In the late 1980s, the Food and Drug Administration (FDA) began publicly suggesting that electronic medical records were within its jurisdiction. A lot has changed in 20+ years. The proliferation of mobile computing platforms and the applications they run has exploded. Health care providers have access to technology that was the stuff of science fiction in 1989, and health care consumers can track their own health status and records with the swipe of a finger. On September 25, 2013, the FDA finally made its stand, issuing a Final Guidance on Mobile Medical Applications.1 FDA has approved to date about 100 mobile medical applications which focus, generally, on chronic condition management.2
So, if you’ve ever wondered whether an iPad running a “health app” is a regulated “medical device,” the FDA has now provided an analytical framework for answering this and other burning mobile-app-related questions. Of course, the answer depends on the nature, functionality and intended use of the application.
The Guidance begins with a number of definitions, including:
Mobile Platform: Commercial off-the-shelf computing platforms, with or without wireless connectivity, that are handheld in nature.
Mobile Application (App): A software application that can be executed (run) on a mobile platform, or a Web-based software application that is tailored to a mobile platform but is executed on a server.
Mobile Medical Application: A Mobile App that meets the statutory definition of a “device” and either is intended:
- to be used as an accessory to a regulated medical device, or
- to transform a mobile platform into a medical device.
Pepper Point: Whether or not a Mobile App is a “device” depends upon its intended use. An application that is not designed/developed/marketed for a health care use is not a “device,” and thus not subject to FDA regulation.
The Guidance separates mobile applications into three somewhat distinct categories, each of which potentially could be downloaded to an iPad and used in a clinical setting. Those categories are:
- Mobile Apps that are considered medical devices, and which the FDA intends to regulate
- Mobile Apps that may be considered medical devices, but which the FDA does not currently intend to regulate, and
- Mobile Apps that could be used in a healthcare environment, but are not considered medical devices.
The FDA has provided a fairly lengthy list of examples of each of these three categories. A few of those examples are:
- Medical Devices/Regulated (generally, functionality that directly affects a patient’s care or provides patient-specific analysis, diagnosis, etc.):
- applications that are intended to be used as an accessory to a medical device, connect to and control medical devices, or display, store, analyze or transmit patient-specific medical device data (i.e., direct or remote control of insulin pumps or blood pressure cuffs, or remote display of data from bedside monitors)
- applications that transform the mobile platform into a medical device with attachments, sensors, etc. (i.e., attachment of a blood glucose strip meter), and
- applications that perform patient-specific analysis, diagnosis, etc. (i.e., to calculate dosage or create a dosage plan for radiation therapy).
- May Be Medical Devices/Not Currently Regulated (generally, information or functionality that may relate to a specific patient’s diagnosis or treatment, but which pose a low risk to the public):
- applications that provide periodic educational or other information to help individuals self-manage a specific condition (i.e., smokers, recovering addicts, asthmatics, diabetics)
- applications that track and store user-entered health data (i.e., asthmatics, diabetics, medication information, fitness) and communicate with health care providers
- checklists of common signs and symptoms to provide advice on when to consult a physician, and
- applications that automate basic tasks for health care providers.
- Not Medical Devices (generally, no information/functionality that relates to a specific patient’s diagnosis or treatment):
- electronic copies of reference materials
- educational tools such as interactive anatomy diagrams, and
- applications used for general patient education, such as information about gluten-free food products.
The FDA exercises its mandate of consumer product safety through processes by which it obtains assurance from manufacturers that the medical device is safe and effective. While most mobile medical applications subject to the FDA will be Class I or II and exempt from 510(k) pre-market approval requirements, these applications must still:
- be suitable for their intended use
- be adequately packaged and properly labeled
- have establishment registration and device listing forms on file with the FDA, and
- be manufactured under a quality system (with the exception of a small number of Class I devices that are subject only to complaint files and general recordkeeping requirements).
Pepper Point: If you are developing a new Mobile App and think it might fall under the “regulated” category, make sure to follow the above practices. It is easier to build such processes into the product launch from the beginning than retrofitting the application later.
The convergence of regulations surrounding mobile medical applications can be complex. An iPad could be used in a clinical setting with multiple apps on it, some of which transform it into a medical device and others that do not. Even if the mobile application is not currently subject to FDA regulation, the content of the application may trigger obligations under other regulations such as the FTC and/or HIPAA/HITECH.3
1 Food and Drug Administration, Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, September 25, 2013. Can be found at: http://www.fda.gov/downloads/MedicalDevices/.../UCM263366.pdf.
2 “Patient Apps for Improved Healthcare – From Novelty to Mainstream,” IMS Institute for Healthcare Informatics, October 2013.
3 For further reading, please see the following Pepper Hamilton LLP Client Alerts: "FTC Recommends Framework for Mobile Privacy" (February 25, 2013), available at http://www.pepperlaw.com/publications_update.aspx?ArticleKey=2564; "California Privacy Initiatives Go into Effect January 1, 2014 - Are You Ready?" (November 19, 2013), available at http://www.pepperlaw.com/publications_update.aspx?ArticleKey=2795; and "The FDA Gets Social: Interpreting Its Draft Social Media Guidance" (January 27, 2014), available at http://www.pepperlaw.com/publications_update.aspx?ArticleKey=2836.
Sharon R. Klein and Dayna C. Nicholson