The FDA’s Center for Devices and Radiological Health (CDRH) is taking a risk-based approach to medical device data systems (MDDS) and medical apps, again announcing that it will use its enforcement discretion for low-risk digital health products.

The regulator finalized its guidance on MDDS, and updated the medical apps guidance to bring it in line with the former. In an FDA blog post, Bakul Patel, associate director for digital health in the CDRH, and Jeffrey Shuren, director of the CDRH, wrote that the FDA is “narrowly tailoring” its regulatory approach to the degree of risk to patients. He also noted that by issuing these documents, CDRH is attempting to distinguish products that will be regulated under a “low risk” classification from products for which CDRH does not intend to enforce compliance with medical devices regulations.

Accordingly, the FDA won’t regulate MDDS, medical image storage devices and medical image communication devices because the risk they pose to users is so low.

Clarifying which devices are outside its intended scope of regulatory enforcement, the FDA’s guidance document describes an MDDS as a “hardware or software product that transfers, stores, converts formats and displays medical device data.” However, devices that control or alter the functions or parameters of any connected medical devices are not covered by this guidance. Further, medical image storage and medical image communication devices are defined as “a device that provides electronic storage and retrieval functions for medical images.”

Alongside the MDDS document, the FDA also issued a medical apps guidance, saying it will apply its regulatory authority only to a subsection of mobile apps, and aiming to clarify this subsection. While certain apps meet the definition of a medical device, many pose a low risk to users, and therefore the FDA will “exercise enforcement discretion over these devices.”

The subset of apps to which the FDA will apply its regulatory oversight includes only apps that are medical devices and whose functionalities could pose a risk to a user’s safety if they malfunction – thus mobile medical apps. Further, the regulator will take into consideration risks posed by mobile medical apps when determining the appropriate regulatory oversight for such products.

The FDA provided a list of medical apps that it does intend to regulate, including those that connect to a medical device in order to control that device or for use in active monitoring or analysis of medical device data; those that transform a mobile platform into a regulated medical device using attachments, display screens or sensors, or by having similar functionalities as regulated medical devices; and those that perform patient-specific analysis or provide patient-specific diagnosis or treatment recommendations.

The FDA also provided examples of mobile apps for which it will exercise discretion, including those that provide supplemental care, by coaching or prompting, to help patients manage their health; those intended to help patients document or communicate potential medical conditions to care providers; and those performing simple calculations regularly used in clinical practices, such as body mass index.

The guidance also clarifies that entities which exclusively distribute medical apps, including owners and operators of app stores, don’t qualify as medical device manufacturers.