Please note: I would have posted this question on HealthIT.SE but they are apparently now closed for business, and I believe this site is the next most appropriate place to ask this. I believe this question is on topic because it involves circuit verification and certification.
I'm very interested in the open source OpenBCI device and the bevy of apps and devices I could see it allowing integration with. Their open source license allows derivation (provided attribution), and I think this is going to open up flood gates with respect to commercial devices that build off of its hardware design.
In the commercial domain, I was curious as to what regulations/standards may come into focus for any companies selling OpenBCI and/or hardware componentry built up off of the OpenBCI mainboard. I ask because the biodata being streamed from the OpenBCI is EEG (brain wave) data, EMG data, EKG data, etc... this may very well constitute biomedical data that may be protected by things like HIPAA, etc.
I've heard of IEC 6061 but that is the only biomedical/technical safety standard I'm aware of.
So I ask: if I was building a commercial device that used OpenBCI as its core, and that was streaming EEG/EMG/EKG data from it, what sort of standards (besides IEC 6061) might I have to have the electronics verified/certified to?