The new interactive tool highlights the relevant federal regulatory schemes, but the high-level analysis may limit its value to mobile health app developers.
In an attempt to clarify the federal regulatory requirements applicable to mobile health apps, the Federal Trade Commission (FTC) recently released a web-based tool developed in conjunction with the US Food and Drug Administration (FDA), the US Department of Health and Human Services’ (DHHS’s) Office of the National Coordinator for Health Information Technology (ONC), and DHHS’s Office for Civil Rights (OCR). This Mobile Health Apps Interactive Tool is intended to assist developers in navigating the various federal requirements that may be applicable to their mobile health apps. Although the new online tool is user-friendly and helpful in highlighting which regulatory schemes may affect mobile health apps, the simplistic approach that the new tool uses limits the value of its regulatory guidance. Developers, therefore, should be cautious in relying on the tool’s output to provide a complete and accurate analysis of the regulatory requirements that govern their mobile health apps.
More specifically, the new Mobile Health Apps Interactive Tool is intended to assist developers in determining how or whether their apps are subject to the requirements under the Federal Food, Drug, and Cosmetic Act (FFDCA), the FTC Act, the FTC’s Health Breach Notification Rule, and the Health Information Portability and Accountability Act (HIPAA). The tool is presented in a question/answer format, using basic, high-level questions designed to determine whether a mobile health app is subject to certain federal requirements. Questions address, for example, the information received and transmitted by the app, whether the app is intended for a disease-related purpose, the level of risk presented by the app, and the type of entity providing the app (e.g., health provider or nonprofit). However, to respond accurately, developers must have an understanding of the legal definitions and concepts used in the questions, many of which are complex and nuanced. The interactive tool provides only high-level guidance on this point.
Additionally, the tool does not cover some regulatory issues that are highly relevant to mobile health apps, but for which final agency guidance is still outstanding. For example, the tool does not address FDA issues related to clinical decision support software, general wellness products, and device accessories, because FDA has yet to issue final guidance in these three areas. This omission is not insignificant; the FDA regulatory analysis for many mobile heath apps would be incomplete without an evaluation of these issues.
Concurrent with issuing its interactive tool, the FTC issued Mobile Health App Developers; FTC Best Practices. These include eight recommendations intended to help developers identify and address privacy and security requirements relevant to the development of their apps. Many of these recommendations provide practical advice to help developers minimize the collection of unnecessary private information. Also included are references to available free and low-cost tools that developers can take advantage of to help protect consumers’ privacy.