DIY Diabetics and FDA Policy

This past week, I had the opportunity to brief policy analysts from the FDA on the growing Do-It-Yourself (DIY) trend in the global diabetes community. The DIY movement combines the functionality of a smart device, an insulin pump, a continuous glucose monitor (CGM), and specialized open-source software and hardware allowing users to hack their systems and deliver a customized insulin therapy to treat their diabetes. My presentation focused on the research my staff and I have been conducting with these open-source software packages and the security vulnerabilities we have discovered.

My interest in this research stems from my academic and professional career in medical device security, as well as the fact that I am T2D insulin-resistant. I appreciate the perspective of the diabetes community and understand that their motivation in modifying these insulin delivery systems is based entirely on their desire to improve diabetes management, whether for themselves or the dependents they care for. However, as a medical security professional, I find the vulnerabilities in these DIY solutions and the fact that they have bypassed the regulatory security review process to pose a potential risk to patient safety.

Still, FDA policy must always take into account the medical needs and voices of the user community and balance that against the risks and regulatory purview of the agency. I was encouraged to find that while my audience shared my concern over the potential security risks being introduced through the DIY movement, they likewise shared my respect for the motivations of the DIY diabetics community and the importance of identifying the policies that would best accommodate the movement.

Harbor Labs has been asked to return to meet with additional policy staff, and I look forward to continuing this dialogue and helping to craft sound and responsible policies that serve the interests of all parties.