It is predicted that by 2017 3.4 billion people worldwide will own a smartphone and half of them will be using mobile health applications (mHealth apps).  Around 100,000 mHealth apps are currently available across multiple platforms, covering a broad spectrum of functions from health information and motivation tools (such as medicine reminders and fitness recommendations) to monitoring and diagnostic support.  mHealth has the potential to transform healthcare through improved efficiency and quality as well as by empowering patients through self-assessment and remote monitoring.  It also presents challenges, in particular with regard to patient safety and data security.

This article is the first in a series on mHealth and focuses on the regulation of apps as medical devices in the UK.

When is an app a medical device?

In the UK the Medicines and Healthcare Products Regulatory Authority (MHRA) is responsible for the regulation of medical devices.   Software will be a medical device under the Medical Devices Regulations 2002 if it is intended by the manufacturer to be used for the purpose of:

  • diagnosis, prevention, monitoring, treatment or alleviation of disease;

  • diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap;

  • investigation, replacement or modification of the anatomy or of a physiological process; or

  • control of conception.

Some health apps have been registered as medical devices including:

  • the Mersey Burns app, which helps clinicians calculate burn area percentages and fluid prescriptions; and

  • OncoAssist, which was designed to provide oncologists with quick and easy access to prognostic tools that can help with decisions surrounding patient stratification and suitability for inclusion into clinical trials.

Not all mHealth apps will fall under the Medical Devices Regulations, and the MHRA has issued guidance on where the line is drawn. The MHRA will consider the purpose of the app as stated by the manufacturer, including claims given in promotional materials for the device such as brochures and webpages.  The guidance also includes some examples of apps that might be classed as medical devices as well as some specific words (including interpret, calculates, detects, diagnose and monitor) which, if included in the promotional material, are likely to contribute to the MHRA determining that the app is a medical device.  Apps that diagnose, that support diagnosis or clinical decisions that make calculations to determine diagnosis or treatment will be classed as medical devices. Apps providing general information but not personalised advice are unlikely to be considered a medical device, even if targeted to a particular user group.  Unsurprisingly, an app that is used to book an appointment, request a prescription or have a virtual consultation is also unlikely to be considered a medical device if it only has an administrative function. 

What are the consequences of an app being a medical device?

If an app falls within the definition of medical device, then the manufacturer must meet the ‘essential requirements’ set out in the Medical Devices Regulations. To show compliance with the essential requirements, the manufacturer will need to follow the conformity assessment procedure appropriate for the category of device, which is determined according to the risk classification of the device. Lowest risk devices (class 1) can be certified by the manufacturer on the basis of a self-declaration of conformity (the Mersey Burns app has been classified as a class 1 medical device).  The higher the risk category into which the device falls, the higher the level of assessment and scrutiny undertaken by the MHRA. 

Once the assessment has been completed the manufacturer can apply the ‘CE mark’ to the device to show that it has undergone the appropriate conformity assessment in accordance with the essential requirements. The CE marking enables free movement of the device within the European Economic Area without the need for further approval in each country. 

With regard to the use of apps in clinical practice, the Royal College of Physicians has recently published a set of guidelines. The guidance document provides that doctors should only use apps in clinical practice that have a CE mark and emphasises the importance of exercising professional judgment when using apps in clinical practice.

What about medical apps that are not regulated as medical devices?

Various concerns have been raised by consumers, clinicians and professional bodies as to the safety and efficacy of medical and well-being apps that fall outside the definition of ‘medical device’.  In many instances public app stores will check apps for platform standards but not question the clinical content.  Recent studies have noted the lack of evidence and medical professional involvement in the design and development of many medical and well-being apps, which raises concerns about validity and accuracy of their content.   This has led to calls for greater regulation to ensure public safety.  

This concern was considered in the Department of Health’s ‘Personalised Health and Care 2020’ framework document published in November 2014, which proposes a kitemarking system for apps endorsed by the NHS that meet a relevant industry standard.  The framework document provides that a proposal on the kitemarking scheme will be published for consultation later this year. 

The British Standards Institute published a new code of practice for healthcare app development on 30 April 2015 (PAS 277).  The code, which is not mandatory, is aimed at healthcare apps that are not regulated as medical devices and covers apps intended for use by both healthcare professionals and the general public in the UK.  It is particularly aimed at apps that can be downloaded from platforms such as the Apple Store or Google Play. PAS 277 is based on existing medical device and software principles and provides a set of quality standards covering the full life-cycle of the app, including advice on maintenance and risk management standards. 

NHS England has tried proactively to manage the risk posed by unregulated health apps by establishing an online Apps Library available through the NHS Choices website.  The Apps Library contains a collection of apps that have been reviewed by the NHS to ensure that they are clinically safe, relevant to people living in the UK, comply with data protection laws and utilise trusted sources of information.  
What next?

In January 2015 the European Commission published its Green Paper Consultation on mHealth.  Privacy and security, patient safety, a clear legal framework and better evidence on cost effectiveness were all identified as key areas to be addressed in relation to mHealth.  The Commission will, during the course of 2015, discuss with stakeholders the options for policy action.  mHealth was one of the key topics on the agenda of eHealth week in Riga in May 2015. As such, we will be monitoring developments in this exciting and fast-developing area so that we can bring you further updates as the industry grows.