12-10-2018 12:10:24 PM -0800
12-10-2018 11:31:54 AM -0800
12-10-2018 09:21:45 AM -0800
12-10-2018 06:32:53 AM -0800
12-09-2018 07:26:58 PM -0800
It looks like you've previously blocked notifications. If you'd like to receive them, please update your browser permissions.
Desktop Notifications are  | 
Get instant alerts on your desktop.
Turn on desktop notifications?
Remind me later.
PJ Media encourages you to read our updated PRIVACY POLICY and COOKIE POLICY.
X


Stretch, grab a late afternoon cup of caffeine and get caught up on the most important news of the day with our Coffee Break newsletter. These are the stories that will fill you in on the world that's spinning outside of your office window - at the moment that you get a chance to take a breath.
Sign up now to save time and stay informed!

Is Your CPAP Machine Spying on You While You Sleep?

Tony Schmidt is a 59-year-old technology worker from Texas who suffers from sleep apnea, a fairly common medical condition that can interrupt breathing while sleeping. The solution is to use a continuous positive airway pressure (CPAP) machine.

But he discovered something unusual about his CPAC: It was spying on him without his knowledge. The device tracked him when he used it and sent the information not just to his doctor, but to the maker of the machine, to the medical supply company that provided it, and to his health insurer!

After Schmidt registered his new CPAP unit with ResMed, the San Diego-based manufacturer, and opted out of signing up to receive continuing information, he received an email from ResMed congratulating him for using the device for the first time: "Congratulations! You've earned yourself a badge!"

Schmidt next heard from the distributor, Medigy, the company that rented the machine to him, saying that his "machine is doing a great job keeping your airway open," along with a detailed report on his usage.

When Schmidt looked into this, he learned that his health information was being sent not only to ResMed and Medigy, but also to his insurer, Blue Cross Blue Shield. It seemed everyone had some interest in his personal health information. He suddenly learned, without any clear disclosure, that three companies were capturing his health data, not knowing if the data was even encrypted and not knowing what it was being used for.

Blue Cross Blue Shield responded by explaining that it's standard practice for insurers to monitor sleep apnea patients so they can deny payment if the machines aren’t being used properly. And according to privacy experts, sharing a patient’s data with insurance companies is allowed under existing federal privacy laws.

ResMed said once patients provide consent, the company has the right to share the data it gathers with the patients' doctors, insurers, and supply companies. But, like most contracts online, the approvals are buried in multi-page contracts rather than requiring the user to opt in with very clear language. ResMed is the leading device maker of an ailment afflicting about 22 million Americans and is currently monitoring the CPAP use of many millions of patients.

Schmidt returned his new ResMed CPAP machine and went back to using an older model that doesn’t connect to the Internet and uses a memory card to record the data that he can share directly with his doctor.

Between 2001 and 2009, Medicare payments for sleep-related ailments quadrupled to $235 million, leading to more prescriptions for a CPAP. Under Medicare rules, patients need to use the CPAP for four hours a night for a minimum of 70 percent of the nights in any 30-day period within three months of getting the device. Medicare requires that the patients’ doctors confirm the adherence and effectiveness of the therapy.