In the late 1980s, the Food and Drug Administration (FDA) began publicly suggesting that electronic medical records were within its jurisdiction. A lot has changed in 20+ years. The proliferation of mobile computing platforms and the applications they run has exploded. Health care providers have access to technology that was the stuff of science fiction in 1989, and health care consumers can track their own health status and records with the swipe of a finger. On September 25, 2013, the FDA finally made its stand, issuing a Final Guidance on Mobile Medical Applications.1 FDA has approved to date about 100 mobile medical applications which focus, generally, on chronic condition management.2
So, if you’ve ever wondered whether an iPad running a “health app” is a regulated “medical device,” the FDA has now provided an analytical framework for answering this and other burning mobile-app-related questions. Of course, the answer depends on the nature, functionality and intended use of the application.
The Guidance begins with a number of definitions, including:
Mobile Platform: Commercial off-the-shelf computing platforms, with or without wireless connectivity, that are handheld in nature.
Mobile Application (App): A software application that can be executed (run) on a mobile platform, or a Web-based software application that is tailored to a mobile platform but is executed on a server.
Mobile Medical Application: A Mobile App that meets the statutory definition of a “device” and either is intended:
Pepper Point: Whether or not a Mobile App is a “device” depends upon its intended use. An application that is not designed/developed/marketed for a health care use is not a “device,” and thus not subject to FDA regulation.
The Guidance separates mobile applications into three somewhat distinct categories, each of which potentially could be downloaded to an iPad and used in a clinical setting. Those categories are:
The FDA has provided a fairly lengthy list of examples of each of these three categories. A few of those examples are:
The FDA exercises its mandate of consumer product safety through processes by which it obtains assurance from manufacturers that the medical device is safe and effective. While most mobile medical applications subject to the FDA will be Class I or II and exempt from 510(k) pre-market approval requirements, these applications must still:
Pepper Point: If you are developing a new Mobile App and think it might fall under the “regulated” category, make sure to follow the above practices. It is easier to build such processes into the product launch from the beginning than retrofitting the application later.
The convergence of regulations surrounding mobile medical applications can be complex. An iPad could be used in a clinical setting with multiple apps on it, some of which transform it into a medical device and others that do not. Even if the mobile application is not currently subject to FDA regulation, the content of the application may trigger obligations under other regulations such as the FTC and/or HIPAA/HITECH.3
1 Food and Drug Administration, Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, September 25, 2013. Can be found at: http://www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf.
2 “Patient Apps for Improved Healthcare – From Novelty to Mainstream,” IMS Institute for Healthcare Informatics, October 2013.
3 For further reading, please see the following Pepper Hamilton LLP Client Alerts: "FTC Recommends Framework for Mobile Privacy" (February 25, 2013), available at http://www.pepperlaw.com/publications_update.aspx?ArticleKey=2564; "California Privacy Initiatives Go into Effect January 1, 2014 - Are You Ready?" (November 19, 2013), available at http://www.pepperlaw.com/publications_update.aspx?ArticleKey=2795; and "The FDA Gets Social: Interpreting Its Draft Social Media Guidance" (January 27, 2014), available at http://www.pepperlaw.com/publications_update.aspx?ArticleKey=2836.
Sharon R. Klein and Dayna C. Nicholson