Bluetooth and Medical Devices – Part 2: The Gotchas

Bernhard Kappe
Bernhard Kappe

This is Part 2 of a series on Bluetooth for Medical Devices. You can find an overview in Part 1 here.

Both Bluetooth protocols can be used to send wireless radio signals from biosensors and biomedical devices to smartphones, which can in turn act as modems to send data to the cloud for retrieval and use in patient treatment. Each protocol has its advantages and restrictions, depending upon factors such as operating system (iOS or Android) and whether or not continuous connectivity is needed, such as for an ECG, or if the device “sleeps” until used, as would be the case for a blood glucose monitoring system.

Significance of Connectivity Choices
In Part 1, we defined general use cases for Bluetooth Classic and BLE. In cases needing continuous connection, Bluetooth Classic may be the best choice and when a system calls for intermittent, as-needed use, BLE may be the wiser choice. By and large, each device’s design is individual: it carries its own specific use profile and careful examination is suggested to steer away from suboptimal choices.

We have found that the tendency exists for device manufacturers to commit their design to a specific operating system and connectivity protocol without considering how this might limit their device’s system or type of functionality. The earlier that these factors and their options can be brought out, discussed and more carefully examined in the development cycle of a product, the fewer cost overruns and delays will be experienced.

Use of BLE in Android and iOS
One difference to consider is that BLE allows for about twice as much throughput in Android as it does in iOS. (Throughput is defined as the rate of successful data delivery over a communication channel.)

The caveat here is that speed is a negotiated parameter and different operating systems will negotiate them differently. It has been our observation that Android will typically negotiate a higher throughput speed than iOS will. That does not mean that throughputs are always higher on Android, however. Because of packet loss and re-transmission the effective throughput rate may be less. Other factors affecting throughput rate are the processing power of the device to which the radio is attached, the number of processes the device is running, the number of data streams that the chip is handling, etc.

Unlike operations using Bluetooth Classic or BLE with Android, iOS restricts the ability for a connected device to “wake up” or verify an application on the iOS device. Despite attempts to get the application to periodically verify, iOS application management forces a 10-second hard shutdown for that type of activity. For many types of use case, such as continuous monitoring of ECG or other waveform data, that’s simply not enough time.

Therefore, certain applications can be said to be suboptimal when using BLE in an iOS environment, such as passive activities and continuous monitoring.

BLE requires a user in order to maintain a connection and transmit data. Incidentally, this means that the application/system must give the user a reason to do connect periodically.

Security Considerations
In a word, security is an important consideration when selecting a connection protocol for your medical device because of cyber threats. All medical devices carry an element of security risk, and security threats such as device tracking, eavesdropping and man-In-the-middle (MITM) attacks are increasing significantly. Additionally, many integrated systems are connected to central processing units which often utilize commercially-available software and off-the-shelf hardware. As such, these systems may be at increased risk of cyber threat, especially with increased use.

Computer viruses may endanger high concentrations of medical device systems in the healthcare environment unless hospitals and other facilities take appropriate risk mitigation measures. That being stated, security measures found in Bluetooth Classic and BLE, as well as in software and firmware updates within the specific medical device networks, can decrease vulnerabilities.

Bluetooth Classic security: As stated in Part 1 Article on Bluetooth in Medical Devices, pairing is mandatory in Bluetooth Classic, providing a level of security since only those trusted devices will communicate. This is accomplished via Secure Simple Pairing (SSP).

BLE security: BLE provides two options. One, pairing is not required and data is advertised publicly. Two, secured pairing can be enabled on a BLE device to ensure that only authorized devices are connected.

It is never recommended that medical device networks to employ exercise of the first pairing option. Since the majority of data packets sent via BLE contain the source addresses of the medical devices, third-party devices are able to associate the addresses to a particular user identity and track the addresses.

BLE supports a Privacy Feature that reduces the ability to track a device over a period of time by changing the Bluetooth device address on a frequent basis. This frequently-changing address is called the private address and the trusted (paired) devices can resolve it.

Examples of Use
The following are examples of continuous remote monitoring systems. The main differences are in the protocols used in each case.

Nanowear, an Orthogonal client, designed a system to monitor chronically ill patients that incorporates iOS and Bluetooth Classic with embedded nanosensors in undergarments to monitor heart rate, respiratory data and ECG. Their system caters to the long-term needs of patients who need to be monitored remotely. For details, see our Nanowear Case Study.

Orthogonal customer PhysIQ developed a system that employs use of Android and BLE for remote monitoring of ECG and other vital signs, and sends out alerts from wearable biosensors based on differentials to baseline patterns in their patients. For details, see our PhysIQ Case Study.

Why is this important?
The connected care industry is growing prolifically, with no end in sight. Extensive medical device technologies making use of Bluetooth Classic and BLE highlight the technologies’ versatility and capabilities. Although other connective technologies exist, new devices with employing Bluetooth Classic and BLE connectivity continue to emerge in the marketplace. Understanding their attributes as well as the existent issues with pairing, limitations with iOS and how they may affect device functionality, can encourage well-thought-out solutions that aid in the successful development of new device technologies.

Whether you need a continuous or periodic connection between your device and smartphone; large or small package transmission size; support for multiple platforms or just one—all are considerations in your protocol selection.

Lessons Learned/Key Takeaways

  • Think about what kinds of uses your connected medical device and companion software system will be put to
  • BLE on iOS will severely restrict what types of systems you can build.

At Orthogonal, we design, build and launch software and applications for medical devices. Our extensive experience with FDA and HIPAA regulations reduces time to approval. If you need help building software and applications for medical devices, contact us or call us at (312) 372-1058.

Related Posts


Orthogonal-Contributed Article Wins Prestigious AAMI Prize


End of the Line for EUA: Are You FDA Ready?


TINY GVS: Reimagining the Validated State


Cloud Computing & Validation: 6 Key Recommendations