Leveraging IoT for Medical Device Software


The RND Group recently implemented an Internet of Things (IoT) solution to manage a fleet of medical devices that perform diagnostic tests and push raw test data to the cloud. In this solution, a set of cloud-based services is responsible for receiving, storing, and calculating results from the raw data submitted by IoT devices. RND Group was selected to design and develop this solution based on its reputation, experience and success in developing medical devices software for the past 20 years. Unlike traditional medical devices, this solution moves the software intelligence for results processing, calculation, storage, and management from the instrument hardware to the cloud. The benefits of this approach are many, including: reduced software complexity on the instrument, a simplified operator interface on the instrument, and greater access to data for users, for data mining, and for historical record keeping and reporting. This paper highlights the key challenges and solutions faced by the RND Group team in designing and developing this IoT solution.

While having experience in cloud technologies, this project presented a unique opportunity to build and deploy some of the most crucial components of medical device software, including result calculation algorithms and specimen chain of custody tracking, in the cloud. There are a variety of challenges in implementing this logic in the cloud, including: data integrity between device and cloud, security of data transmission between device and cloud, security of data in the cloud, managing scalability and performance when multiple IoT devices are communicating with the cloud, and detecting and managing changes to the software stack performed by the cloud provider after the solution has been verified.

RND Group approached these challenges through a risk-based assessment approach and created explicit requirements for the software for each of these challenges, and combined these cloud-specific requirements with traditional application behavior-specific requirements. This risk-based approach drove software design decisions, and led to the creation of testing strategies to prove that the developed software meets the challenges unique to deployment as a cloud solution.

The following describes the primary Amazon Web Services (AWS) cloud and supporting technologies used to meet the requirements and challenges:

  • AWS IoT for at-scale device data ingestion, device fleet provisioning, access policies and X.509 security management
  • MQTT protocol for lightweight, secure, bi-directional communication
  • AWS IoT Device Shadow and AWS Lambda for managing the state of each medical device represented by an IoT device
  • AWS S3 for highly-available, partitioned storage
  • AWS Lambda for server less computing and microservice-based architecture to process raw results data from IoT devices
  • Use of application level CRC signing of messages for data integrity checking of all device to cloud communication
  • AWS RDS (encrypted PostgreSQL) database for secure data storage
  • AWS API Gateway for web application and 3rd party integration access to cloud data
  • Terraform infrastructure as code software for reproducible, automated deployment of the AWS stack to multiple environments such as Dev / Test / Prod
  • AWS EC2 for scalability testing of data ingestion
  • AWS ECR/ECS for containerized composition, orchestration, isolation and immutability of results calculation pipeline algorithms

The deployment of this solution is currently in-progress. At full deployment, the solution will support thousands of IOT devices, producing millions of results annually.  Up to 2500 simultaneous users will be able access the system. Data will be archived in a staged fashion with on-line and near-line data access, and in off-line storage over the next 20 years.

RND Group is providing full life cycle software services on this project, including analysis, requirements definition, software design, software implementation, software verification, software unit and integration testing, and deployment and management of the solution in the cloud. The result of this cooperative effort is a cloud solution developed using design control procedures required by the FDA that is state of the art in terms of use of cloud technology, web-based user interface and functionality.

RND Group has worked with the leading companies in the medical device industry since 1997. RND Group fully understands the rigor required in designing, developing, documenting, and testing products that are regulated by the FDA. RND Group has applied that rigor to the software engineering support it has provided for countless product development efforts, and RND Group can point with pride to products that have been successfully introduced into the medical device marketplace.

Capabilities Applied

  • FDA Part 820, Part 11
  • ISO 13485, HIPAA, IEC 62304
  • Software life cycle processes
  • Cloud development and deployment
  • API definition and development
  • Third-party API integration
  • Requirements development and management
  • Project management
  • Software verification


  • Java 8
  • JavaScript
  • Angular 4
  • Node.js
  • JSON

Technologies Used

  • AWS IoT
  • AWS S3
  • AWS Lambda
  • AWS RDS (PostgreSQL)
  • AWS API Gateway
  • AWS EC2
  • AWS Kinesis
  • Serverless Framework
  • Docker