I would look into Axeda - now a PTC company. They can leverage a number of "connectivity" modules, without the impacting the software on the device. This eliminates the need for clearance

Andrew Kyle You may want to read the FDA paper on e-cigs. There is a section therein that discusses their concerns - malware updates, hacking, changes to setting.... Via the wireless Bluetooth port.

Data gathering without patient permission was specifically mentioned. What predicated device exists for your device with Bluetooth

We are supposed to consider all risks and mitigate them. I just listed these same challenges for a medically related product that is not a medical device.

Julie Omohundro Given what seems to be coming, I think it would be very helpful if FDA's premarket databases included software-related search fields.

Veronika Valdova FDA outlines cybersecurity recommendations for medical device manufacturers http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm481968.htm (Jan 2016, draft guidance )

Postmarket Management of Cybersecurity in Medical Devices http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf

FBI: Be Wary of Connected Medical Devices (Sep 2015) http://www.mddionline.com/article/fbi-be-wary-connected-medical-devices-09-16-15

Collaborative Approaches to Medical Device Cybersecurity (Jan 2016) http://www.fda.gov/downloads/MedicalDevices/NewsEvents/WorkshopsConferences/UCM482021.pdf

DHS Investigates Dozens Of Medical Device Cybersecurity Flaws (Oct 2014)
http://www.informationweek.com/healthcare/security-and-privacy/dhs-investigates-dozens-of-medical-device-cybersecurity-flaws-/d/d-id/1316882

Michael Abrams The absence of a secure, reliable and power efficient MBAN has slowed the growth of Connected Health; BLE has failed miserably. Imagine the cost to industry of regularly updating security protocols. NFMI has been used in medical devices for decades and will soon support complex point multipoint MBANs. It's highly secure, already many times more power efficient than BLE, and allows for direct communications with implanted devices.

Take a look at Quell. It is a class II external stimulator that utilizes a connected app with data logging. I think they are presenting data soon related to what they have collected.

Here is a wireless muscle stimulator from Compex (a division of DJO Global) that is currently on the market. https://www.compexusa.com/compex-wireless-usa-muscle-stimulator.html

check FDA's MDDS rule, you may not be needed to file a 510k if you are collecting device logs for later analysis. The key word is "active clinical decision making". If the data you collect is not used for active clinical decision making, then you may want to evaluate this part of the "connectivity s/w and h/w" under class I though the consuming medical device may be class II or class III - http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/MedicalDeviceDataSystems/ucm251897.htm

George Walls Check Merlin.net at SJM. Has cellular capability. Monitors ICD's and pacemakers from bedside. Clinically shown to reduce mortality 50% (see HRS 2014). Cloud-based + bedside monitor + alerts to doc + EHR I/f + anywhere UI. Class III. Medtronic Carelink and Boston's Latitude are similar. Out a while, lots of countries, lots of patients.

Majority of the Infusion Pumps( Carefusion, Hospira, Baxter) from these companies have wireless support for data downloading and diagnostic support. There are wireless modules from the third party vendors which can be easily integrated with medical devices.

Arjun Sharma Consider non-implantable ECG monitoring equipment which is usually class II

Michael Marburger There is a great patten law firm that I used in the past that might be able to help. They are out of Pittsburgh, PA. The firm is called Cohen & Grisby. Very knowledgable if you might infringe or need to pay lisc fees to other companies.