Thanks for all the replies, apologies for the late response.
Yes, it would make a lot more sense to use a bootloader, and although I will take a look at the adapter described in the link sent by Pedja089, it is probably not certified for the 10kV isolation that the application demands.

The application is for an existing piece of hardware built around a 18F67K22 - production changes to the hardware itself would be expensive.
That's why I was considering using an external optocoupler-based adapter and connecting it permanently to the ICSP port on the existing hardware.

The problem with using a bootloader is that there is no remotely-accessible reset function on the existing hardware. If it were a new design, I could use an output pin from the MCU to drive a one-shot pulse circuit which would pull down the MCLR pin causing a reboot and the option of entering the bootloader via the existing (already optoisolated to 10kV!) RS485 port (goes to the USART of the MCU). Are the any pre-coded bootloaders for this MCU that can be accessed from the main (PBP) code - i.e. post-boot, WITHOUT a reset button? Suggestions on how to do a reboot without reset button, and without pulling MCLR low? Maybe by using the WDT and with a USART command calling a timeout?