Medical Imaging / DICOM
DICOM connectivity, PACS integration, and imaging workflows.
Explore Medical Imaging / DICOMMedical Device Integration & Consulting
Medical device consultants for IEC 62304, ISO 14971, FDA 510(k), cybersecurity, and IoMT architecture — plus end-to-end clinical system integration from bedside monitors to cloud analytics.
MEDICAL DEVICE INTEGRATION & CONSULTING
Bedside to EHR, integrated.
Medical device integration that actually clears the EHR's flowsheet. Saga IT delivers device-to-EHR connectivity, IoMT platform design, and medical device consulting — IEEE 11073 SDC and IHE PCD profiles to standards-based interoperability, regulated under IEC 62304 and ISO 14971. Bedside monitors to wearables, infusion pumps to ventilators, charted.
Device & IoMT integration
Bedside monitors, pumps, ventilators, wearables — six integration patterns
SaMD & regulated software
IEC 62304, ISO 14971, FDA 510(k) / De Novo, CE Mark pathway
Standards-based device data
FHIR Device + Observation, IEEE 11073 MDC, LOINC crosswalk
Consulting & QMS
Architecture, ISO 13485 QMS, SaMD pathway — advisory through go-live
What We Offer
Medical Device & IoMT Integration Services
Connect medical devices to EHRs, clinical systems, and analytics platforms via standards-based interoperability — IEEE 11073 SDC, IHE PCD, HL7 v2, FHIR R4. Click any diagram to expand.
Regulated Device Software
Regulated Device Software — Covered by Our SaMD Practice
Connected medical devices answer to a tougher framework than garden-variety software — IEC 62304 for the software lifecycle, ISO 14971 for risk management, and the CE Mark pathway. The teaser below shows the framework that applies on every device build; for the full SaMD development practice — Design History File, 510(k) submission support, IMDRF risk categorization — see our healthcare software engineering page.
IEC 62304 lifecycle
Per-layer safety-class mapping (firmware Class C, middleware B, UI B). SOUP inventory + bi-directional traceability maintained sprint-by-sprint — DHF assembles itself.
ISO 14971 device risk
Hazard workshops with clinicians + BMEs cover sensor drift, alarm fatigue, power loss, and network partition. Mitigations wire into verification protocols, not pre-audit scrambles.
FDA + CE Mark pathway
FDA 510(k) / De Novo / PMA classification, EU MDR (CE Mark) notified-body submissions, Health Canada MDEL, and PMDA — one technical file, four jurisdictions.
Full SaMD lifecycle, ISO 14971 deep dive & FDA pathway capabilities
Medical device integrations shipped for
Connectivity Protocols
Device Communication Protocols We Speak
From legacy serial to modern FHIR R4 — the medical device connectivity standards Saga IT implements for device-to-EHR integration and IoMT platforms. Each protocol has its own latency profile, EHR-readiness, and FDA implication.
| Protocol | Primary use case | Latency | EHR-ready | Where we use it |
|---|---|---|---|---|
| IEEE 11073 SDC | Point-of-care device communication (modern) | Real-time | Via gateway | Multi-device OR / ICU rooms; vendor-agnostic device plug-and-play |
| IHE PCD (DEC, ACM, PIV) | Profile-driven device data exchange | Real-time | Native | EHR Flowsheet ingestion + alarm routing in IHE-conformant hospitals |
| HL7 v2.5.1 (ORU + MDM) | Observation + document routing | Near-real-time | Native | Legacy device feeds to EHR via integration engine |
| FHIR R4 (Device + Observation) | Modern RESTful device data API | Real-time / poll | Native (US Core) | Modern apps, SMART on FHIR, FHIRcast — multi-tenant device platforms |
| BLE / serial / proprietary | Bedside transport, wearables, RPM | Real-time | Via gateway | BLE pulse-ox, wearables, RPM platforms — normalized at the edge |
Deep Dive
Medical Device Integration Expertise
Our integrations support all major categories of medical devices via standardized protocols including IEEE 11073, HL7 v2, and FHIR R4. Saga engineers work across every clinical department, from bedside to lab to remote patient monitoring.
Patient Monitors
Vital signs and waveform integrations for bedside monitors including Philips IntelliVue, GE CARESCAPE, Mindray, and similar systems. Our integrations capture heart rate, blood pressure, SpO2, temperature, and continuous waveform streams for real-time EHR documentation and clinical surveillance dashboards.
Infusion Pumps
Infusion-pump integrations for systems including BD Alaris, Baxter Sigma, and ICU Medical Plum 360. Our integrations route pump status, infusion rates, drug library compliance events, and dose tracking to pharmacy and eMAR systems for closed-loop medication verification.
Ventilators
Ventilator and respiratory integrations for systems including Dräger Evita, Hamilton Medical, and other leading ventilator platforms. Our integrations capture tidal volume, respiratory rate, FiO2, PEEP, and compliance data for automated charting in the EHR and early warning score calculations.
Diagnostic Equipment
Laboratory analyzers, point-of-care testing devices, and diagnostic imaging modalities. We connect POC glucose meters, blood gas analyzers, coagulation devices, and portable ultrasound systems to LIS and EHR platforms for immediate result availability at the bedside.
Wearables
Continuous monitoring and remote patient monitoring devices including cardiac rhythm monitors, continuous glucose monitors (CGMs), pulse oximeters, and activity trackers. We handle Bluetooth Low Energy and cellular connectivity for home health data collection and chronic disease management programs.
Surgical Systems
Operating room integration including anesthesia machines, surgical navigation systems, and robotic-assisted platforms. We connect intraoperative devices to anesthesia information management systems (AIMS) and perioperative documentation workflows for complete surgical records.
Medical device cybersecurity is a critical concern for healthcare organizations deploying connected devices. The FDA's 2023 Refuse to Accept policy means new device submissions without cybersecurity documentation are automatically rejected. We help both device manufacturers and healthcare delivery organizations meet these evolving requirements.
FDA Premarket Cybersecurity Requirements
Under Section 524B of the FD&C Act, medical device manufacturers must submit a comprehensive cybersecurity plan as part of their premarket submissions (510(k), PMA, De Novo). This includes a threat model documenting all potential attack surfaces, a Software Bill of Materials (SBOM) listing every software component and open-source library in the device, evidence of security testing and penetration testing results, and a plan for addressing vulnerabilities throughout the device's total product lifecycle. Our team builds these artifacts into your development process from the start, so cybersecurity documentation is a natural output of your engineering workflow rather than a last-minute compliance exercise.
IEC 80001 Risk Management
IEC 80001-1 provides a risk management framework for IT networks incorporating medical devices. We conduct risk assessments covering data integrity, system availability, and patient safety when connecting devices to hospital networks. This includes evaluating network architecture, identifying single points of failure, and documenting residual risk acceptance criteria. Our assessments align with the updated IEC 80001-1:2021 standard and integrate with your organization's existing ISO 14971 quality management processes.
Network Segmentation & SBOM
We design network segmentation architectures that isolate medical devices from general hospital IT traffic using VLANs, firewalls, and micro-segmentation policies. For SBOM management, we implement automated tooling that generates and maintains machine-readable SBOMs in CycloneDX or SPDX format, monitors for newly disclosed CVEs affecting device software components, and provides a coordinated vulnerability disclosure process aligned with FDA postmarket guidance. This continuous monitoring approach ensures your device fleet remains defensible as new threats emerge.
Remote Patient Monitoring (RPM) enables healthcare organizations to track patient health data outside of traditional clinical settings. We build the technical infrastructure connecting RPM devices to clinical workflows — from data ingestion and alerting to EHR documentation and billing integration.
Chronic Disease Management
RPM is most effective for chronic conditions requiring continuous monitoring. We deploy device connectivity solutions for congestive heart failure (CHF) patients using weight scales, blood pressure cuffs, and pulse oximeters; COPD patients using spirometers and oxygen saturation monitors; and diabetes patients using continuous glucose monitors and insulin pump data. Each program includes configurable alert thresholds, escalation protocols, and clinician dashboards that surface only actionable data — reducing alert fatigue while ensuring timely intervention for deteriorating patients.
Telehealth Integration
We integrate RPM data streams with telehealth platforms so providers can review real-time device data during virtual visits. This includes synchronizing RPM observations with the patient's EHR record before scheduled telehealth encounters, embedding device trend charts within video visit interfaces, and triggering ad-hoc telehealth sessions when RPM alerts indicate clinical deterioration. Our integrations support major telehealth platforms and connect to EHR telehealth modules in Epic, Oracle Health, and MEDITECH.
CMS Reimbursement Codes
RPM programs are reimbursable under Medicare through a well-defined set of CPT codes. We build billing integration workflows that automatically track qualifying activities and generate the documentation needed for successful claims.
| CPT Code | Description | Reimbursement |
|---|---|---|
| 99453 | Initial setup and patient education for RPM devices | ~$19 |
| 99454 | Device supply and daily recording/transmission (30 days) | ~$55 |
| 99457 | Remote physiologic monitoring treatment, first 20 min/month | ~$50 |
| 99458 | Each additional 20 min of RPM treatment management | ~$42 |
Our RPM integration platform tracks device transmission days, clinician interaction time, and patient engagement metrics to ensure your program meets CMS documentation requirements for each billing code. We integrate this tracking with your practice management system for streamlined claims submission.
Standards
Devices on FHIR
The device-data stack — FHIR Device resources for the hardware, FHIR Observations for the readings, and the IoMT pipeline that gets BLE / wearable / RPM data into FHIR in the first place. Pick a layer to see what we build. (Technical appendix below covers the IEEE 11073 MDC → LOINC crosswalk under the hood.)
The physical device, modeled
FHIR Device resource — traceable from data back to hardware
Every device observation needs a Device reference so a clinician (or an auditor, or a recall-tracking system) can trace any value back to the physical box that produced it. We model manufacturer, model, serialNumber, UDI, software version, and calibration status — all mapped to FDI + GUDID attributes so post-market surveillance maps 1:1.
- UDI-DI / UDI-PI parsed into FHIR Device.identifier (GS1 / HIBCC / ICCBBA)
- Device.version tracks firmware + calibration dates for recall audit
- Device.owner / location for multi-site inventory reconciliation
- GUDID sync pipeline for FDA-listed devices (nightly delta)
The clinical value, keyed to LOINC
FHIR Observation — vital signs, waveforms, and panels
A single FHIR Observation carries the measured value, its LOINC code, the unit (UCUM), the reference range, and links back to Patient + Device + Encounter. For panels (e.g., BP cuff returning systolic + diastolic + MAP), we use Observation.component so a single event carries all related measurements with their individual LOINC codes.
- US Core Vital Signs profile with required LOINC panel codes
- UCUM unit encoding for every valueQuantity — no freeform strings
- Observation.component for multi-value panels (BP, blood gas, EEG)
- Observation.device + subject + encounter for full clinical linkage
Patient device → cloud → FHIR
IoMT data flow — wearables, RPM, BLE to FHIR Observation
The other half of device data is the connected-health side — patient-owned wearables, BLE devices, RPM hubs, and bedside-to-cloud telemetry. We build the ingestion path: BLE / serial / Wi-Fi at the edge, AWS IoT or Azure IoT Hub as the broker, and FHIR R4 Device + Observation resources at the application layer. Multi-tenant SaaS architectures, USCDI v3 conformance, and CMS-9115 Patient Access API endpoints included.
- BLE GATT profile parsing (Apple HealthKit, Google Health Connect)
- AWS IoT Core / Azure IoT Hub / GCP IoT pipelines (MQTT, mTLS)
- Multi-tenant FHIR Device + Observation resource emission
- CMS-9115 Patient Access + USCDI v3 conformance for RPM platforms
Consulting & Compliance
Medical Device Consulting Services
Beyond the wire-level integration work, Saga IT advises medical device manufacturers and digital-health vendors on the regulatory, quality, and software-of-medical-device decisions that gate every device program.
Medical device consulting
Medical device consulting for early-stage device companies, established manufacturers, and digital-health vendors building software-driven medical products. We advise on the integration strategy that makes a device commercially viable — Epic / Oracle Health / Meditech routes to market, IHE PCD device-data interoperability, IEEE 11073 SDC adoption, and the IoMT cloud architecture that scales beyond the first hospital pilot.
- IHE PCD
- IEEE 11073
- IoMT
- AWS / Azure / GCP
What we deliver
- Integration architecture review with EHR / PACS / IoMT route-to-market analysis
- IHE PCD profile selection (DEC, ACM, RTM, IDCO, WCM) for device-data interoperability
- IEEE 11073 SDC adoption strategy and PHD / device specialization mapping
- IoMT cloud architecture (AWS IoT / Azure IoT Hub / GCP IoT Core) for fleet scale
- Engagement model from 2-week architecture reviews to multi-quarter advisory retainers
Medical device quality management system (QMS)
Medical device quality management system (QMS) consulting aligned to ISO 13485 and FDA 21 CFR Part 820. We help device companies stand up the QMS infrastructure that survives an FDA inspection — design controls (820.30), risk management to ISO 14971, software-development lifecycle to IEC 62304, design history files (DHF), device master records (DMR), and CAPA. We don't replace your QMS partner — we make sure your software work product feeds the QMS cleanly.
- ISO 13485
- 21 CFR 820
- ISO 14971
- IEC 62304
What we deliver
- Design control structure (820.30) covering inputs, outputs, verification, validation
- ISO 14971 risk management plan, hazard analysis, and risk-benefit reasoning
- IEC 62304 software lifecycle alignment with safety classification (A / B / C)
- DHF and DMR structure that maps software artifacts to QMS records
- CAPA / nonconformance / complaint-handling tooling for software-product evidence
Software as a Medical Device (SaMD)
Software as a Medical Device (SaMD) consulting for AI/ML clinical decision support, imaging analytics, and digital therapeutics. We work with FDA-classified SaMD across the IMDRF Risk Categories I–IV — scoping the regulatory pathway (510(k), De Novo, PMA), structuring the SaMD lifecycle to IEC 62304, mapping the clinical evaluation requirements, and integrating SaMD into the EHR / PACS / device ecosystem so the software actually gets used in real clinical workflow. For the canonical SaMD development practice, see our healthcare software engineering page.
- IMDRF I–IV
- 510(k) · De Novo
- IEC 62304
- CER
What we deliver
- IMDRF risk categorization (I–IV) and FDA submission pathway selection
- IEC 62304 software lifecycle with safety classification and traceability
- Clinical evaluation plan and clinical evaluation report (CER) authoring
- EHR / PACS / device ecosystem integration design for clinical workflow fit
- Particular depth in radiology AI and continuous-monitoring SaMD
Device-to-EHR integration builds
The actual implementation engagement — building the HL7 ORU / MDM channels, FHIR Device + Observation pipelines, and bidirectional gateways that move medical device data into Epic, Oracle Health, MEDITECH, athenahealth, and connected clinical systems. Vendor sandbox certification, parallel-run cutover, and IHE PCD profile conformance baked into the build plan.
- HL7 v2.5.1
- FHIR Device + Obs
- IEEE 11073 SDC
- Mirth · Rhapsody · OIE
What we deliver
- HL7 v2.5.1 ORU / MDM / RAS channel design + transformer implementation
- FHIR R4 Device + Observation resource emission (US Core Vital Signs)
- Bidirectional gateway architecture for closed-loop medication / order verification
- Epic / Oracle Health / MEDITECH sandbox certification + Marketplace registration
- Parallel-run production cutover playbook with rollback procedures
Medical device cybersecurity & postmarket surveillance
FDA premarket cybersecurity per 510(k) Section 524B, Software Bill of Materials (SPDX / CycloneDX), IEC 80001 hospital-network risk plans, AAMI TIR57 patient-safety threat modeling, and ongoing postmarket complaint handling with ISO 14971 §10 risk re-evaluation. The work that begins at 510(k) submission and never ends — for device manufacturers operating fielded systems and for hospitals running connected device fleets.
- FDA 524B
- SBOM (SPDX / CycloneDX)
- IEC 80001
- ISO 14971 §10
What we deliver
- SBOM generation in SPDX or CycloneDX with vulnerability monitoring
- 510(k) Section 524B premarket cybersecurity documentation package
- AAMI TIR57 + AAMI SW96 patient-safety threat modeling for SaMD
- IEC 80001 hospital-network risk plans for connected device deployments
- Postmarket complaint handling + ISO 14971 §10 risk re-evaluation workflows
Whether you're connecting bedside monitors, deploying an IoMT platform, or building FDA-compliant device interfaces — our engineers help you integrate medical devices with clinical systems.
Book a Consultation Real-World Integrations
Device Integration Case Studies
See how medical device integration works in practice — from infusion pumps to alarm management to point-of-care testing.
Infusion Pump to EHR Integration
Connecting smart infusion pumps to Epic for automated medication administration documentation — eliminating manual charting and enabling closed-loop verification from drug library to eMAR.
Infusion Pump
"drugName": "Vancomycin",
"rate": 125,
"unit": "mL/hr",
"vtbi": 250
"rate": 125,
"unit": "mL/hr",
"vtbi": 250
HL7 Translator
// RAS^O17 Pharmacy Admin
MSH|^~\&|PUMP|ICU
RXA|1|1|Vancomycin
RXR|IV
MSH|^~\&|PUMP|ICU
RXA|1|1|Vancomycin
RXR|IV
EHR Record
Frequently Asked Questions
Common Questions
Medical device integration follows a gateway-based architecture where bedside devices communicate through an edge gateway that normalizes proprietary protocols into standard healthcare formats like HL7 v2 or FHIR R4. The gateway forwards normalized data to an integration engine — such as Mirth Connect or Rhapsody — which routes, validates, and transforms device observations before delivering them to the EHR as Flowsheet rows, FHIR Observations, or discrete clinical values. This architecture supports standards including IEEE 11073 SDC for point-of-care device communication, IHE PCD profiles for device data exchange, and direct serial or TCP/IP connections for legacy devices that predate modern standards.
IEEE 11073 Service-Oriented Device Connectivity (SDC) is a family of standards that defines how medical devices communicate in point-of-care environments. SDC replaces the earlier IEEE 11073 standards with a modern, service-oriented architecture based on web services and DPWS (Devices Profile for Web Services). It enables plug-and-play device discovery, bidirectional communication, and real-time streaming of vital signs data between devices and clinical systems. SDC is the foundation for the OR.NET initiative in Germany and is increasingly adopted by device manufacturers globally as the standard for interoperable device connectivity in operating rooms and ICUs.
IHE Patient Care Device (PCD) is a domain within the Integrating the Healthcare Enterprise framework that defines integration profiles specifically for medical device data exchange. The key profiles include DEC (Device Enterprise Communication) for sending device observations to clinical systems, ACM (Alarm Communication Management) for routing clinical alarms to communication platforms, and PIV (Point-of-Care Infusion Verification) for barcode-based medication verification at infusion pumps. These profiles build on HL7 v2 message types — primarily ORU^R01 for observations and ORA for alarm notifications — and provide a standardized, tested integration pattern that works across device vendors and EHR platforms.
IoMT (Internet of Medical Things) devices connect to hospital networks through a layered architecture that balances clinical data availability with network security. At the edge layer, devices communicate via Wi-Fi, Bluetooth Low Energy, Zigbee, or cellular connections to local gateways or access points. These gateways perform protocol translation and initial data filtering before forwarding observations to a central IoMT platform. The platform layer handles device registration, data normalization, identity management, and routing to downstream clinical systems. Network segmentation using VLANs and firewall policies isolates device traffic from general IT systems, and edge computing nodes provide low-latency processing for time-critical clinical alerts without depending on cloud round-trips.
The FDA requires medical device manufacturers to address cybersecurity throughout the total product lifecycle. For premarket submissions (510(k), PMA, De Novo), manufacturers must provide a threat model identifying attack surfaces, a Software Bill of Materials (SBOM) listing all software components and third-party libraries, evidence of security testing including static analysis and penetration testing, and a plan for coordinated vulnerability disclosure. Under the 2023 Refuse to Accept policy, submissions lacking cybersecurity documentation are rejected without review. Postmarket, manufacturers must monitor for vulnerabilities in deployed devices, issue timely patches, and participate in Information Sharing and Analysis Organizations (ISAOs). Healthcare delivery organizations are responsible for applying patches, maintaining network segmentation, and conducting IEC 80001 risk assessments when connecting devices to clinical networks.
Remote patient monitoring (RPM) uses connected medical devices and wearables to collect patient health data — vital signs, blood glucose, weight, blood pressure, pulse oximetry, and activity levels — outside of traditional clinical settings and transmit it to healthcare providers for review and clinical action. RPM integration with EHR systems follows a multi-tier architecture: patient devices transmit data via Bluetooth or cellular to a mobile app or home hub, which forwards observations to a cloud-based RPM platform. The platform normalizes, validates, and stores device data, then pushes clinical observations into the EHR as FHIR Observations or HL7 v2 ORU messages, appearing in the provider's workflow as discrete flowsheet values. RPM is reimbursable under CMS CPT codes 99453–99458, covering device setup, data transmission, and provider review time. The RPM market is growing rapidly as health systems adopt remote monitoring for chronic disease management (heart failure, COPD, diabetes, hypertension), post-surgical recovery, and hospital-at-home programs. Saga IT builds RPM integration pipelines that connect device platforms to EHR systems with clinical alerting, trending dashboards, and automated escalation workflows — and the patient-facing RPM and mobile health apps that sit on top of those pipelines.
Medical device consulting engagements range from $40,000 to $500,000+ depending on the regulatory and integration scope. Short-form advisory engagements (IMDRF SaMD pathway selection, IEC 62304 gap analysis, FDA pre-submission strategy) typically run $40K–$120K over 4–12 weeks. Full QMS / ISO 13485 build-out, 510(k) submission support with predicate research and substantial-equivalence narrative, or end-to-end SaMD lifecycle engagements scale to $250K–$500K+ over 6–18 months. Saga's medical device consulting practice covers IEC 62304, ISO 14971, ISO 13485, FDA 21 CFR 820, FDA premarket cybersecurity (Section 524B), and IEC 80001 hospital-network risk planning. Engagements are scoped per SOW after a no-cost discovery call.
Related Services
Explore More Services
Keep reading
Related resources
Talk to a Medical Device Consultant
From bedside monitors to IoMT platforms — let's connect your medical devices to clinical systems.
- 15 min conversation
- Healthcare IT engineers, not sales
- Reply within one business day
Book a 30-min call · or email us and we'll reply within one business day.
Intent
Details
Contact