Understanding the Value of Sharing OpenAPS Data

OpenAPS-driven systems generate a continuous stream of high-resolution data that can transform how healthcare professionals (HCPs) assess and adjust diabetes therapy. Unlike traditional finger‑stick logs or periodic CGM downloads, OpenAPS datasets include minute‑by‑minute glucose readings, insulin dosing events, carb ratios, sensitivity factors, and system alerts. When shared safely, this granular information enables HCPs to identify patterns in glycemic variability, evaluate the effectiveness of automated insulin delivery, and make evidence‑based recommendations for pump settings or lifestyle adjustments. However, sharing such sensitive data requires a deliberate approach to privacy, security, and clinical relevance. The ability to view trends across weeks or months—rather than isolated clinic visits—gives HCPs a dynamic picture of how the system responds to real‑world challenges like exercise, illness, or dietary changes. This level of insight can lead to more personalized therapy adjustments and improved outcomes. Yet without proper safeguards, the same data that empowers your care could expose you to privacy risks. The goal is to strike a balance between openness and protection, ensuring that your healthcare team sees exactly what they need—and nothing more.

The Privacy Landscape: HIPAA, GDPR, and Beyond

Health information sharing in the United States is governed by the Health Insurance Portability and Accountability Act (HIPAA), which sets standards for protecting protected health information (PHI). While OpenAPS data generated by an individual’s own device is not automatically covered by HIPAA unless it is transmitted to a covered entity (e.g., a physician’s office, hospital, or insurance company), the moment you share your data with a healthcare provider, that data becomes subject to HIPAA protections. Review the official HIPAA Privacy Rule to understand your rights. Even outside clinical settings, adopting a HIPAA‑compliant mindset when choosing sharing tools reduces the risk of unauthorized access, identity theft, or discrimination.

If you reside outside the United States, additional regulations may apply. The European Union's General Data Protection Regulation (GDPR) treats health data as a special category requiring explicit consent and robust safeguards. Under GDPR, you have the right to access, rectify, and erase your data, and you must be informed about how it will be processed. Canadian provinces have their own health privacy laws, such as PIPEDA and provincial equivalents. Australian users fall under the Privacy Act 1988 and the Notifiable Data Breaches scheme. Always check local requirements before sharing data with an HCP across borders. Even if your clinic is in a different jurisdiction, the laws of your country of residence may still apply. When in doubt, ask your provider’s privacy officer for guidance on compliant sharing channels.

Common Privacy Threats When Sharing DIY System Data

  • Unencrypted Email: Standard email travels as plaintext across multiple servers. Any interception exposes your glucose readings, insulin doses, and personal identifiers. Even if the email arrives safely, copies may linger on intermediate servers for years.
  • Cloud Storage Without Access Controls: Uploading files to free cloud services that lack end‑to‑end encryption or granular sharing permissions can inadvertently expose your data to third parties. Services like Google Drive or Dropbox are not HIPAA‑compliant by default unless you purchase a business plan with a business associate agreement (BAA).
  • Text Messaging: SMS and many messaging apps are not encrypted end‑to‑end. Screenshots of your OpenAPS dashboard sent via text can be forwarded or stored on insecure devices. Even WhatsApp and iMessage, which are encrypted, may back up chat logs to cloud services without encryption if not configured properly.
  • Physical Media Loss: USB drives and printed reports can be lost or stolen. If they contain identifiable information, the consequences may be serious. Always encrypt USB drives or use password‑protected PDFs when printing is unavoidable.
  • Unverified Third‑Party Apps: Some mobile or web apps that claim to “analyze” OpenAPS data may upload your information to unknown servers. Only use reputable, open‑source tools with a clear privacy policy.

Preparing Your OpenAPS Data for Clinically Useful Sharing

Raw OpenAPS exports often contain dozens of columns—glucose sensor values, insulin on board (IOB), carb absorption rates, temp basal rates, and loop decision logs. HCPs do not need every field; they need a curated view that highlights actionable trends. Preparation steps include:

Step 1: Export in a Compatible Format

Export your data from your OpenAPS rig or compatible reporting tool (e.g., Nightscout, Tidepool, xDrip) in CSV, PDF, or structured JSON. OpenAPS official documentation provides export scripts that produce standardized CSV files. If your HCP prefers PDFs, use a report generator that summarizes daily profiles, time‑in‑range, and hypoglycemia events. Tools like Nightscout Reporter or the “Report” feature in xDrip can generate comprehensive PDFs with customizable date ranges. For Tidepool users, the “Print Report” button creates a clinical‑friendly document that fits on standard letterhead.

Step 2: Anonymize When Appropriate

If your goal is general research or sharing with a diabetes educator who does not need your full name and date of birth, remove direct identifiers (name, address, phone number, email, medical record number) from the dataset. Retain only non‑identifying clinical data such as glucose values, timestamps, and insulin doses. For clinical visits, however, your HCP will need your identity to tie the data to your medical history. In that case, include only the minimum identifiers required—typically your name and date of birth. You can use a simple script to strip columns from CSV files, or use the “Remove PII” feature in some reporting tools.

Step 3: Filter and Summarize

Trim the data to a meaningful window—typically the past 30 to 90 days. Include key metrics: average glucose, standard deviation, time in range (70–180 mg/dL), time below 70 mg/dL, number of hypoglycemic episodes, daily total insulin, and the percentage of time the loop was in closed‑loop mode. A simple summary table at the top of your document helps the HCP quickly grasp your overall status before diving into raw logs. Consider adding a column for “loop mode” (open vs. closed) so the HCP can see when the system was operating autonomously versus when you were managing manually. Also include the sensor model and pump type for context.

Step 4: Validate Accuracy

Check for sensor gaps, pump occlusion events, or manual entries that may appear as erroneous spikes. Annotate unusual events (e.g., “Sensor changed at 14:00 causing 30‑minute dropout”) so the HCP does not misinterpret artifacts as physiological changes. Use the annotation feature in Nightscout (notes with time stamps) or add a separate “Comments” column in your CSV. If you see a period of unexplained high glucose, note whether you had a sensor calibration error or a temporary pump site failure. This context transforms raw data into a reliable clinical narrative.

Step 5: Choose the Right Time Granularity

For daily pattern analysis, 5‑minute resolution is ideal. For long‑term trend reviews, hourly averages may be sufficient. Ask your HCP which granularity they prefer. Some EHRs struggle to import high‑frequency CSV files (thousands of rows per day), so a daily summary may be more practical. When in doubt, provide both: a high‑resolution file for their analysis and a summary table for quick reference.

Secure Sharing Methods: Technical Deep Dive

Choosing the right channel depends on your HCP’s technical capability and your own security requirements. Below are options ranked by security level and practical ease.

1. Encrypted Email with Attachments

If your provider supports encrypted email (e.g., Microsoft 365 Message Encryption, ProtonMail, or Virtru), you can upload your prepared PDF or CSV and send it with a password‑protected attachment. Always share the password via a separate channel (phone call or voice message). Microsoft’s guide to encrypted email explains how to enable this in Outlook. For ProtonMail, encryption is automatic end‑to‑end between ProtonMail users; when sending to non‑ProtonMail addresses, you can set a password that the recipient must enter to decrypt the message. Note that encrypted email only protects the message in transit—once delivered, the recipient’s email provider may store it unencrypted. Ensure your HCP’s email system also secures stored data.

2. Secure Patient Portal

Most modern electronic health record (EHR) systems, such as Epic MyChart or Cerner HealtheLife, include secure patient portals with built‑in encryption for file uploads and messaging. This is often the most HIPAA‑compliant option because the data stays within the provider’s ecosystem. Check with your clinic to see if they accept file uploads from DIY systems. Some portals allow you to send a secure message with a PDF attachment that is automatically encrypted. Be aware of file size limits (often 5–25 MB) and supported formats (PDF, JPEG, PNG). If your CSV is too large, compress it into a ZIP file (still encrypted) or convert it to a PDF. Portal messages are typically retained in the medical record, so consider deleting the message after the HCP reviews it if you prefer not to have a permanent copy.

Services like Tresorit, Sync.com, or Box (with encryption enabled) allow you to upload your file and generate a shareable link that expires after a set time and requires a password. Ensure the service offers at least 256‑bit AES encryption in transit and at rest. Do not use services that lack client‑side encryption unless you are comfortable with the provider having access to your data. For example, Tresorit encrypts data on your device before uploading, so even Tresorit employees cannot read your files. Set the link to expire within 24–48 hours after your appointment, and revoke access immediately after the HCP confirms receipt. Share the link and password via separate channels (e.g., email the link, send the password by text or phone call).

4. Direct Device-to‑Provider Integration

Some providers now have the ability to pull data directly from cloud‑based OpenAPS reporting platforms like Nightscout or Tidepool. You can grant your HCP a view‑only access token that limits what they can see and when it expires. This avoids file transfers altogether. Review Tidepool’s clinician portal for details on secure API access. For Nightscout, you can create a “Consultant” role that hides the care portal widgets and only shows glucose and event data—no chat logs or profile settings. Use a temporary token that expires after the visit date. Some clinics can also integrate with the Tidepool Loop or xDrip+ APIs. This method is arguably the safest because no file is ever transmitted; the HCP views data directly on a secure platform with role‑based access controls. However, it requires your HCP to set up an account and agree to the platform’s terms.

5. Encrypted Messaging Apps

Apps like Signal or WhatsApp (with end‑to‑end encryption enabled) can be used for sharing screenshots or short summaries, but they are not designed for large file transfers. If your HCP is comfortable with secure messaging, you can send a password‑protected PDF via Signal (files up to 100 MB) with the password sent separately in the same encrypted channel. However, screen recordings or screenshots may inadvertently include personal data from other apps. Reserve this method for brief, one‑time exchanges and avoid including full names or dates of birth in the file name.

Best Practices for the Entire Sharing Lifecycle

  • Verify Recipient Identity: Before sending sensitive data, confirm your provider’s correct email address or portal login. A simple mis‑typo can result in your data landing in an unknown inbox. Call the clinic to verify the correct address or portal URL. Be wary of phishing attempts—never click a link from an unsolicited email claiming to be your clinic’s portal.
  • Use Strong, Unique Passwords: Every secure file should be protected with a password that is at least 12 characters long, combining upper and lower case letters, numbers, and symbols. Store passwords in a password manager, not in the same email thread. Never reuse passwords between different files or services.
  • Enable Two‑Factor Authentication (2FA): Turn on 2FA for any cloud storage, email, or portal account that holds your health data. This adds an additional layer of protection if your password is compromised. Use an authenticator app (like Authy or Google Authenticator) rather than SMS-based 2FA, which is vulnerable to SIM swaps.
  • Keep Software Updated: Ensure your operating system, browser, and security tools are current. Outdated software may contain vulnerabilities that can be exploited by malicious actors. Enable automatic updates for your device and any apps used for data export or sharing.
  • Set Expiration and Revocation Policies: When using shareable links or access tokens, set an expiration date (e.g., 30 days) and revoke access immediately after the appointment is completed. Regular audits of who can access your stored data prevent lingering exposure. For Nightscout tokens, use the “expire” field when creating the token and delete it after the HCP has reviewed the data.
  • Maintain a Data Inventory: Keep a simple log of what data you shared, with whom, and through which method. This helps you track your digital footprint and respond quickly if a breach occurs. Include the date shared, the file name, the recipient, the expiration date (if any), and the date access was revoked. Store this log in a secure location (e.g., encrypted notes app).
  • Educate Your HCP: Even if you follow all security best practices, your HCP’s office may inadvertently mishandle the data (e.g., printing it and leaving it on a desk). Ask your provider how they store and dispose of patient‑submitted data. If they are unsure, offer to provide guidance on shredding printed copies and deleting digital files after review. A simple conversation can prevent unintended exposure.

Sharing OpenAPS data sits at the intersection of patient autonomy, open‑source advocacy, and clinical responsibility. Legally, you are the owner of your data, and you have the right to share it with whomever you choose—but once shared, the recipient assumes certain obligations. In the United States, HIPAA obligations fall on the healthcare provider, not on you. However, if you share data through an insecure channel that leads to a breach, the liability is murky. Some states have specific laws about the disclosure of health information, and a few have laws that explicitly protect DIY diabetes data from discrimination by insurers or employers. Check your local laws for additional protections.

Ethically, be transparent with your HCP about the source of the data. OpenAPS is an open‑source system that has not been approved by the FDA or equivalent regulatory bodies. Some providers may be uncomfortable acting on data from an unregulated system. Acknowledge that the data is accurate to the best of your knowledge, but note that it comes from a DIY system. You may also want to clarify that the data is for retrospective review, not for real‑time clinical decision‑making unless you have explicitly set up a secure remote monitoring stream. This honesty builds trust and helps the HCP make informed recommendations without assuming liability.

Communicating Effectively with Healthcare Professionals About DIY Systems

OpenAPS is not a medically approved device; it is an open‑source, patient‑driven solution. Many HCPs are unfamiliar with its algorithms, reporting formats, or legal implications. To ensure productive dialogue:

  • Bring a one‑page overview explaining the system’s purpose, components (e.g., insulin pump, CGM, Raspberry Pi running the loop), and the source of the data. Include a diagram or screenshot of your dashboard to help them visualize the information flow.
  • Emphasize that you are sharing retrospective data—not real‑time remote monitoring—unless you have specifically set up a secure stream for that purpose. This distinction is important for liability and for the HCP’s comfort level.
  • Ask your HCP what specific metrics would be most helpful for their decision‑making. Some may want raw CSV files for statistical analysis; others prefer graphical PDF reports. Tailor your preparation to their preferred format.
  • Be transparent about any manual overrides, sensor issues, or periods when the loop was disabled. This builds trust and prevents misinterpretation. If you temporarily went into open‑loop mode due to an illness or travel, explain why.
  • Offer to provide a “key” to your data: a set of definitions for the terms you use (e.g., IOB, ISF, temp basal rate). Many HCPs are not familiar with DIY system jargon. A simple glossary goes a long way toward productive collaboration.
  • Suggest a follow‑up appointment to review the data together. This allows the HCP to ask questions and you to explain the context behind unusual patterns. In‑person or video visits are often more effective than email exchanges for complex data review.

"The reality is that HCPs want to help, but they need reliable, digestible data. If we can reduce the noise and highlight the signal, we empower them to make better recommendations." – Dr. Sarah K., endocrinologist and diabetes technology advocate.

Overcoming Common Challenges

Challenge: HCPs who refuse to review DIY data

Some providers may be hesitant due to liability concerns or lack of familiarity. Offer to provide a printed summary, or ask if they can refer you to a colleague with interest in diabetes technology. Some clinics have designated “technology champions” who handle these cases. You can also prepare a letter from your diabetes educator or a peer‑reviewed article validating the use of OpenAPS. If your HCP still refuses, consider seeking a second opinion from a provider listed in the #OpenAPS community’s provider directory or on websites like Tidepool’s “Find a Clinician” map.

Challenge: Data format incompatibility

If your HCP’s EHR cannot import CSV files, convert your data to PDF or a printable report. Alternatively, manually transcribe the key metrics into the clinic’s standard form (e.g., “daily insulin total, average glucose, time in range”). The latter method is more time‑consuming but ensures the data enters the medical record. For PDFs, use a tool like Nightscout Reporter that generates a clinical‑ready document with your name, date of birth, and summary stats. If the HCP prefers to view data in their own system, ask if they accept data via a secure fax (which is still common but less secure than encrypted email). Always encrypt the fax cover sheet or use a password‑protected PDF even for fax transmissions.

Challenge: Accidental over‑sharing

Be careful when sharing a full Nightscout URL. The default page may include a chat log, profile settings, or personal notes. Create a dedicated “share‑safe” view using Nightscout’s role‑based access control, or take screenshots of specific graphs instead of sharing the live site. In Nightscout, you can create a custom role that hides the “chat” widget and limits access to the glucose graph and events. Similarly, in Tidepool, only share the specific “Share” link that you generate, not your login credentials. If you use screenshots, blur out any identifiable information (name, location, pump serial number) using photo editing software before sending.

Challenge: Large file sizes

High-resolution OpenAPS data over 90 days can result in CSV files exceeding 50 MB. Many secure sharing methods have file size limits. To reduce file size, compress the CSV using ZIP (with password protection) or reduce the granularity to 15‑minute averages. You can also split the data into monthly files and share them in separate secure messages. If the HCP needs the full dataset, consider using a cloud storage link with an expiration date instead of email attachment.

Looking Ahead: Privacy in the Era of DIY Diabetes Tech

As more people adopt open‑source automated insulin delivery, the need for standardised, privacy‑preserving data exchange grows. Initiatives like the American Diabetes Association’s Standards of Care increasingly acknowledge the value of continuous glucose monitoring and automated insulin data. In the future, we may see interoperable APIs that allow DIY systems to securely connect with electronic health records under patient‑controlled consent. Projects like the Open mHealth initiative and the HL7 FHIR standard are laying the groundwork for such integrations. Some EHR vendors, such as Epic, already offer patient‑facing apps that can import data from Apple Health or Google Fit—though DIY loop data is not yet natively supported. The Tidepool team has been working with the FDA on a “Tidepool Loop” version that would be commercially available, which would simplify regulatory and privacy concerns for HCPs. Until then, adopting the practices outlined in this guide—data curation, encryption, access expiration, and transparent communication—will keep your OpenAPS data both safe and clinically potent. As the community grows, so will the tools and norms around safe data sharing. Staying informed through forums like the #OpenAPS Slack and the Looping Facebook group can help you keep pace with best practices as they evolve.

Final Checklist for Safe Sharing

  1. Export data for the relevant period (30–90 days).
  2. Remove or anonymize identifiable information if not clinically required.
  3. Summarize key metrics in a clear header (e.g., average glucose, TIR, hypoglycemia rate).
  4. Annotate any sensor gaps, calibrations, or manual overrides.
  5. Convert to a format accepted by your HCP (CSV, PDF, or portal upload).
  6. Encrypt the file or use a secure portal with end‑to‑end protection (password, expiring link).
  7. Share the password via a separate communication channel (phone call, encrypted message).
  8. Confirm receipt and revoke access after the appointment (delete shared links, expire tokens).
  9. Document what was shared, with whom, and when (keep a log in a secure location).
  10. Follow up with your HCP to discuss findings and confirm secure disposal of your data.

By following these steps, you confidently collaborate with your healthcare team while retaining control over your most sensitive health information. Your OpenAPS system is a powerful tool; sharing its data safely makes it even more valuable. The investment of time in preparation and secure delivery pays off in more informed clinical decisions, stronger trust, and peace of mind. As the landscape of DIY diabetes technology evolves, staying proactive about data security ensures you can continue to benefit from open‑source innovation without compromising your privacy.