I am a grad student in cardiovascular research [although less active at the moment]. I also recently had a few heart palpitations, that I sought medical attention for.

This included EKG's in the hospital, wearing a holter monitor, getting a stress test, and an echocardiogram. Really neat things for an interested researcher.

I called the hospital and asked for the actual test data. I was able to get the echocardiogram video and results by paying $50 for the proprietary viewing software and data on a CD, and some of the printouts of the holter monitor.

Thinking I would like to spend a few hours of my own time examining the data in ways that the hospital can't/doesn't have time for, I asked for the raw holter monitor data.

This data should exist somewhere as two or more channels of data in some file. The hospital uses the GE MARS holter system and cardiologists that charge $600/hr. Analyzing the data myself would be cheapter and I could study different things.

The hospital admitted that this was a strange request, but attempted to comply. The first CD I got was entirely blank. After I informed them of this, I received a second CD, which had been written to - as evidenced by sight - but the CD came up as invalid in the computer [both windows and linux].

Thinking that the MARS system uses a different file system, I asked if there was another way to get the data. The hospital said that they used the only method they knew of, and if it didn't work, they couldn't help me any further. This is when they started to get annoyed thay I kept asking for my data. After saying they were doing what they usually do to make CD's, they couldn't help me anymore and suggested that I talk to GE about it.

The reason I want the data is because I would like to study the individual beats myself. Using Matlab or Octave, I could analyze beat by beat the waveform, time, peak value, and so on, giving a good baseline for future reference. During this 24 hours my heartrate went from around 40 to 180 while both awake and asleep, without any significant changes in exertion. The doctor says that a problem does exist, but is benign, and not to worry. While I can accept the "not to worry" part, I also think that it is a problem I should keep track of, and study further the presented symptoms.

The condition seems to have gotten better as of late, which means recapturing that data is pretty much impossible. [even if the condition were persistent, each 24 hour run will be unique].

The data I was given was the full 24 hours of beats on 30 pages - about 50 minutes per page, with one 6" line for each minute. The resolution of pulse rate is very poor, and the top of the PQR and T waves are cut off. Not very good for analysis. Even with a printout of every beat at 25mm/sec wouldn't really help me because it would be impossible to compare beats with thousands of sheets of paper. Having the raw data is the way to go here, and let Octave work it out.

With that as background, my problem is how do I go about getting the data. I talked to GE and they said that MARS runs on top of windows, meaning that the CD should be readable by Windows Explorer as having some data on it - but the data is probably going to be encrypted with their proprietary methods.

I can actually understand why GE uses their own storage format - both for compression and security reasons, but shouldn't there be either an "export as raw data" or "save as" functionality somewhere?

The problem with the CD is hard to explain though. I would think that the MARS operators know how to make CD's - since other hospitals should be able to get data, by why did mine not work? What I think happens is either their CD burning software is bad, CD's are incompatible, or they are doing "multisession" or something that somehow makes it unreadable in other computers. I tried to do a bit by bit read on the 2nd CD, since it showed something had been burned on it, but it came up with a "Sector 0" error, and couldn't be read or copied. Even trying rescuedd and other methods came up with cannot read device - invalid file system, and sector errors.

So, how far should I go? I really want the data, both because I want to analyze it and because if this happens again I would like to have it to compare in raw formats.

I feel the hospital is getting very annoyed with me, and my request, but in my defense, this is MY data, and I should be able to get it in a "usable" form.

With all of the current technology and information on the web, is it possible that the hospital is using this to keep "control" of the patients? I can become a "semi-pro" cardiologist by searching on the web, and could find something that might help me in the future. Could they be afraid of this?

I am a graduate student at my university and have just been written up for several offenses related to ITS matters. This is the second time - the first was for operating a church website on a server I built with some of my parts in a university computer case. That case is fully documented and concluded.

This new round of offenses comes from 2 areas: A student organization website - which is paid service of the University ACM chapter - and what I call poor ITS policies.

I would like to know what others think about the situation - especially if I am in the wrong here. I have a very long history of not liking the ITS policies - and being very vocal about their shortcomings.

For the website charge - brought about because another church website was hosted - the student organization is paying for the webspace, and I am only the email contact. Yet, because of my past charges, I was the one singled out and charged again. You can read the charges by going to www.jeffwandler.com/ndsustorych2.htm

Is it my responsibility as the email contact to patrol the content too? I was told to take down the website on Nov 22, 2006 at 3:34pm [ the start of the long thanksgiving weekend - how timely for them], and it was removed within 24 hours. However, due to my past run-in, I have again been charged "failure to comply". How long should students get to comply - especially over the long weekend when students are forced to leave campus?

The second charge stems from a very heated debate - on both sides - with a computer login. The university uses a login and password to control access to every computer. Each student can only log in to one computer at a time. However, due to what I perceive as their incompetence, the computers lock up during log in, and then the student is stuck until the login session expires - like 15 minutes. Between classes, this can be very troublesome.

Well, this happened to me, and I called the ITS help desk to have them reset the login.

I was asked for my student ID and name, both of which I provided. Then I was asked for the last 4 of my Social Security Number. I refuse to give that to anyone - so I refused this time also. I am not sure why the ITS help desk [staffed by students] even has that information. Because I refused to give that, the student asked for more information - my address, and my birthdate. I didn't give the birthdate either, because that can also be used for identity theft.

I finally got fed up, said I would come over and smack the guy, he responded by telling me to come on over. He did provide the IP address of the computer, but also said "we don't know where that computer is". I am now charged with making threats [to smack him], using profanity [which I have never done to anyone - in person or on the phone] and disorderly conduct. His statement, however, specifically lists where the computer I was logged onto was.

The question here is, does anyone else know of any computer security policies that use SSN as a security field? Why?

When not in school I also work for a large computer company, and when I call their national ITS help line, all I have to provide is my name and ID number. Isn't that why schools use ID numbers?

Is it safe to give every student's information to student workers making $6.50/hr and with minimal oversight?

Does anyone have any experience with this? Any suggestions of what my next step should be?