BLE in Healthcare: Medical Devices and Patient Monitoring
Deploying BLE for medical-grade wearables and clinical workflows
BLE in Healthcare: Medical Devices and Patient Monitoring
BLE is the dominant short-range wireless standard for medical-grade wearables and point-of-care devices. Its low power consumption enables multi-day wear, and standardized GATT health profiles ensure interoperability with hospital EMR systems, patient apps, and clinical platforms. However, medical BLE devices face regulatory requirements — FDA (US), MDR (EU) — that fundamentally affect firmware architecture, data integrity requirements, and post-market change control.
Standard BLE Health Profiles
The Bluetooth SIG defines standardized GATT profiles for clinical measurements:
| Profile | Abbreviation | Measurement | Key Characteristics |
|---|---|---|---|
| Glucose Profile | GLP | Blood glucose | mg/dL or mmol/L, timestamps, meal context |
| Blood Pressure Profile | BPM | Systolic/Diastolic/MAP | mmHg, pulse rate, measurement status flags |
| Health Thermometer | HTP | Temperature | Celsius/Fahrenheit, body location |
| Heart Rate Profile | HRP | BPM, R-R interval | HRV derived from R-R timestamps |
| Continuous Glucose Monitor | CGM | Interstitial glucose | 1–5 min intervals, trend arrow, time offset |
| Pulse Oximeter | PLX | SpO₂, pulse rate | Continuous or spot-check |
| Weight Scale | WSP | Weight, BMI | User profile linking for multi-user scales |
These profiles use SIG-assigned UUIDs and defined characteristic formats, ensuring app interoperability without custom parsing.
CGM Architecture Example
A Continuous Glucose Monitor is among the most complex BLE health profiles. The CGM profile uses notifications for real-time glucose readings and a Record Access Control Point (RACP) characteristic for historical data retrieval:
CGM Service (UUID: 0x181F)
├── CGM Measurement (Notify) -- 1-5 min glucose readings
├── CGM Feature (Read) -- calibration support, trend arrows
├── CGM Status (Read/Notify) -- session status, device alerts
├── CGM Session Start Time (R/W) -- session timestamp
├── CGM Session Run Time (R/Notify) -- remaining sensor life
├── Record Access Control Point (W/Indicate) -- historical query
└── CGM Specific Ops Control Point (W/Indicate) -- alerts, calibration
The RACP pattern (Write operation + ATT">GATT & ATT">Indication response) is used across multiple health profiles (GLP, CGM, WSP) for asynchronous record retrieval — the collector requests records by time range, the sensor streams matching records as notifications.
FDA Requirements for Software in Medical Devices
BLE-connected devices that claim clinical efficacy are Software as a Medical Device (SaMD) under FDA 21 CFR Part 820 / ISO 13485.
Key FDA requirements affecting BLE firmware:
| Requirement | Implication for BLE |
|---|---|
| Design Controls | Every firmware change requires documented DHF (Design History File) entry |
| Software Validation | IEC 62304 lifecycle: unit test, integration test, system test per risk class |
| Cybersecurity | FDA Guidance (2023): TLS for cloud links, signed OTA firmware, pairing authentication |
| Post-Market | Firmware updates are "modifications" — may require 510(k) supplement or PMA supplement |
| Labeling | FCC ID, BLE version, instructions for pairing in IFU |
IEC 62304 Software Safety Classes:
| Class | Risk if software fails | Testing Requirement |
|---|---|---|
| A | No harm | Basic testing |
| B | Non-serious injury | Additional unit tests, SOUP documentation |
| C | Serious injury or death | Full traceability: requirements → code → tests |
Insulin pump Bluetooth communication is Class C. A fitness tracker claiming only wellness (no clinical) may be exempt from FDA regulation entirely.
LE Privacy and HIPAA
LE Privacy with Resolvable Private Addresses (RPA) rotates the BLE advertising address on a configurable interval (default 15 minutes), preventing passive tracking of a patient's device MAC address. RPA is mandatory for any device transmitting PHI (Protected Health Information) in a public/semi-public environment.
BLE itself does not encrypt advertising PDUs. For PHI in manufacturer-specific advertising data, use encrypted GATT connections with LESC pairing (LE Secure Connections) — which provides forward secrecy via ECDH.
CE MDR (EU Medical Device Regulation)
EU MDR 2017/745 classifies connected health devices as Class IIa or IIb, requiring Notified Body involvement. Annex I GSPR (General Safety and Performance Requirements) covers cybersecurity for connected devices, referencing IEC 81001-5-1 (cybersecurity) and EN ISO 14971 (risk management).
Practical BLE Design for Medical Reliability
- Connection interval: 100–300 ms for continuous vital signs monitoring; too short drains sensor battery, too long introduces visible latency in clinical displays
- MTU negotiation: Request MTU = 247 bytes; avoids segmentation of 200+ byte CGM records
- Error handling: RACP responses can indicate "no records found" — handle all response codes per profile spec
- Bonding: Medical devices should bond with the collector — prevent unauthorized GATT access
- Watchdog: Hardware watchdog reset for radio stack hangs — unrecoverable BLE stack state is a Class B/C software hazard
Use the GATT Browser to verify your health profile characteristic format against the SIG specification before clinical validation testing.
Frequently Asked Questions
Yes, our guides range from beginner introductions to advanced topics. Each guide indicates its difficulty level and prerequisites so you can find the right starting point.