Connected medical devices: What integration challenges do biomedical engineers face?

The arrival of connected medical devices in healthcare facilities is transforming the work of biomedical engineers. Medical equipment is no longer simply an item to be purchased, installed, maintained, and tracked in a CMMS. It can now combine a physical device, an app, user accounts, health data, software updates, storage space, digital support, and sometimes related services.

For biomedical engineers at community hospitals and university hospitals, this shift is changing the way they evaluate a device before it is implemented. It is no longer enough to simply verify compliance, technical quality, accessories, or maintenance requirements. It is also necessary to understand how the solution fits into the facility’s actual organizational structure: clinical use, data security, device management, mobility between departments, network constraints, user support, and digital governance.

The challenge, therefore, is not merely to add new equipment to the inventory. It involves balancing technical requirements, IT security, regulatory constraints, clinical applications, and day-to-day usability. This is often where the true adoption of the system is determined.

Connected medical devices are expanding the scope of biomedicine

Biomedical teams already play a central role in the lifecycle of medical equipment: procurement, acceptance, commissioning, preventive and corrective maintenance, traceability, accessory management, supplier contracts, quality control, and medical device vigilance.

With connected devices, this scope expands. A device may rely on a mobile app, a compatible terminal, a storage system, remote hosting, a user account, or regular updates. For a healthcare facility, this means that a connected device cannot be evaluated based solely on a spec sheet. One must consider its entire ecosystem: hardware, software, data, support, cybersecurity, training assistance, maintenance, and integration into clinical practices.

The HAS notes that connected medical devices present specific evaluation challenges due to their technological evolution, their interactions with users, and their use in real-world settings. These factors must be taken into account in their clinical and organizational evaluation, beyond mere technical characteristics.

The role of the biomedical engineer is thus becoming less straightforward. It is no longer simply a matter of adding equipment to the inventory, but of anticipating its actual use, its digital requirements, and its maintenance to ensure it remains in working order.

A connected device is never limited to the biomedical field

The integration of a connected medical device involves several stakeholders. The biomedical department evaluates the equipment, its maintenance, documentation, integration into the existing fleet, accessories, and vendor support. The IT department analyzes the devices, data flows, accounts, updates, and any potential network constraints. The Chief Information Security Officer (CISO) assesses cybersecurity risks. The DPO may be involved when personal health data is processed. Clinicians validate the uses, indications, support requirements, and limitations of use.

This coordination is essential. A system may seem simple from the user’s perspective, but it raises important issues for the institution: data storage, access management, updates, device compatibility, traceability, and service continuity.

The role of the biomedical engineer is therefore not to shoulder the entire project alone. Rather, it is to bridge the gap between technical requirements, computational constraints, and clinical needs. This is particularly true for mobile solutions, which are often very user-friendly but must nonetheless be integrated into a rigorous hospital setting.

Finding the right balance to prevent shadow IT and shadow MD

Security is essential. But in mobile clinical settings, excessive complexity can have the opposite effect of what is intended. If the requirements for access, connectivity, storage, or validation are too burdensome, some users may be tempted to circumvent the established framework: using an unvalidated tool, saving images outside the system, transmitting images via unsuitable messaging apps, or storing data locally without a clear procedure.

This is the risk of shadow IT as it applies to clinical use, which could be described as “shadow MD”: real medical needs are met outside the framework approved by the institution because there is no solution that is sufficiently simple, accessible, and secure. The goal is not to lower standards, but to make them compatible with real-world conditions.

For a mobile clinical ultrasound device, this means addressing two questions at the same time: how to ensure secure usage, and how to prevent security measures from making the device impractical to use? Effective integration must therefore provide a clear yet realistic framework: verified accounts, designated storage, sharing policies, procedures to follow in the event of device loss, update protocols, designated support, and clearly defined responsibilities.

Connectivity: A Key Factor in Deployment

Network issues are often among the first topics to be addressed during integration. Does the system rely on the hospital’s Wi-Fi? Do we need to open ports? Create a VLAN? Approve specific data flows? Connect the equipment to the facility’s information system? Manage certificates? Provide managed devices?

These issues are very practical for the IT department and the Chief Information Security Officer. They determine the workload, deployment timelines, and sometimes the project’s feasibility. A system that is clinically very effective can become difficult to deploy if its use requires extensive network integration right from the initial testing phase.

In the case of the echOpen probe, the design was intended to minimize this complexity. The probe connects wirelessly to a compatible smartphone or tablet, without requiring the hospital’s Wi-Fi network to perform the exam. This approach makes it easier to get started, particularly when a department wants to begin in a targeted area before gradually expanding its use.

This does not eliminate security, device, or storage concerns. However, it prevents every deployment from turning into a network infrastructure project. For biomedical teams, this is a key point: integration can be coordinated with the IT department and the Chief Information Security Officer (CISO) without requiring a constant connection to the hospital network for basic clinical use.

Data Storage: An Issue Concerning the CISO, GDPR, and Clinical Use

A connected medical device can generate health data. In the case of clinical ultrasound, images and videos can document an observation, support communication among professionals, or be stored for follow-up purposes. It is therefore important to know where the data is stored, who can access it, how it is protected, under what conditions it can be shared, and how long it is retained.

This issue directly concerns the CISO and the DPO. Health data is sensitive, and its storage must be managed under appropriate conditions. The French Digital Health Agency notes that HDS certification aims to strengthen the protection of personal health data and to build a trusted environment for e-health.

For organizations, the challenge is twofold. On the one hand, they need to prevent images from being scattered across personal galleries, unintended messaging platforms, or unapproved storage spaces. On the other hand, they need to provide a simple solution so that professionals don’t have to come up with their own workflows.

Within the echOpen ecosystem, the echOpen app serves as the examination interface: it allows users to connect the probe, view images in real time, and save relevant images or videos. My echOpen then echOpen to store, retrieve, and share exams in an environment hosted in France by an HDS-certified hosting provider, with a data processing framework designed to meet GDPR requirements. For biomedical engineers, this distinction between use at the patient’s bedside, recording, and secure storage helps clarify the data journey from the very start of the project.

However, HDS hosting does not replace the institution’s internal policies: it must be aligned with internal rules governing authorization, authentication, data retention, data sharing, and device management.

The use of personal cell phones: an issue that needs to be addressed, not ignored

Mobile devices also raise the question of which device to use. Should we use a smartphone provided by the organization? A work tablet? A managed device? Or a personal device, if company policy allows it? Each option has its advantages and limitations.

The CNIL notes that the use of personal devices in a professional context is at the employer’s discretion; the employer may authorize it under certain conditions or prohibit it. It also notes that the employer remains responsible for data security when personal devices are authorized for accessing work-related resources. In other words, the use of a personal phone is not prohibited in principle, but it must be regulated.

The choice of device is therefore a matter for each institution to decide. The key point is not to promote a single model, but to ensure that clinical images are not stored in the phone’s gallery or shared through channels not intended for that purpose.

The storyechOpen, which originated in a hospital setting within the AP-HP, helped shape this requirement: to design a mobile solution that meets the specific security, traceability, and usability needs of healthcare facilities.

So the right question isn’t simply, “Can we use a personal phone?” Rather, it is: “Under what conditions does the organization permit this use, and what are the rules, storage requirements, authentication procedures, and procedures to follow in the event of a lost or replaced phone?” A well-integrated mobile solution should facilitate this discussion rather than sidestep it.

Maintenance, OTA updates, and uninterrupted service

A connected device has a lifecycle. The application evolves, devices change, operating systems are updated, security patches must be applied, and new versions may be deployed. In the biomedical field, software updates therefore become a critical operational consideration in their own right.

The OTA (over-the-air) update process must be clear. The organization must know how users are notified, whether the update involves the application, available operating settings, or technical fixes, how it is initiated, what happens if it fails, and how support can assist users.

For echOpen, updates should be viewed as a tool for maintaining operational readiness, not as a hidden burden. A simple procedure can be organized around four steps: notifying affected users, making the update available through the designated application channel, verifying proper operation after the update, and providing support in case of issues. This process must be documented as part of the deployment, particularly for institutions that wish to standardize the versions used across multiple departments.

This approach is important to avoid two opposing risks: allowing users to work with outdated versions, or forcing updates without providing sufficient information. In a healthcare facility, simplicity must never mean a lack of traceability.

The Medical-Economic Impact: Bridging the Gap Between Care and Data

The adoption of a connected device is not justified solely by its technology. It must address a clinical and organizational need. Clinical ultrasound is a good example: its value lies in bringing the image closer to the patient—whether at the patient’s bedside, during a consultation, in the emergency room, or in a mobile setting.

When used appropriately, within a defined framework, and by trained professionals, clinical ultrasound can enhance the physical examination, guide clinical reasoning, document a patient’s condition, and help prioritize the next steps in care. It does not replace specialized imaging when it is necessary. Rather, it serves as an extension of the clinical examination, with specific indications.

For a healthcare facility, the potential medical and economic impact lies in the organization of the care pathway: the availability of patient-centered monitoring, the reduction of certain logistical bottlenecks, support for clinical decision-making at the right time, the gradual development of team skills, and a better match between the tools used and actual needs. These effects should not be assumed a priori: they depend on the selected indications, local organization, the level of user support, and the evaluation methods defined by the institution.

The challenge for biomedical engineers is not to focus solely on the purchase price. They must also analyze ease of deployment, maintenance, support, lifespan, mobility, storage, training, and the equipment’s ability to be effectively used by teams. To plan for this budgetary aspect, institutions can review echOpen pricing before speaking with our team.

echOpen An example of integration centered on connected clinical ultrasound

At echOpen, we designed our clinical ultrasound solution to address these on-site integration challenges. The echOpen probe works with a compatible smartphone or tablet and does not require the hospital’s Wi-Fi to perform the exam. This architecture facilitates mobile use, even in environments where network connectivity is limited or unavailable.

The solution combines the probe, the echOpen app, the My echOpen portal, training resources, support based in France, and deployment assistance when the facility needs it. The goal is not merely to provide mobile equipment, but to make clinical ultrasound more accessible in a way that accommodates the constraints of healthcare facilities.

For biomedical engineers, several factors facilitate integration: no reliance on the hospital’s Wi-Fi for the examination, storage in an HDS/GDPR-compliant environment, designated support, disinfection suitable for field use, mobility between departments, and the ability to start in a targeted area and then expand usage to other departments based on feedback from the field.

When the facility uses the relevant procurement channels, accessing the system through Resah can also streamline certain administrative procedures, without eliminating the need for internal evaluation. The facility’s role remains central: defining indications, user profiles, assignment rules, cleaning procedures, storage protocols, and the framework for supporting healthcare professionals. For teams wishing to structure this skill development, our page dedicated to clinical ultrasound training allows you to explore learning and progression challenges, without replacing the training and certification framework specific to each facility.

Adopting a connected device means adopting a new way of doing things

Connected medical devices are not simply pieces of equipment with an app attached. They transform practices, information flows, responsibilities, and operating conditions.

For biomedical engineers, the challenge is twofold: ensuring technical integration and promoting actual use. A device may be compliant and functional, but it may still see little use if the clinical need is unclear, if users are not provided with adequate support, if storage requirements are not addressed, or if the rules for use are too complex.

Conversely, a solution that is too open-ended can expose the organization to uncontrolled use. The right balance lies in establishing a clear, secure framework that is simple enough for teams to adopt.

Clinical ultrasound makes this reality very tangible. An ultra-portable transducer can bring the image right to the patient, but it must fit within a defined framework: indications, support, devices, maintenance, storage, cybersecurity, updates, responsibilities, and usage monitoring.

That is exactly what we aim to facilitate with echOpen : making clinical ultrasound more accessible, while respecting the integration constraints of healthcare facilities. To discuss an equipment project, a multi-departmental rollout, or initial use at your facility, you can consult with our team regarding a deployment project.