Consulting
LLP
Back to Insights
Healthcare IT November 2025 9 min read

IoT in Healthcare: From Wearables to Smart Hospitals

Healthcare IoT spans patient monitoring, asset tracking, and smart buildings. This guide covers categories, integration challenges, security risks, and practical implementation steps.

The Internet of Medical Things

The Internet of Things (IoT) — the network of physical devices embedded with sensors, connectivity, and data processing capability — has been transforming healthcare environments for over a decade. From wearable devices that monitor patients' heart rhythms at home to smart infusion pumps that send dosing data to the pharmacy system, IoT is extending the reach of clinical data collection beyond the consultation room and into every moment of the patient's experience of illness.

The healthcare IoT market — often referred to as the Internet of Medical Things (IoMT) — encompasses an enormous range of devices: bedside patient monitors, connected insulin pens, implantable cardiac monitors, hospital bed sensors, smart medication dispensers, asset tracking tags, environmental sensors, and wearable consumer health devices used for clinical purposes. The common thread is connectivity: data generated by these devices flows to clinical systems, analytics platforms, and sometimes directly to patients, enabling new models of care.

The clinical and operational benefits are real and well-documented. IoT-enabled continuous monitoring reduces undetected patient deterioration. Remote monitoring programmes keep patients with chronic diseases connected to their care teams without requiring frequent in-person visits. Asset tracking reduces time spent searching for equipment and supports preventive maintenance. Smart building systems improve infection control and energy efficiency.

But healthcare IoT also introduces specific risks — security vulnerabilities, integration complexity, regulatory obligations, and operational challenges — that organisations must manage deliberately.

Categories of Healthcare IoT

Patient Monitoring

Connected patient monitoring is the highest-stakes category of healthcare IoT. Devices in this category include:

Bedside monitoring systems: Multi-parameter monitors measuring ECG, SpO2, blood pressure, respiratory rate, and temperature are standard in acute care environments. Modern systems transmit data continuously to central nursing stations and, in advanced implementations, to EHR flowsheets.

Wearable monitoring devices: Devices worn by patients — either continuously during a hospital stay or at home — capture physiological data over extended periods. Ambulatory cardiac monitors, continuous glucose monitors, and wearable vital sign patches are examples. The data they generate is richer than periodic spot measurements and enables early detection of deterioration.

Implantable devices: Cardiac implantable electronic devices (CIEDs) — pacemakers, defibrillators, cardiac resynchronisation therapy devices — increasingly include remote monitoring capability, transmitting device data and cardiac event logs to cardiologists' monitoring platforms without the patient needing to attend a clinic.

Remote Patient Monitoring (RPM)

Remote patient monitoring programmes use IoT devices in the home to track patients with chronic conditions. Blood pressure monitors, weight scales, pulse oximeters, and spirometers transmit readings via Bluetooth or cellular to a monitoring platform. Clinical algorithms or care team review identifies patients whose readings are trending towards deterioration.

RPM is particularly well-evidenced in heart failure management — where daily weight and symptom monitoring can identify fluid retention early enough to prevent hospitalisation — and in hypertension management. The clinical and economic case for RPM in high-cost chronic disease populations is strong, which is driving rapid growth in RPM programmes globally.

Asset Tracking

Hospital asset tracking uses IoT location tags — based on RFID, Bluetooth Low Energy (BLE), or Wi-Fi triangulation — to track the location of expensive mobile equipment: infusion pumps, ventilators, wheelchairs, portable ultrasound devices. The average large hospital has thousands of pieces of mobile equipment, and finding a specific device when it is needed urgently is a persistent operational problem.

Real-time location systems (RTLS) reduce the time clinical staff spend searching for equipment, enable more efficient equipment utilisation, support preventive maintenance scheduling by tracking usage hours, and can trigger alerts when equipment is moved to unauthorised areas (an important control for high-value assets and controlled-access areas).

Environmental Sensing

Smart hospital building systems use IoT sensors to monitor and control the physical environment in ways that affect both patient safety and operational efficiency:

  • Temperature and humidity monitoring in pharmacies, laboratories, and operating theatres, where environmental conditions affect drug and specimen integrity and infection control
  • Refrigerator and freezer monitoring for blood products, vaccines, and medications, with alerts when temperature goes out of range
  • Air quality and pressure monitoring in isolation rooms and operating theatres
  • Hand hygiene compliance monitoring using sensors on hand sanitiser dispensers or wearable devices that prompt staff to clean hands at appropriate times

Consumer Wearables in Clinical Contexts

Consumer wearable devices — Apple Watch, Fitbit, Garmin devices, and similar products — are increasingly being used in clinical contexts. Studies have validated the use of consumer-grade wearables for detecting atrial fibrillation, monitoring physical activity in cardiac rehabilitation, and tracking sleep in mental health programmes. The Apple Watch's FDA-cleared ECG feature has identified previously undetected atrial fibrillation in numerous users.

The integration of consumer wearable data into clinical workflows raises questions about data quality, liability, and information governance that organisations need to address before incorporating wearable data into clinical decision-making.

Integration with EHR and Analytics Platforms

The clinical value of healthcare IoT is only realised when device data is accessible in the systems where clinical decisions are made. A bedside monitor whose data is visible on a dedicated screen but never flows into the EHR flowsheet generates no lasting clinical record and cannot inform analytics.

Integration architecture for healthcare IoT typically involves:

Device connectivity layer: Middleware that collects data from multiple devices — often using proprietary protocols or vendor-specific APIs — and normalises it into a standard format. Products like Philips IntelliSpace Critical Care, Capsule Technologies (now part of Nuvolo), and similar platforms serve this function.

HL7 and FHIR integration: Normalised device data is mapped to HL7 or FHIR formats for transmission to the EHR. FHIR R4 Observation resources are the standard mechanism for representing device-generated vital signs and measurements in a FHIR-enabled environment.

Analytics platform integration: Continuous high-frequency data from monitoring devices — particularly in ICU environments — is often too granular for the EHR. Dedicated analytics platforms or data lakes capture this data for retrospective analysis and predictive model development.

Security Risks Unique to Medical IoT

Healthcare IoT introduces security risks that are qualitatively different from standard enterprise IT security:

Vulnerable legacy devices: Many medical devices run embedded operating systems that are no longer supported or cannot be updated in the field. A network-connected infusion pump running Windows XP cannot be patched against current vulnerabilities. Compensating controls — network segmentation, monitoring, and physical access controls — are required.

Clinical impact of compromise: A compromised EHR server is a serious incident. A compromised infusion pump that can have its dosing parameters altered remotely is potentially life-threatening. The clinical stakes of medical IoT security breaches are uniquely high.

Network proliferation: IoT devices massively expand the network attack surface. Each connected device is a potential entry point for an attacker. Hospitals that have deployed hundreds or thousands of IoT devices without a comprehensive device inventory and network segmentation strategy have significantly increased their vulnerability.

Data privacy: Continuous physiological monitoring generates highly sensitive data. Data governance policies must address who can access this data, how long it is retained, and how it is protected.

FDA and Regulatory Considerations

Medical devices — including connected health devices — are subject to regulatory oversight in most jurisdictions. The FDA's framework in the US distinguishes between devices with specific diagnostic or therapeutic functions (regulated as medical devices) and general wellness or low-risk monitoring tools (not regulated or regulated with limited oversight).

The FDA's Digital Health Center of Excellence and its Software as a Medical Device (SaMD) guidance provide the framework for understanding when software running on or connected to an IoT device requires regulatory clearance or approval. In Europe, the EU Medical Device Regulation (MDR) applies similar principles. Healthcare organisations deploying IoT devices in clinical care should verify the regulatory status of each device and ensure that cleared or approved devices are used within their cleared indications.

Practical Implementation Steps

  1. Device inventory: Conduct a comprehensive inventory of all connected devices in the environment before expanding the IoT footprint
  2. Network segmentation: Implement network segmentation that isolates medical devices from general IT infrastructure, limiting the blast radius of any security incident
  3. Security baseline: Apply security configurations to every device where possible — default passwords changed, unnecessary services disabled, firmware updated to the latest supported version
  4. Integration architecture: Define the integration architecture before procurement — which devices need to send data to the EHR, via which protocol, at what frequency
  5. Governance framework: Establish a medical device IT governance committee with clinical, IT, and security representation to oversee procurement, integration, and ongoing management
  6. Staff training: Clinical staff need training on both the clinical use and the security responsibilities associated with connected devices

FZ Consulting LLP supports healthcare organisations in IoT strategy, medical device integration architecture, and cybersecurity frameworks for connected health environments. Contact our team to discuss your smart hospital programme.