potential for risk is there, but would want to know more about how it's accomplished.

I haven't read of anyone here actually having a provider do this, if there are any threads were someone has said their provider has this capability I'd like to read them.

_________________
Machine: ResMed AirSense™ 10 AutoSet™ CPAP Machine with HumidAir™ Heated Humidifier
Mask: DreamWear Nasal CPAP Mask with Headgear - Fit Pack (All Cushions Included with Medium Frame)
Additional Comments: AirFit F10 Full Face Mask is my backup mask for when congested.

User avatar
flightco
Posts: 540
Joined: Mon Aug 03, 2015 6:58 pm
Location: Tinley Park, IL

Re: Who pays for Resmed cellular connection

Post by flightco » Tue Dec 01, 2015 3:19 pm

BlackSpinner wrote:
They offered to up my pressure and
Legally they can't do this without an order from your doctor. That is usually the argument they try to gives us about why it is illegal for us to so much as look at our data.
My doctor had given them a range to work with since he knew I wasn't doing well at the lower setting, that is why they called me.

_________________
Machine: ResMed AirSense™ 10 AutoSet™ CPAP Machine with HumidAir™ Heated Humidifier
Mask: Wisp Nasal CPAP Mask with Headgear - Fit Pack
Additional Comments: Also Sleepyhead, P10, F10 and Amara View

User avatar
flightco
Posts: 540
Joined: Mon Aug 03, 2015 6:58 pm
Location: Tinley Park, IL

Re: Who pays for Resmed cellular connection

Post by flightco » Tue Dec 01, 2015 3:21 pm

Heart Jumping wrote:
OkyDoky wrote:This is from Resmeds provider info.

Using AirView™ ResMed’s cloud-based patient management system, you can access nightly therapy data, troubleshoot remotely (using the remote assist feature) and change device settings remotely.

From this link http://www.resmed.com/us/en/healthcare- ... -cpap.html
I'll instantly admit when I see I'm wrong and based on that verbiage it certainly does look as though it's possible (to change settings), also here: http://www.resmed.com/us/en/healthcare- ... ystem.html

What I'd want to know is how the system works. Does the provider need to call the patient and have them do something to hand over temporary control? Can someone just log in and change the settings? I agree that it sounds like the potential for risk is there, but would want to know more about how it's accomplished.

I haven't read of anyone here actually having a provider do this, if there are any threads were someone has said their provider has this capability I'd like to read them.
Your DME (or anyone with the info) can log in and change settings, no need to contact you first. They contacted me to get a better picture of what was going on.

_________________
Machine: ResMed AirSense™ 10 AutoSet™ CPAP Machine with HumidAir™ Heated Humidifier
Mask: Wisp Nasal CPAP Mask with Headgear - Fit Pack
Additional Comments: Also Sleepyhead, P10, F10 and Amara View

User avatar
flightco
Posts: 540
Joined: Mon Aug 03, 2015 6:58 pm
Location: Tinley Park, IL

Re: Who pays for Resmed cellular connection

Post by flightco » Tue Dec 01, 2015 3:24 pm

xyz wrote:> If someone is really concerned about big brother watching ...

Privacy is always an issue.

Why should it be so lucy-goosey for this and so difficult for other issues?

Almost all of us at some time or the other have run into the control freak at one of our medical service providers. The one who will not give you a copy of _your own_ medical records without you filling out a hippa form. Let alone let your spouse pick up a copy. So you fill out a hippa release only to find out that 1) it's only good for one time (one pickup) or 2) for a max of one year. If I have to fill out a hippa release for _me_ I expect to be good for as long as I'm around.

And frustration mounts when you're dealing with a large provider (e.g., hospital, insurance company, nationwide dme) where the right hand doesn't know what the left hand is doing. "Sorry, I don't know anything about that. I don't have a copy of the hippa release you allege you filled out."

The fact is that you do not know exactly who all your machine data goes to when it is sent out cellularly.

A more important issue, potentially, is hardware security. Or lack thereof.

> settings can also be changed through the wireless.

Exactly.

If you follow the news, you'll remember the following stories:

A techie demonstrated (for the media) how he could apply the brakes (and other functions) on another car that he was following.

At a security conference in Las Vegas there was a demonstration how an insulin pump (worn by some type 1 diabetics) could have its settings changed. Potentially lethal.

There are more examples like this. Whether something is likely is not the point. It should not be possible. That is, there is no good argument to be made to allow this to happen.

> it's easy to put the blinders on him...just switch the machine over to "airplane mode".

Be sure to do that once compliance is established.
Most of us post more information here than the DME (or the very bored hacker) can see; if we were worried about privacy we wouldn't be posting so much personal AHI info on this site. By the way, no need to hack, my AHI was 1.2 last night and I was up 2 times. (If you want to know the breakdown of the AHI you will just have to hack the machine).

_________________
Machine: ResMed AirSense™ 10 AutoSet™ CPAP Machine with HumidAir™ Heated Humidifier
Mask: Wisp Nasal CPAP Mask with Headgear - Fit Pack
Additional Comments: Also Sleepyhead, P10, F10 and Amara View

User avatar
OkyDoky
Posts: 2870
Joined: Mon Aug 25, 2014 5:18 pm

Re: Who pays for Resmed cellular connection

Post by OkyDoky » Tue Dec 01, 2015 3:25 pm

Heart Jumping wrote: I haven't read of anyone here actually having a provider do this, if there are any threads were someone has said their provider has this capability I'd like to read them.
Here is one thread discussing this. viewtopic.php?f=1&t=104255&st=0&sk=t&sd ... d+settings
ResMed Aircurve 10 VAUTO EPAP 11 IPAP 15 / P10 pillows mask / Sleepyhead Software / Back up & travel machine Respironics 760

Funkdoobiest
Posts: 33
Joined: Mon Nov 16, 2015 8:36 am
Location: Western NY

Re: Who pays for Resmed cellular connection

Post by Funkdoobiest » Tue Dec 01, 2015 3:25 pm

[quote="Pugsy"]Like I said....if it concerns a person that anyone...big brother or whomever...is watching...then turn off the transmission capability.
Even if still within the window where compliance issues might be needed..there are other ways to get the data to the DME that don't involve the cellular device.

I haven't tried mine yet, but I read another post that said when you turn airplane mode on, you get an annoying pita message every time you turn it on telling you to change it back or something. Looking through it, I don't see any way of turning it off permanently. The machine appears to always be looking for its chance to send the data.

_________________
MachineMask

User avatar
OkyDoky
Posts: 2870
Joined: Mon Aug 25, 2014 5:18 pm

Re: Who pays for Resmed cellular connection

Post by OkyDoky » Tue Dec 01, 2015 3:35 pm

Keeping the Airplane mode on only requires one extra button push. No big deal. I'm not worried about information shared as much as if a DME would change back settings that we have changed on our own.
ResMed Aircurve 10 VAUTO EPAP 11 IPAP 15 / P10 pillows mask / Sleepyhead Software / Back up & travel machine Respironics 760

xyz
Posts: 407
Joined: Fri Dec 07, 2007 1:38 pm

Re: Who pays for Resmed cellular connection

Post by xyz » Tue Dec 01, 2015 3:42 pm

> most of the media stories are laughable.

An ad hominem attack on the media is a poor argument by you.

I am no fan of the media. The examples I gave were performed by _highly technical_ people and reported accurately by the press.

> False, and the argument that because something might contain some risk is (sic) should never be possible is a logical fallacy and a misuse of the precautionary principle.

For some reason, you appear to be working hard to evade the essential issue.

I never used the words "should never be possible," you did. I said "should not be possible." Don't put words in my mouth. Again, another extreme statement by you.

>> there is no good argument to be made to allow this to happen.
> There are many good reasons and we experience them in our lives every day.
> Those need to be weighed along with the risk.

The major point, which you continue to evade, is that companies that make _many types_ of products make little or no effort to design security into their products. When security is an initial design consideration, it's easier and cheaper than having to react later to some public relations disaster that costs them business.

Heart Jumping
Posts: 276
Joined: Wed Jul 22, 2015 3:06 pm

Re: Who pays for Resmed cellular connection

Post by Heart Jumping » Tue Dec 01, 2015 3:46 pm

OkyDoky wrote:
Heart Jumping wrote: I haven't read of anyone here actually having a provider do this, if there are any threads were someone has said their provider has this capability I'd like to read them.
Here is one thread discussing this. viewtopic.php?f=1&t=104255&st=0&sk=t&sd ... d+settings
Then I take it all back, this does concern me . Less from a security hacking standpoint and more from a "what's to stop a disgruntled employee who gains access from changing peoples settings". I still stand my my statement that risk has to be balanced with reward, and there are definitely positives to this being possible, but risk is also probably higher than I thought it was.

_________________
Machine: ResMed AirSense™ 10 AutoSet™ CPAP Machine with HumidAir™ Heated Humidifier
Mask: DreamWear Nasal CPAP Mask with Headgear - Fit Pack (All Cushions Included with Medium Frame)
Additional Comments: AirFit F10 Full Face Mask is my backup mask for when congested.

User avatar
Cereal Killer
Posts: 228
Joined: Tue Jan 31, 2012 1:49 pm

Re: Who pays for Resmed cellular connection

Post by Cereal Killer » Tue Dec 01, 2015 3:57 pm

Some of you will remember more that one thread here where people reported taking the machine to the DME for compliance reporting, and found out later that the DME had changed the pressure settings.

If I get a ResMed with cellular connection, it will stay in Airplane Mode. Thanks, Pugsy!

_________________
MaskHumidifier
Image

User avatar
archangle
Posts: 9294
Joined: Sun Mar 27, 2011 11:55 am

Re: Who pays for Resmed cellular connection

Post by archangle » Tue Dec 01, 2015 4:40 pm

I'll use ResMed as an example, but the same is true for Philips Respironics.

Radio Link

The RF (Radio Frequency) data link is though the cell phone network. Sometimes, the marketers will make distinctions between "cellular" and "wireless, LTE, 4G, etc.," but the data goes through the same towers and radio network used by your cell phone. (Or whatever you call the phone that you carry around and it works pretty much anywhere you go.)

The system is two way. Most, if not all, settings can be changed by an authorized person.

Payment

In concept, ResMed pays the cell phone companies and internet company for transmitting the data. There may be a lot of things that are subcontracted out. In concept, the DME, the doctor, or the insurance pays ResMed for access to the data. Once again, there may parts of the process that are subcontracted out. Some or all of the costs may be bundled into the wholesale price of the machine. The details may vary over time.

In practice, the cost of doing this is really minimal compared to the price of the machine. However, cell phone companies are used to predatory pricing, as are many others, so there may be some "real" costs to the DME or insurance.

Weighing the Risks

Don't forget that there is a REAL benefit to you for collecting your data. It makes a lot of information available to determine if your treatment is working. Even if you have a brick machine, the times you use the machine is useful information to you and your doctor. Even if your current doctor has a brick for a brain, your next doctor may find it useful. AHI and other data is very valuable.

Realistically, other than "compliance" concerns with insurance, the risks are small.

I've written a lot more below, mostly for geeky information purposes.

Big Brother Risk

Ignore, for the moment the risk of "hackers." Consider the following possibilities:

You get denied insurance payments or coverage because your records indicate you're not following the prescribed course of therapy. Or have your driver's license suspended. These things are already happening to some extent. It could get worse as the big brother/big business/big data system grows.

You have a car accident. The scumbag lawyer subpoenas your records and claims you were at fault because you weren't doing your CPAP properly, and were driving while impaired by apnea, or simply by lack of sleep because you weren't getting enough hours of sleep the previous few days. Or some scumbag government prosecutor does the same.

A divorce lawyer gets your data and claims you must have been cheating on certain dates because there is an unexplained gap in your CPAP data on nights your wife is out of town.

You get implicated in some crime because your wireless CPAP data indicates you were in certain places at certain times. (Same thing for the divorce lawyer.) A record of when and where you sleep is a useful tool to be used against you in some cases. Requiring you to account for your sleep time and location in court is a great way to intimidate someone in court, or make inferences and innuendo.

Technical Security/Hacking Risk

There are many levels of security concerns here.

In my professional data security guy opinion, the main risk is in the central servers that run the system, your insurance company, or your DME. i.e. the risks are in the computers at the other end, not in the modem part. Most of these risks exist whether or not you have a working modem in your CPAP machine.

While, in concept, someone could hack the system and change the settings on your CPAP, or read your CPAP data, it's not likely. The main reason I say this is that it would take a lot of effort, and there's not much profit in it, and most hackers these days are professional criminals who are in it for the money.

The easy and profitable thing to do is to hack into the servers run by the manufacturer, DME, or insurance, and steal the data such as name, address, social security number, credit card, etc. Messing with your CPAP machine will make it more likely they'll be caught and will lose access to their profitable access to credit cards or identity theft data.

One trend that is happening somewhat these days is "ransomware" and blackmail hacking. Someone will hack into a system, and threaten to do damage unless paid, or damage data and require payment for information on how to undo the damage. I suspect that there's not a lot of risk for this on CPAP, but it's possible.

It's possible that someone could hack the cellphone RF link or the internet network used to transmit the data, but I doubt that is much of a risk. It's so much easier to do the hacking in the central servers.

The data between the CPAP machine is probably encrypted in some way. However, modern big business does really bad jobs at securing such data, so it's probably hackable if someone's really interested. Once again, it's probably not worth the effort to do that because the data isn't that valuable for the effort involved. There are much juicier targets available. It's sort of like counterfeiting $1 bills. It's much more profitable to do higher denomination bills.

As for directly hacking the modem, it's possible, but probably unlikely anyone will do that and monitor or hack your CPAP. Someone would have to specifically go after your type of CPAP machine, and figure out the way the data stream works. Not that hard, but it is a considerable amount of work specific to CPAP. The attacker would then have to be within Radio range. Once again, possible, but not profitable enough to be likely.

Someone like the NSA might well have a system that could use the cell modem to track down a particular CPAP machine/cell modem. Technically, they do have systems that will locate a cell phone modem. Woe is you if you bought that used CPAP machine that used to belong to some ISIS guy they're looking for. Or if someone types the wrong number into their computer system and mixes the modem numbers up. Here comes the CPAP tracking missile. This is probably not a terribly big risk, and it applies to your cell phone as well.

_________________
Mask: Swift™ FX Nasal Pillow CPAP Mask with Headgear
Humidifier: S9™ Series H5i™ Heated Humidifier with Climate Control
Additional Comments: Also SleepyHead, PRS1 Auto, Respironics Auto M series, Legacy Auto, and Legacy Plus
Please enter your equipment in your profile so we can help you.
Click here for information on the most common alternative to CPAP.
If it's midnight and a DME tells you it's dark outside, go and check for yourself.

Useful Links.

xyz
Posts: 407
Joined: Fri Dec 07, 2007 1:38 pm

Re: Who pays for Resmed cellular connection

Post by xyz » Tue Dec 01, 2015 5:45 pm

> A divorce lawyer gets your data and claims you must have been cheating on certain dates
> because there is an unexplained gap in your CPAP data on nights your wife is out of town.

Around here you read in the newspaper every once in a while how a wife's lawyer subpoenas the bridge/toll road authority for the husband's data. A transponder sits in the car's window and debits the cost of the bridge/toll road (on a prepaid account) every trip.

"What were you doing crossing the bridge every Thursday night while I'm at bowling?" Oops.

User avatar
Too tall
Posts: 297
Joined: Sat Dec 14, 2013 10:58 pm

Re: Who pays for Resmed cellular connection

Post by Too tall » Tue Dec 01, 2015 6:59 pm

It's common and it's not Resmed specific. Phillips Resperonics has it also. My son just got the setup. It is cellular by the way. I'm sure it charged back to the insurance company and ultimately you pay forit thru your premium.
System One RemStar Pro with C-Flex+ (460P)