Introduction

With the proliferation of smartphones, the market for mobile applications (apps) has developed very rapidly in recent years, becoming a key driver of mobile health (mHealth) deployment. App developers have created health apps for almost everything: apps that measure vital signs such as heart rate, blood glucose level or brain activities; apps that provide health related communication, information and motivational tools; apps that process photos of the patient's skin and send them to the dermatologist;[1] apps that help diabetic patients manage their daily routine by visualizing patterns in their blood sugar curve;[2] even apps that monitor medication compliance by collecting physiological data from a sensor that the patient swallows.[3] As Apple put it: "There's an app for that!"[4]

In its Green Paper on mHealth published in April 2014,[5] the European Commission (EC) explained that mHealth covers"medical and public health practice supported by mobile devices, such as mobile phones, patient monitoring devices, personal digital assistants, and other wireless devices," as well as "applications such as lifestyle and wellbeing apps as well as personal guidance systems, health information and medication reminders provided by sms and telemedicine provided wirelessly."[6]

There are two categories of health related apps, which are broadly called mHealth apps[7] (although the distinction is not always straightforward): (a) apps for the purpose of prevention, diagnosis and treatment of diseases (medical apps); and (b) apps relevant to lifestyle, fitness and well-being (nonmedical apps).

This article examines when mHealth apps fall under the EU regulatory framework for medical devices.

The applicable EU regulatory framework: software as a medical device

In the EU, medical devices are regulated under the Medical Devices Directive (93/42/EEC)[8] and the In Vitro Diagnostic Medical Devices Directive (98/79/EEC) (together, Directives). The EU Directives are under revision and will be replaced by two new Regulations, which are currently under consideration by the EU Parliament and Council.[9]

Software embedded/incorporated into medical hardware (e.g., software that controls a CT scanner) is part of the medical device already. By contrast, "standalone software" such as that used in mHealth apps[10] is considered a medical device and falls under the scope of the Directives only if it has a "medical purpose".[11] Standalone software intended for general purposes is not a medical device, even when it is used in a healthcare setting.[12]

Pursuant to the Directives, standalone software has a "medical purpose" if it is intended by the manufacturer to be used for human beings for the purposes of: (a) diagnosis, prevention, monitoring, treatment or alleviation of disease; (b) diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap; (c) investigation, replacement or modification of the anatomy or of a physiological process; or (d) control of conception.[13] The manufacturer's intended purpose is inferred from the data supplied on the device's labelling, or in the device's instructions and/or promotional materials (e.g., brochures, webpages).[14]

mHealth apps need to have a "medical purpose" to fall under EU legislation

Neither the existing nor the proposed legislation specifies what types of mHealth apps are captured under the EU regulatory framework.[15] Based on the general principles described above, mHealth apps fall under the Directives if they have an intended "medical purpose." The manufacturer's intended purpose is "medical" if the app is specifically designed for a medical setting and for performing a medical task. Thus, apps designed for general or domestic purposes are not subject to the Directives, even though they might be used in a healthcare setting or a medical context. As a result, the Directives do not apply to mHealth apps offering, for example, fitness or dietary recommendations, or apps measuring vital signs for wellness purposes. By contrast, apps that fulfil a medical purpose fall under the Directives, even though they may be used domestically.

Nonetheless, as healthcare models become more patient-centric, there can be some uncertainty as to the criterion of the "intended medical use." For example, the distinction between general "wellness" apps and "medical" apps may become somewhat unclear, as "wellness" apps supporting preventive and self-monitoring activities may significantly improve health outcomes.

Soft law guidance on medical devices classification

Guidance as to the classification of standalone healthcare software, including mHealth apps, is offered in the EC's Guidelines on the qualification and classification of standalone software (Guidelines) published in January 2012.[16] While the Guidelines offer a helpful framework, national authorities have often adopted a stricter/broader interpretation of the medical device classification when it comes to mHealth apps. The Commission has also confirmed that the Guidelines may need to be updated. Nonetheless, the Guidelines constitute a code of practice that the companies launching mHealth apps need to take into account.

The Guidelines' decisive criterion for a medical devices classification is whether the software is intended to interpret (or to facilitate the interpretation of) data by modifying or representing health related individual information.[17] Only then does the software pose a risk relevant to the regulatory scheme. Altering the representation of data purely for embellishment purposes is a nonmedical task.[18] Accordingly, an mHealth app is not a medical device if it merely performs an action limited to storing, archiving, compressing or transferring medical data, without interpreting/altering it.[19] The same applies to an app limited to collecting and transmitting medical data from a(n) (in vitro) diagnostic medical device in the home environment to a doctor, without modifying its content.[20] Equally, apps performing basic arithmetic operations, or plotting results in function of time, are not considered in vitro diagnostic medical devices.[21]

However, according to the Guidelines, the Directives do apply to tools combining medical knowledge with patient-specific physiological parameters.[22] In addition, apps providing immediate decision-triggering information, or altering the representation of data in a way that contributes to the interpretative or perceptual tasks performed by medical professionals, generally pose a risk for the patient's health and are subject to the Directives.[23]Likewise, apps intended to provide additional information that contributes to diagnosis and/or treatment (e.g., generate alarms) are qualified as medical devices.[24]

In an effort to provide more clarity, the European Working Group on Borderline and Classification issued an updated version of the manual on borderline and classification (Manual) in July 2014, which provides guidance on cases in which the classification of a device as medical is not straightforward.[25] According to the Manual, the In Vitro Medical Devices Directive does not apply to a device enabling users in a domestic setting to ascertain their blood group for dietary guidance.[26] The Medicines and Healthcare Products Regulatory Agency (MHRA) has also issued guidance on borderlines with medical devices.[27]

Conclusion

Given the speed of technological developments and the development of mobile solutions in a health context, the regulatory landscape is currently in flux. To ensure compliance, medical devices/pharmaceutical companies often opt for a broad interpretation of the term "medical device" or "medical purpose"—which results in a proportion of their mHealth apps falling under the Directives. However, it can be argued that such a conservative approach could hamper innovation, and therefore the benefits that mHealth could bring to healthcare in Europe. Updated guidance by the Commission would be welcomed by the stakeholders.