Mobile medical applications for smartphones and other mobile devices make up a growing industry. To date, app regulations by the Food and Drug Administration (FDA) and the U.S. Department of Health and Human Services have been limited. Concerned with issues of efficacy and safety as the usage of mobile medical apps gains momentum, the FDA recently signaled its intent to regulate the development and marketing of such applications. To that end, the FDA's Center for Devices and Radiological Health has announced plans to issue guidelines on mobile medical apps later this year.
Under current regulations, if the mobile device transmits only data and does not control or alter the function of a medical device it is exempt from the stricter rules that govern medical devices, such as those involved with patient monitoring. However, there are many new apps that have gone through the FDA approval process, including apps that allow physicians to monitor mothers and babies remotely from the delivery suite as well as remote viewing of diagnostic imaging, laboratory analysis, glucose levels and other diagnostic tools. As a result, such medical apps can potentially turn a smartphone into a medical device that is subject to FDA regulation.
Mobile medical applications also raise issues regarding the application of HIPAA/HITECH and its attendant requirements to covered entities and their business associates. Medical apps that store and/or transmit protected health information are subject to HIPAA, and covered entities should consider HIPAA compliance and risk assessment when purchasing these apps. Additionally, end users may be able to download and use these apps outside the normal software purchase process, and covered entities should review policies related to mobile apps as they pertain to protected health information and software acquisition. In the event of a healthcare provider's lost or stolen mobile device, covered entities should include an analysis of any medical apps that may have been contained or stored on the device.