Tidepool's Comment

Here's an excerpt:

1. Tidepool strongly believes that all people living with diabetes are authorized users of their own devices. Tidepool encourages the Agency to make it clear in the guidance that individual patients / users of medical devices are considered authorized users, and that device manufacturers should enable secure, authorized access to such devices.
2. Conversely, device manufacturers should NOT use cybersecurity mitigations as a mechanism to prevent patients / users (“authorized users” as described above) from accessing therapy data from their own devices, or from controlling their own devices.
3. Cybersecurity best practices should protect users, not restrict them. Following best practices for cybersecurity does not need to imply blocking patient users from accessing their own data or controlling their own devices. Tidepool asserts there is a risk that the FDA guidance will be interpreted or misinterpreted to suggest restriction of access by the patient user is appropriate or encouraged. The FDA can mitigate this risk by clearly stating a patient user’s access to and use of their own device can be considered authorized access, and should not be considered a cybersecurity threat.

Sample Comments

You can borrow language from any of the comments posted on the FDA site or use parts of either of the samples below in order to communicate your concerns.

Sample Comment #1

"I live with insulin-requiring diabetes, an incurable chronic disease requiring continuous monitoring of blood glucose values and administration of insulin. It is imperative that access to my own devices remains possible. The ability to receive glucose values from my continuous glucose monitor and the ability to command my insulin pump to deliver insulin are already permitted and expected of me. In fact, if I don't do these, I will die. So please do not let medical device manufacturers use cybersecurity as a pretense to prevent me from accessing my own devices."“When you put your name (or even if you post anonymously) consider including ‘pwd’ or ‘t1d’ or however you identify yourself as someone with diabetes, i.e. ‘Sally Smith, T1D’ so that they know our community has a voice”

Sample Comment #2

"I am the parent of an elementary school student with Type 1 Diabetes. We passed our 5 year mark last spring. It is critical that we be allowed access to our own diabetes data. My son is slowly beginning to learn to manage this brutal disease. Without real time access, T1D would take him out of the classroom and away from his activities, severely disrupting his learning and ostracizing him from his classmates. By having REAL TIME access to his cgm and insulin pump data, he can stay in the classroom and I can make sure he is delivering the correct amount of insulin without having to disrupt him, his teacher or the school nurse. This access provides MUCH SAFER care to children with T1D learning to do things on their own. This level of supervision is not possible with most pumps today. The threat of cyberattacks to insulin pumps is so so minuscule compared to the likelihood of an incorrect bolus. My son successfully managed his own diabetes (with my help) through swim practices, sleep overs, field trips and even the State Swim championships!  None of this will be possible if you take away access to our own CGM data. The burden and danger of diabetes will INCREASE for our kids. Please don’t cut off our access.”