Mobile Medical Applications: A Thoughtful Guidance Is Finalized
September 26, 2013By Jeffrey K. Shapiro –
As everybody has noticed, FDA finalized its guidance on Mobile Medical Applications earlier this week. We blogged on the draft version here.
The final guidance is similar to the draft guidance – but with improved clarity. Hence, it has expanded from 29 to 43 pages. Most of the additional pages are appendices with examples and other supplementary information. This guidance is sensible and well written.
FDA’s general approach to mobile medical applications (mobile apps) is to define large swaths of territory that will be either unregulated because they are considered outside of FDA’s jurisdiction or because FDA will simply refrain from regulation on the basis of low patient risk. When FDA refrains from regulating products within its jurisdiction, it is called an exercise of “enforcement discretion.”
This general approach makes sense, because FDA and industry both have limited resources, so it is realistic to apply the expensive and burdensome FDA regulatory system only to mobile apps that pose a significant risk to patients. In technical regulatory terms, this approach is known as getting the most bang for the buck.
Because much of the mobile apps industry is not very familiar with FDA regulation, this guidance has an unusually detailed description of the entities, mobile apps, and activities that will not be regulated. These include:
- Platform products without medical device claims.
- Third party app distributors who do not develop apps.
- Providers of general development tools and hardware/software infrastructure.
- Licensed practitioners who develop their own apps for their own use.
- Mobile apps developed solely for non-clinical research, teaching or analysis and not introduced into commercial distribution.
- Mobile apps that are essential e copies of medical textbooks and reference material.
- Mobile apps used for provider or patient medical training and education.
- Mobile apps used to automate operations in a healthcare setting and not for use in the diagnosis or treatment of disease.
- Mobile apps that are generic aids or general purpose products.
There is also a description of entities and activities for which FDA will exercise enforcement discretion based upon low risk to patients. Of note, the guidance provides welcome relief for the “health coaching” apps by placing them under enforcement discretion. There has been a lot of innovation in this area, but also an overhang of regulatory uncertainty. The enforcement discretion categories are:
- Mobile apps that help patients self-manage their disease or conditions without providing specific treatment suggestions.
- Mobile apps that provide simple tools for patients to organize and track health information.
- Mobile apps that provide easy access to information related to patients’ health conditions or treatments.
- Mobile apps that automate simple tasks for health care providers.
- Mobile apps that enable patients or providers to interact with electronic health records ("EHRs").
A few interesting examples:
- Mobile apps that help patients diagnosed with psychiatric conditions.
- Mobile apps that use patient characteristics to provide patient specific screening, counseling and preventive recommendations from well known and established authorities.
- Mobile apps that remind patients about pre determined dosing schedules (medication reminders).
The last example is especially welcome. For a number of years, FDA has been actively regulating medical reminders under 21 C.F.R. § 890.5050 (product code NXQ). The active regulation of these products has created a headache for developers of health and wellness coaching apps, who risked device regulation by including this useful and low risk functionality in their products. FDA’s decision to exercise enforcement discretion here is wise, and consistent with the overall approach of this guidance.
The mobile apps that FDA will regulate are called “mobile medical apps.” What mobile apps fall under this category? FDA discusses the following broad types:
- Mobile apps that connect to medical devices to control them or to display, store, analyze or transmit patient specific medical device data.
- Mobile apps that transform a mobile platform with device functionality by using attachments, display screens, or sensors.
- Mobile apps that perform patient specific analysis and provide patient specific diagnosis or treatment recommendations.
This last type of mobile medical app looks very much like clinical decision support software (“CDSS”). However, FDA expressly says that this guidance does not address CDSS. FDA is expected to issue a draft guidance on that topic in the near future.
At the same time, it would be odd for FDA to regulate a particular CDSS functionality if provided via mobile app but not if it is on some other platform. That is especially true because FDA goes out of its way to say in this guidance that its oversight approach to mobile apps is focused on functionality and not platform.
Most likely, the CDSS draft guidance will take a similar approach to the mobile medical apps guidance, subjecting CDSS software with higher risk functionality to regulation while specifying CDSS functionality that is unregulated or under enforcement discretion. This upcoming guidance will probably apply to CDSS functionality on any platform, mobile or not.
In this guidance, FDA provides only a few examples of mobile apps providing diagnosis or treatment recommendations that will be regulated. The examples are: apps that use patient specific parameters to calculate dosage or create dosage plans for radiation therapy; Computer Aided Detection (“CAD”) software; image processing software; radiation therapy treatment planning software.
These apps are all examples of what FDA describes as “mobile apps that perform sophisticated analysis or interpret data (electronically collected or manually entered) from another medical device” (p. 15). Unfortunately, FDA does not provide examples of mobile CDSS apps that are not regulated. We will probably need to wait for the overall CDSS guidance to more fully clarify what mobile CDSS functionality will or will not be regulated.
The awkwardness here is probably due to the fact that FDA geared up development of a guidance for mobile apps before discovering, as the software industry developed, that the focus really needs to be on functionality rather than type of platform. For anyone who needs to predict the likely regulatory status of stand alone software that is not a mobile app, this guidance should still be a valuable tool. It is a fair inference that much of the substance here applies when the same type of functionality is placed on a non-mobile platform.
Finally, if a mobile app falls within one of the mobile medical app categories, that is only the beginning of the analysis. The next step will be to determine its classification (Class I, II or III), because that will drive the determination of what regulatory requirements apply. This guidance does not directly address the determination of regulatory classification.