Webinar: From Paper to eIFU: Preparing for the Next Global Step in Medical Device Compliance
Connected Medical Devices: The Complete Manufacturer's Guide
Connected medical devices — devices that transmit data to other systems, networks, or the internet — are reshaping healthcare delivery. From wearable cardiac monitors to connected insulin pumps to remote-capable surgical tools, connectivity enables clinical workflows that were impossible with standalone devices. For manufacturers, the shift to connected devices also introduces new engineering challenges, regulatory requirements, and business model opportunities.
This guide covers everything a medical device manufacturer needs to understand about building, certifying, and scaling a connected medical device.
What Is a Connected Medical Device?
A connected medical device is any medical device that communicates data to or from another device, network, gateway, or cloud platform. The connection may be wired or wireless, continuous or intermittent, local or remote. Examples include:
Continuous glucose monitors (CGMs) — transmit readings via BLE to a smartphone or dedicated receiver
Implantable cardiac devices — transmit telemetry data via proprietary RF to an in-home gateway that forwards it to a clinical server
Hospital infusion pumps — connected to the hospital Wi-Fi network for drug library updates and dose tracking
Remote blood pressure cuffs — transmit readings via Wi-Fi or cellular to an RPM platform
Smart inhalers — log usage events and transmit them to a patient app for adherence tracking
Connectivity Options for Medical Devices
Bluetooth Low Energy (BLE)
BLE is the dominant short-range wireless protocol for consumer and clinical wearables. It offers low power consumption, strong smartphone support, and a mature ecosystem of chips and development tools. BLE is well suited for devices that pair to a smartphone or dedicated reader, which then handles the longer-range internet connection. Limitations include a range of approximately 10 meters and the requirement for a paired intermediary device to reach the cloud.
Wi-Fi
Wi-Fi enables direct internet connectivity without an intermediary device, making it suitable for larger devices that operate in a fixed location such as hospital equipment, home diagnostic devices, and bedside monitors. Wi-Fi consumes significantly more power than BLE, making it less suitable for battery-powered wearables.
Cellular (LTE-M and NB-IoT)
Cellular connectivity allows devices to connect directly to the internet from any location with carrier coverage, without relying on a paired smartphone or local Wi-Fi network. LTE-M and NB-IoT are low-power wide-area network (LPWAN) standards optimized for IoT devices, offering better battery life than standard LTE. Cellular is well suited for emergency response devices, remote area deployments, and devices worn by patients with limited technical literacy.
Proprietary RF
Implantable devices often use proprietary RF protocols operating in the MICS band (402-405 MHz) for transcutaneous communication with external programmers or monitoring equipment. These protocols prioritize reliability and low power over interoperability.
Data Architecture for Connected Medical Devices
Device identity and authentication
Each device must have a unique identity that is verified before any data is accepted by the cloud backend. Hardware-rooted device identity, using certificates stored in a secure element or TPM, provides the strongest assurance. Software-only credentials are more vulnerable to extraction and impersonation.
Data models and standards
Defining a clear data model early in the design process prevents costly rework later. HL7 FHIR is increasingly used as the standard data format for health data, facilitating interoperability with EHR systems. For device-side data, manufacturers often use lightweight JSON or binary formats that are translated to FHIR at the cloud ingestion layer.
Edge processing
In some architectures, a portion of data processing occurs on the device or a local gateway before data is sent to the cloud. Edge processing can reduce latency, lower data transmission costs, and provide a degree of functionality when cloud connectivity is unavailable. However, it adds complexity to the software architecture and must be managed carefully from a regulatory perspective.
Regulatory Requirements for Connected Medical Devices
Connected medical devices face regulatory requirements that go beyond those for standalone devices. Key areas include:
Software as a Medical Device (SaMD)
If the software running on or connected to your device performs a medical function independently of the hardware, it may be classified as SaMD and subject to independent regulatory review. Manufacturers should evaluate SaMD classification early and design their software architecture accordingly.
Cybersecurity
The FDA requires manufacturers to address cybersecurity throughout the device lifecycle, including in premarket submissions. See our guide on medical device cybersecurity for a full overview of requirements and best practices.
Post-market surveillance
Connected devices generate data that enables real-world performance monitoring at a scale that was not previously possible. Regulators increasingly expect manufacturers to use this data for proactive post-market surveillance, identifying safety signals before they become reportable adverse events.
The Business Case for Connectivity
Beyond regulatory compliance, connectivity creates tangible business value for device manufacturers:
Recurring revenue — connected devices enable subscription-based service models that increase customer lifetime value
Faster product iteration — OTA firmware updates allow manufacturers to improve products after shipment
Clinical evidence generation — real-world data from connected devices supports label expansions and differentiated clinical claims
Customer retention — connectivity creates switching costs and ongoing engagement with the patient and provider
Related Resources
Explore related topics to deepen your understanding of medical device connectivity and compliance:
Medical Device Cybersecurity: A Complete Guide
How to Connect a Medical Device to the Cloud
Cloud-Based Medical Devices: Architecture and Compliance
Remote Patient Monitoring Platform
Why medical device manufacturers choose Matrix Connect
Building cloud connectivity from scratch for a medical device is a multi-year, multi-million dollar undertaking. Industry research shows that the total cost of building and maintaining a compliant medical device connectivity platform ranges from $250,000 to over $2,000,000, depending on the complexity of the device and the regulatory markets targeted. Matrix Connect eliminates that investment by providing a production-ready, pre-certified platform that your engineering team can integrate in weeks, not years.
Reduce time to market
Every month spent building cloud infrastructure is a month your device is not generating revenue. Matrix Connect gives you a fully operational connectivity layer on day one, with pre-built device APIs, data ingestion pipelines, and a secure patient data model. Teams that previously spent 12 to 18 months on connectivity infrastructure have reduced that phase to 4 to 12 weeks with Matrix Connect.
Reduce setup costs
A from-scratch build requires hiring cloud architects, security engineers, compliance specialists, and DevOps talent simultaneously. With Matrix Connect, those costs collapse to a predictable subscription. There is no need to staff a dedicated team to manage infrastructure, obtain your own HIPAA Business Associate Agreements, pursue HITRUST certification, or maintain IEC 62304 documentation independently.
Reduce run-rate costs
The ongoing cost of maintaining a homegrown platform grows every year: security patches, regulatory updates, cloud infrastructure management, and compliance audits. Matrix Connect shoulders all of those responsibilities. When the FDA issues new cybersecurity guidance or the EU updates MDR requirements, your platform stays compliant automatically, without additional engineering sprints.
What is included out of the box
HIPAA-compliant data storage and transmission
HITRUST r2 CSF certification
IEC 62304 and ISO 13485 documentation support
GDPR and CCPA compliance features
Near real-time device data ingestion and notifications
OTA firmware update management
REST and MQTT APIs for device integration
Support for BLE, Wi-Fi, cellular, and wired device connectivity
United States
United Kingdom
France
AustraliaGermany
Spain
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
British Indian Ocean Territory
British Virgin Islands
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
The Democratic Republic of the Congo
Cook Islands
Costa Rica
Cote d'Ivoire
Croatia
Cuba
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
French Guiana
French Polynesia
Gabon
Gambia
Georgia
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Lao People’s Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Korea
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russia
Rwanda
Saint Barthelemy
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Martin
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Korea
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Swaziland
Sweden
Switzerland
Syria
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
U.S. irgin Islands
Uganda
Ukraine
United Arab Emirates
Uruguay
Uzbekistan
Vanuatu
Holy See (Vatican City State)
Venezuela
Vietnam
Wallis and Futuna
Yemen
Zambia
ZimbabweThank you
A member of our team will be in contact within 48 hours.