The Food and Drug Administration has issued a draft guidance document to inform industry about how the FDA intends to apply its regulatory authority to software applications intended for use on mobile platforms (“mobile apps”).

As mobile platforms such as smart phones and tablet computers become more powerful and readily available, software developers have begun to develop increasingly complex mobile apps for those platforms, including mobile apps targeted to assisting individuals in their own health and wellness management and targeted to healthcare providers to improve and facilitate the delivery of patient care.

The FDA has formally classified certain types of software applications as medical devices and identified specific regulatory requirements that apply to those devices.  Some regulated software applications are applications that are embedded in another device (such as an electrocardiographic system); others are stand-alone devices (such as a laboratory information system).  As a general matter, when standalone software is used to analyze medical device data, it has traditionally taken on the risk classification of the “parent” device—standalone software that analyzes data from a Class III (high-risk) device would itself be classified as a Class III device; while standalone software that analyzes data from a Class I (low risk) device would itself be classified as Class I.  Software that is not used for data analysis but is merely intended to be used for the electronic transfer, storage, display and/or format conversion of medical device data is referred to as a Medical Device Data System, and is generally classified as low-risk.

The FDA’s new guidance notes that mobile medical apps may pose additional or different risks due to the unique characteristics of the platform.  For example, the interpretation of radiological images on a mobile device could be adversely affected by the smaller screen size, lower contrast ratio and uncontrolled ambient light of the mobile platform.

The guidance defines “mobile medical apps” as mobile apps that meet the definition of a medical device (i.e., is intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease or is intended to affect the structure or any function of the body and does not achieve its purpose through chemical action or being metabolized) and either (i) is used as an accessory to a regulated medical device or (ii) transforms a mobile platform into a regulated medical device.  The FDA gives several examples of the types of mobile medical apps over which the agency intends to exercise regulatory oversight:

  • Mobile apps for displaying, storing or transmitting patient-specific medical device data in its original format. Examples of mobile apps that display data include apps for remote display of data from bedside monitors, display of previously stored EEG waveforms, and display of medical images directly from a PACS server.  Generally, the FDA intends to regulate these devices as Class I devices, which are subject to general controls with no premarket clearance or approval required.
  • Mobile apps for controlling the intended use, function, modes or energy source of a connected medical device.  Examples of mobile apps that control a medical device include apps that provide the ability to control inflation and deflation of a blood pressure cuff and apps that control the delivery of insulin on an insulin pump.  Generally, the FDA will consider such mobile medical apps as accessories to the connected medical device, and thus the mobile medical app will be required to comply with the regulations applicable to the connected medical device.M
  • Mobile apps that transform or make the mobile platform into a regulated medical device.  Examples of such mobile apps include a mobile app that transforms the mobile platform into an electronic stethoscope, or a mobile app that displays radiological images for diagnosis.  Such mobile apps are required to comply with the regulations applicable to the device classification associated with the transformed platform (e.g., the regulations applicable to electronic stethoscopes and the regulations applicable to the display of radiological images by a PACS).
  • Creating alarms, recommendations or creating new data by analyzing or interpreting medical data.  These mobile apps are also considered as accessories to the medical devices from which the medical data is collected and are classified under the same regulations.  For example, a mobile app that analyzes blood glucose readings to help manage diabetes has been classified as part of a glucose test system, and a mobile app that is used for patient monitoring has been classified as cardiac monitoring software.  However, the agency plans to issue separate guidance for mobile medial apps that will analyze, process or interpret medical device data from more than once device—such apps could be classified as either higher or lower risk than the devices to which they connect, depending upon the circumstances.  The FDA is seeking public comment on how it can provide greater clarity for these types of mobile apps.

FDA guidance documents such as the one described in this bulletin do not establish legally enforceable responsibilities.  Instead guidance documents describe the FDA’s current thinking on a topic and should be viewed only as recommendations, unless specific regulatory or statutory requirements are cited.