On September 23, 2013, the FDA issued a guidance (“Final Guidance”) explaining how medical device regulations will be applied to medical mobile applications (MMAs). The Final Guidance provides mobile application manufacturers with recommendations on how to comply with the regulatory and statutory requirements governing medical devices. The Guidance indicates that the FDA intends to limit its enforcement authority to only those mobile applications that operate as medical devices and pose a significant risk to patients if they fail to function as intended.
The Final Guidance outlines three categories of mobile applications (mobile apps) generally: (1) mobile apps that are not medical devices as defined under the Federal Food, Drug, and Cosmetic Act and are therefore not subject to FDA regulation; (2) mobile apps that may meet the definition of a medical device but over which the FDA intends to exercise enforcement discretion because these applications pose a low risk to the public; and (3) mobile apps that meet the definition of a medical device and which the FDA will regulate due to the significant potential risk to patient safety.
Parties Subject to Regulation
The Final Guidance applies to mobile application manufacturers—any person or entity that manufactures MMAs in accordance with the definitions of “manufacturer” found in 21 CFR Parts 803, 806, 807, and 820—including those who initiate specifications, design, label, or create the application. The Guidance indicates that when a developer (i.e., an entity that provides engineering, design, and development services) creates a mobile medical app in accordance with a third-party’s specifications (the “author”), it is the author who is considered the “manufacturer.” The Guidance states that entities exclusively involved in the distribution of mobile medical applications (e.g., Apple’s “App Store”) will not be considered “manufacturers.” The Guidance similarly states that the FDA does not intend to regulate manufacturers or distributors of mobile platforms (e.g., smartphones and tablets) marketed for general use.
Mobile Applications Subject to Regulation
The FDA has jurisdiction to regulate “medical devices,” defined as “an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory … which is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease.” A mobile app intended for medical use falls under the definition of a “medical device,” a determination made by evaluating labeling claims, advertising materials, and statements by manufacturers and their representatives.
The Final Guidance indicates that FDA will regulate MMAs that either (1) are intended to be used as an accessory to a regulated medical device or (2) transform a mobile platform into a regulated medical device. Specifically, the FDA will regulate three categories of mobile apps:
- Mobile apps that act as an extension of a medical device by connecting to the device in order to control the device or display, store, analyze, or transmit patient-specific data. For example: mobile applications that control delivery of insulin by an insulin pump or that control inflation of a blood pressure cuff, as well as apps for remote display of patient monitors or remote display of radiological images from a Picture Archiving and Communications (PACS) server. This category also includes Medical Device Data System (MDDS) apps that display, store, or transmit medical device data in their original form without controlling or altering the functions of any connected device. MMAs that fall under this category are generally subject to the regulations governing the medical device to which they operate as an extension.
- Mobile apps that transform a mobile platform into a medical device by using attachments, display screens, or sensors or other medical device functionalities. For example: an application that allows a mobile platform to operate as a glucose meter through an attachment to a glucose strip reader; an app that turns a smartphone into an electronic stethoscope through an attachment to an external sensor; or an app that measures EKG signals through the use of external electrodes. MMAs that fall under this category must comply with the device classification associated with the transformed platform.
- Mobile apps that become a regulated medical device by performing patient-specific analysis and providing patient-specific diagnosis or treatment recommendations. For example: mobile applications that use patient-specific parameters and calculate dosage or create a dosage plan for radiation therapy. The Final Guidance indicates that these types of mobile medical apps are similar to or perform the same function as those types of software devices that have been previously cleared or approved. FDA gives as examples mobile apps that perform “sophisticated analysis” or interpret data from another device. In this case, manufacturers are encouraged to contact the FDA to determine what regulatory requirements may apply.
Mobile app manufacturers should consult the Final Guidance to determine whether their mobile app is subject to regulation. When a mobile app falls within the category of regulated applications, the manufacturer should determine which device classification level applies. The Final Guidance explains how to classify an MMA and directs manufacturers to the appropriate set of regulations. Regardless of classification, however, all MMA manufacturers will be required to comply with the FDA’s “General Controls” for medical devices, including regulations that cover establishment registration and device listing; pre-market safety and effectiveness investigations; labeling; pre-market clearance; adverse event reporting; and corrections and removals.
Mobile Applications Not Subject to Regulation
Certain mobile apps that meet the definition of a “medical device” will not be regulated at this time because the FDA has determined that these apps pose fewer risks to patients. This includes the following categories:
- Mobile apps that provide or facilitate supplemental clinical care, by coaching or prompting, to help patients manage their health in their daily environment. The Final Guidance indicates that this category includes medication reminder apps intended to improve adherence, as well as apps that coach patients with specific conditions and promote strategies for maintaining health.
- Mobile apps that provide patients with simple tools to organize and track their health information. These apps may allow patients to input measurements and symptoms, but they do not provide any specific recommendations nor are intended to alter a previously prescribed treatment or therapy.
- Mobile apps that provide easy access to information related to patients’ health conditions or treatments (beyond providing an electronic “copy” of a medical reference). These apps match patient-specific inputs regarding diagnosis, treatment, allergies, and/or symptoms to clinical reference information.
- Mobile apps that are specifically marketed to help patients document, show, or communicate to providers potential medical conditions. This would include, for example, apps that enable an individual to use a smartphone camera to take a photo of his/her condition and transmit the information to a healthcare provider.
- Mobile apps that perform simple calculations routinely used in clinical practice. The underlying algorithms must be derived from and available in medical sources and texts. This would include, for example, apps for calculating Body Mass Index (BMI), mean arterial pressure, or APGAR score.
- Mobile apps that enable individuals to interact with personal or electronic health record systems. These apps allow patients to download and view information in their PHR or EHR.
Finally, the Final Guidance recognizes that some health-related mobile apps do not meet the definition of a medical device. These apps will not be subject to the FDA’s regulations. The Guidance provides a non-exhaustive list of mobile apps that are not considered medical devices. The list includes:
- Mobile apps that are intended to provide access to electronic copies of medical textbooks or other reference materials.
- Mobile apps that are intended for health care providers to use as educational tools for medical training.
- Mobile apps that are intended for general patient education.
- Mobile apps that automate general office operations in a health care setting that are not intended for the diagnosis or treatment of disease.
- Mobile apps that are generic aids or general purpose products.
Manufacturers of both types of unregulated mobile apps should continue to monitor statutory and regulatory developments which may lead to future oversight. MMA developers should also remain aware of other regulations that affect mobile apps, including privacy rules enforced by the FTC and state governments, and U.S. export requirements concerning applications that use encryption. Distributors of mobile apps may contractually impose requirements as well.
The Final Guidance is good news for the health care community. The FDA’s voluntary limitation of enforcement authority shows that the FDA appreciates the need for innovation and the development of applications that improve individual health habits and health care quality.
Importantly, the Final Guidance does not address either clinical decision-making support tools or electronic health records. These issues may be addressed in January 2014, when the FDA, in conjunction with the National Coordinator for Health Information Technology, releases a report describing a risk-based regulatory framework for health information technology.