Dana Lewis at home in Seattle. (Photographs by Chona Kasinger)

Medicine Ignored This Insulin Problem. Hackers Solved It.

“I’m just a girl living with type 1 diabetes who got tired of waiting.”

I f you’re not one of the 400 million Earthlings now living with some form of diabetes, you may have only the vaguest idea about what your pancreas — a hand-sized, wing-shaped organ between your spleen and small intestine — actually does. And you may be forgiven if you haven’t noticed the quiet revolution that’s taken place in the technology used to manage diabetes over the past 15 months. But now is the time to start paying attention. Because people with diabetes are becoming humanity’s first large population of true medical cyborgs, which means they’re blazing a trail that many of us, and more of our kids, will find ourselves on sooner or later.

In June 2017, medical device manufacturer Medtronic began selling its MiniMed 670G, the first commercial assistive device for diabetes that combines a continuous blood glucose monitor, an insulin pump, and a computerized control system in a single unit. These three core technologies have been available separately for decades, but the prospect of integrating them into a single closed-loop device that automatically manages a person’s blood-sugar levels — often called an “artificial pancreas” — had remained tantalizingly elusive.

But the fact that this and related products are now finally available on the open market may be the least interesting part of the story. What’s much more intriguing is why they took so long to arrive, and whether they might not have taken even longer if a group of tech-savvy people with diabetes hadn’t gotten fed up with waiting and started building the damn things for themselves.

Case in point: Dana Lewis, a 30-year-old Alabama native who, fresh out of college back in 2010, had just moved to Seattle to start a career in public relations.

Dead in bed

Diagnosed with type 1 diabetes at age 14, Lewis grew up managing her blood sugar the old-fashioned way — paper forms, manual syringes, and up to six finger-poke glucose tests a day. By the time she’d finished college, found a job, and moved away from home, she’d upgraded to a continuous glucose monitor (CGM) and an insulin pump — battery-powered portable machines with adhesive needles that can be left in place for dozens of hours. Still, like many people with diabetes, she was frustrated with the interfaces on these devices, which seemed decades behind contemporary consumer tech. To share data with her doctor in her regular checkups, she would use her iPhone to take photos of the glucose monitor’s screen and then hand the physician paper printouts of the snapshots.

The rig Dana Lewis uses to manage her diabetes.

The device had another, more frustrating flaw: though she could configure an alarm to sound if her glucose readings ever dropped into the danger zone, its volume couldn’t be set loud enough to reliably wake her up. People under 40 with diabetes are one-and-a-half to two times as likely to die as those without it, and a significant fraction of these “excess” deaths follow an eerie pattern in which an otherwise-healthy young adult goes to bed one night and simply does not wake up again. The pathology of this “dead in bed syndrome” has not been firmly established, but a leading hypothesis blames something called “nocturnal hypoglycemia” aggravated by “hypo unawareness” — basically, blood sugar plummets during the night, and the sleep-fogged, energy-starved brain either doesn’t notice or can’t rally the body in time to save itself.

The specter of dying in bed loomed especially large for Lewis, who is a heavy sleeper. As a teenager, she depended on her parents for regular nighttime health and safety checks, and without a reliable alarm system, this pattern had to continue into her adult life. After moving to Seattle in 2010, she started texting an all-clear message to her family back in Alabama every morning; if they didn’t receive it by a certain time, they would start making calls. That went on until mid-2013, when Lewis started dating network engineer Scott Leibrand. Living just 20 minutes away, he was a much more sensible emergency contact than her parents on the other side of the country, but she would rather have not needed to depend on someone else at all.

In January 2014, Lewis saw a tweet from John Costik, an engineer in Rochester, New York, whose four-year-old had been diagnosed with type 1 diabetes two years before. Costik, anxious about sending his son off to kindergarten, had written a custom program to stream data from the boy’s monitor to a database in the cloud. From there, Costik could stream it to the smartwatch on his own wrist and know within five minutes if there had been some kind of crisis. Lewis sent Costik a message, and she became one of many with whom he would eventually share this code.

People under 40 with diabetes are one-and-a-half to two times as likely to die as those without it.

Now that she could unlock her real-time blood sugar readings, things started moving faster. First, she programmed a Web app to track her online data stream and sound a floor-shaking alarm if the numbers ever dropped too low. With this program open on a laptop beside the bed, she could sleep soundly, and sharing the link with family and friends helped them sleep soundly too. Wary of crying wolf, she soon added a private local alert with a remote snooze function, giving herself a few minutes to wake up and take action before bothering anyone else. Also, because it’s not unheard of for people with diabetes to get confused in extremis and do exactly the wrong thing — like injecting insulin when their blood sugar is already too low — Lewis added buttons so she could report in detail just what corrective action she was taking.

Closing the loop

As these data piled up, Lewis and Leibrand realized they had everything needed to go one step further and start making guesses about what she ought to do, in advance, to stave off future highs and lows. If they could encode those predictions into an algorithm, they could free Lewis and people like her from living trapped between two devices, one to track blood sugar and one to control it, while having to dedicate a large chunk of their daily brainpower to interpreting data coming off the one and giving commands to the other. They could close the loop.

One evening, on a beach just outside Seaside, Oregon, Leibrand knelt down beside Lewis and pulled out a ring. They set the date for August 1, 2015 — almost a year later — and promised each other that by the time they’d tied the knot, they’d also have closed the loop. A bit anticlimactically, this proved not much of a challenge. Thanks to an exploit originally developed by hacker Ben West allowing certain slightly older Medtronic insulin pumps to receive external commands, Lewis and Leibrand were able to connect a Raspberry Pi, a small single-board computer running custom software, between her CGM and one of these hacked pumps, effectively closing the loop for her as of December 2014. “Once I had it turned on, tested, and working,” she wrote later, “it was hard to convince me to take it off.”

Lewis is fond of wearing this shirt for public appearances. It shows the code for her artificial pancreas.

By the time Medtronic’s MiniMed 670G finally hit the market, Lewis had already been “looping” for more than two years, using a series of ever-evolving homebrew rigs. During all that time, Lewis and Leibrand had been working hard — in collaboration with West and many others — to refine their design and publish instructions for other diabetes patients who wanted to use the open-source artificial pancreas system, known as OpenAPS. Their website at OpenAPS.org launched in February 2015, and includes instructions, reference designs, info about ongoing research, and a running count of known diabetics using DIY closed-loop systems (725 as of this writing).

All the while, they’ve had to be careful about running afoul of the law. Leibrand, Costik, and West were part of a group of CGM hackers who met with representatives of the Food and Drug Administration in late 2014. Though they have been encouraged to work inside official processes, CGM hackers seem to be outside the agency’s purview so long as they’re not selling anything, not distributing any hardware, and not giving any medical advice. Those may seem like clear guidelines, but it’s actually a bit tricky, since downloadable software that included, say, a default dosing protocol could conceivably cross the line. The looping community could argue that posting code on GitHub is free speech. For now, the FDA is exercising enforcement discretion.

Why were a bunch of hackers working in their free time able to beat the $100 billion medical device industry to the punch?

Given the dicey regulatory situation, and with commercial solutions finally available now, one might expect DIY systems like OpenAPS (and other systems like Loop and AndroidAPS) to fade from the scene. Lewis doesn’t think that’s going to happen anytime soon, if only because rolling your own can be so much cheaper. OpenAPS only works on pre-2015 insulin pumps dating from before the loophole West discovered was patched, which means US-based users who don’t already own one of these will need to buy one secondhand. (In Europe, Bluetooth-enabled devices work with AndroidAPS). That complicates efforts to pin down average costs. But users generally seem to agree that even in the worst case, all the stuff needed to build a working system should come to less than $1,000. The MiniMed 670G, on the other hand, lists for $7,250 (some of which may be covered by insurance), and is only available in the United States for now, though it’s expected to launch in the EU towards the end of 2018.

But OpenAPS is about more than equalizing access. Even if a commercial artificial pancreas someday becomes cheap, a hard core of users may continue to opt for a DIY system for the sake of transparency — because they want to understand as completely as possible how the technology their life depends on actually works, and to have as much control over it as possible. This has advantages for security- or privacy-conscious folks who don’t want to worry about what a commercial manufacturer is doing or has failed to do. Less paranoid users may still want or need a finer degree of control over settings and responses than a corporate medical device manufacturer will provide. For Lewis, after all, this whole journey started because she needed an alarm that went to 11.

Collective intelligence

Whatever its ultimate fate may be, OpenAPS has already left an enduring mark. And it has raised some important questions: Why did it take so long for this technology to reach the people who need it? Why were a bunch of hackers working in their free time able to beat the $100 billion medical device industry to the punch? Was this a fluke, unique to the case of diabetes in early 21st-century America? Or a sign of things to come?

Writing for Nature, NYU Professor Beth Simone Noveck cites OpenAPS as an instructive example of collective intelligence: the capacity of groups — including societies, companies, communities, and families — to make good decisions. In the case of the artificial pancreas, the online open-source community seems to have shown significantly greater collective intelligence than the combined conventional medical, economic, and regulatory institutions we built back in the pre-Internet era to solve these kinds of problems.

To some, this may come as a surprise; to students of the open-source software movement, on the other hand, it may seem like a total no-brainer. OpenAPS is at its heart a piece of software, after all, and maybe it shouldn’t shock anybody to discover that writing a new program has proven a faster and cheaper way to solve this problem than designing, manufacturing, and bringing to market a dedicated new device. What sets the artificial pancreas story apart from familiar geeky debates like Linux vs. Microsoft is that it approaches the absolute limit, in terms of intimacy, that our relationship with technology can achieve.

These days, Lewis wears many different hats, and can be a bit hard to categorize. Last year, Fast Company named her to its annual “100 Most Creative People In Business” list, even though OpenAPS is emphatically not a business — indeed, the suggestion that it might be could cause her considerable trouble with the FDA. Earlier in 2017, Lewis, working alongside a tenure-track clinical psychologist at Arizona State University, was awarded an almost half-million-dollar research grant from the Robert Wood Johnson Foundation to study and address the barriers that citizen scientists and innovators are facing. The grant names Lewis as principal investigator, even though she herself has no formal scientific training. This summer, she stood on a stage in Florida and presented research to a roomful of experts with PhDs or MDs at the American Diabetes Association’s 78th annual conference, even though her own most advanced degree is a BA in public relations.

“I’m not a rocket scientist or an engineer,” she said to a small conference audience in Seattle recently. “I’m not really unique. I’m just a girl living with type 1 diabetes who got tired of waiting.”

Like what you read? Give Sean Michael Ragan a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.