Hosted Nightscout service

[tsirkin]

I was thinking of creating a hosted Nightscout service. This will help any non technical guys out there to install/maintain one. Maybe it can bring any other benefit to the community? I am yet to know. Naturally, any code will be open sourced and naturally there will be some expenses (you know maintain the severs etc.., I wish it would all be free, I am not trying to make big $$$ here) Now, I understand that this is a community OS project and as a developer myself I would like to have your opinion first. (And if you have the patience to fill a survey then here it is: https://docs.google.com/forms/d/e/1FAIpQLSe-AyFn1Ukfv7GtUVpTjXkYM6mnK_ci085UMdrvZHtUZ2tk0Q/viewform) Thank you.

[sulkaharo]

I would recommend you think through things like liabilities, maintenance and support (especially during outages) if you choose to do this. I’d assume basic setup of a service is not very hard, but it’s just a tip of the iceberg in terms of the effort needed to run a service. Additionally, if you become a service provider, note the service is covered by GDPR, MDR and other regulation. I’m not saying this is a bad idea, but just so you know, this is complicated.

[tsirkin]

Thank you for the feedback @sulkaharo I assume MDR and other legal stuff applies for the non profit too. This is certainly discouraging. But does those apply to hosting service? @tremor I guess more services like this exists the better.

[sulkaharo]

Yup the relevant legislation in EU only cares about bringing a product to market / providing services and doesn’t care about the pricing.

[bewest]

Howdy all! @tsirkin, @tremor, I've long been interested in protecting and preserving Nightscout's ecosystem. In fact, I started discussions with FDA who indicated they would like to see a quality system and support documentation. I do believe the regulations can be satisfied, but it may require substantial amount of cooperation on the part of community to decide to participate with regulators. I suspect some of Tidepool's system can be adapted to deal with modern CI/CD development that happens with this project.

[tsirkin]

Can you elaborate a little more on the QA & Documentation need? What level of both is needed for the approval?

As I see it, one concern might be the vendor support i.e. you have to be "certified" by a vendor. While this is something that Tidepool are trying to do, this will be none trivial for Nightscout.

[bewest]

If we're talking about FDA, we would need to document how we use github, travis, testing (our quality system) and explain how the JWT feature satisfies the following requirements. Before Tidepool published their final system I made a feeble attempt.

https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?fr=862.1350

(a) Identification. A continuous glucose monitor secondary display is identified as a device intended to be used for passive real-time monitoring of continuous glucose monitoring data. It must not be capable of serving as a stand-alone primary display device. The primary display device, which is not a part of the continuous glucose monitor secondary display, directly receives the glucose data (for example, it communicates directly with transmitter) from the continuous glucose meter, which is not a part of the continuous glucose monitor secondary display, and is the primary means of viewing the continuous glucose monitor data and alerting the patient to a low or high glucose value. A continuous glucose monitor secondary display can be used by caregivers of people with diabetes to monitor a person's continuous glucose monitoring data. A device is not a continuous glucose monitor secondary display if the data from the primary display device is modified (for example, predicting future glucose values) or the patient can use the secondary display in lieu of a primary display device (for example, the primary display device is blinded or the primary display does not have to be near the person wearing the sensor and transmitter).

(b) Classification. Class II (special controls). The special controls for this device are:

(1) Devices being marketed must include appropriate measures to protect against unauthorized access to data and unauthorized modification of data.

(2) The labeling must prominently and conspicuously display a warning that states "Dosing decisions should not be made based on this device. The user should follow instructions on the continuous glucose monitoring system."

(3) The labeling for the device must include a statement that reads "This device is not intended to replace self-monitoring practices as advised by a physician."

[bewest]

I'm hosting https://t1pal.com/ which offers Nightscout as a service, closing for now.