The Food & Drug Administration ("FDA") recently released nonbinding guidance regarding its regulation and oversight of mobile applications ("mobile apps") replacing its 2013 guidance on the topic. The use of healthcare related mobile apps is rapidly expanding, and the FDA has set forth the types of mobile apps it plans to regulate under its authority.

In its new guidance, the FDA discusses three categories of mobile apps: (1) those that are not medical devices, meaning they do not meet the definition of a device under The Federal Food, Drug and Cosmetic Act ("FD&C Act"); (2) mobile apps that may meet the definition of a medical device, but pose a low risk to the public; and (3) mobile medical apps, which the FDA considers medical devices whose functionality could pose a risk to a patient's safety if the mobile app were to not function as intended.

The FDA has no authority to regulate mobile apps that do not qualify as medical devices. In determining whether a mobile app is a medical device, the FDA is focused on the functionality, or intended use, of the app and not the platform (e.g., smartphone, tablet) upon which it operates. Generally, if a mobile app is intended for use in the diagnosis, curing, mitigation, treatment or prevention of disease, it is a medical device. In determining a device's intended use, the FDA looks to labeling claims, advertising materials and oral and written statements by manufacturers or their representatives. For example, most mobile devices have an app that operates an LED flashlight. If the manufacturer intends only for the LED to light up objects (without a specific medical intended use), the app would not be considered a medical device. If, however, through marketing, labeling and other circumstances surrounding distribution, the app is promoted as a light source for physicians to examine patients, then the intended use is medical, and the mobile app would be considered a medical device. 

The FDA plans to exercise enforcement discretion (meaning that FDA does not intend to enforce requirements under the FD&C Act) for mobile apps that qualify as medical devices but pose a low risk of harm. However, the FDA still strongly recommends that all manufacturers of mobile apps that qualify as medical devices follow quality systems regulation (including good manufacturing practices) in the design and development of their mobile medical apps and initiate prompt corrections when appropriate to prevent patient and user harm. The FDA specifies that it intends to exercise enforcement discretion for mobile apps that: 

  • provide or facilitate supplemental clinical care, by coaching or prompting, to help patients manage their health in their daily environment;
  • provide patients with simple tools to organize and track their health information; 
  • provide easy access to information related to patients' health conditions or treatment; 
  • specifically are marketed to help patients document, show, or communicate to providers potential medical conditions;
  • perform simple calculations routinely used in clinical practice; 
  • enable individuals to interact with Personal Health Record or Electronic Health Record systems; or
  • meet the definition of Medical Device Data Systems, as defined in federal regulations. 

It is worth noting that this new 2015 guidance significantly expands the 2013 FDA list of mobile apps that are "subject to enforcement discretion," adding mobile apps like those that help track or manage patient immunizations; provide drug-drug interactions, relevant safety information, clinical information and current diagnosis; and allow a user to collect, log, track and trend data, such as blood glucose, blood pressure, heart rate, weight or other data from a device to eventually share with a healthcare provider, or upload an online (cloud) database, personal or electronic health record.

FDA oversight is focused on category (3) - mobile medical apps, which the FDA has determined could pose a risk to patient safety if it does not function correctly. In addition to qualifying as a medical device, the FDA defines a mobile medical app as either intended (a) for use as an accessory to a regulated medical device; or (b) to transform a mobile platform (e.g., a smartphone) into a regulated medical device. The level of regulation for mobile medical apps will depend upon the applicable device classification, i.e., Class I, II or III. FDA considers mobile apps that do the following to be mobile medical apps subject to regulatory oversight: 

  • serve as an extension of one or more medical devices by connecting to such devices to control the device or for use in active patient monitoring or analyzing medical device data; 
  • transform a mobile platform into a regulated medical device by using attachments, display screens or sensors or by including functionalities similar to those of currently regulated medical devices; and 
  • perform patient-specific analysis and provide patient-specific diagnosis, or treatment recommendations, thus becoming a regulated medical device.

The FDA guidance gives numerous specific examples of mobile apps that fall into each category and subcategory, including three non-exhaustive appendices – one dedicated to each category. A partial list of illustrative examples for each category is found below.

The FDA's guidance also thoroughly discusses and provides examples of who qualifies as a "manufacturer" of a mobile medical app. For example, a mobile medical app manufacturer may include anyone who initiates specifications, designs, labels or creates a software system or application for a regulated medical device in whole or from multiple software components. However, it does not include persons who exclusively distribute mobile medical apps, such as Google play, iTunes App store and Blackberry App World.

Click here to view table.