Alert October 01, 2013

FDA Issues Final Guidance on Mobile Medical Applications

Summary

Last week, the FDA issued guidance on its approach to regulating mobile apps.  FDA intends to regulate only those mobile apps that meet the agency’s definition of “device” and are considered higher risk in that they could pose a risk to patients’ safety if they fail to work as intended.  The guidance states that FDA does not intend to enforce its laws and regulations for lower risk mobile apps.  Mobile apps that do not meet the device definition are beyond the FDA’s jurisdiction.  The agency’s guidance identifies specific categories of mobile apps that are the focus of its regulatory oversight, and makes clear that its regulations apply to app manufacturers, and not to persons who distribute apps without engaging in manufacturing functions, such as owners or operators of “Google Play” or the “iTunes App store.”

On September 25, 2013, the U.S. Food and Drug Administration (“FDA”) issued final guidance informing the public about its approach to regulating select software applications that are intended for use on mobile platforms (“mobile apps”).  FDA intends to regulate only those mobile apps that meet the agency's definition of “device” and could pose a risk to patients’ safety if they fail to work as intended. For lower risk mobile apps that meet the device definition, FDA intends to exercise enforcement discretion, i.e., the agency will not enforce its laws and regulations. Mobile apps that do not meet the device definition are beyond FDA's jurisdiction, and therefore, not subject to FDA's oversight.

FDA's guidance is focused on “mobile medical apps,” i.e., mobile apps that meet FDA's device definition and are either intended (i) for use as an accessory to a regulated medical device, or (ii) to transform a mobile platform into a regulated medical device.  FDA has identified the following categories of mobile medical apps as the focus of its oversight:

Mobile apps that are an extension of one or more medical devices by connecting to such devices for purposes of controlling the devices or displaying, storing, analyzing or transmitting patient-specific medical device data.  Examples include apps that:

  • remotely display data from bedside monitors or display previously stored EEG waveforms;
  • control the delivery of insulin on an insulin pump by transmitting control signals to the pump; and
  • are intended to display or store medical device data without controlling or altering the functions or parameters of the connected medical device.

Mobile apps that transform the mobile platform into a regulated medical device by using attachments, display screens or sensors, or by including functionalities similar to those of currently regulated medical devices.  Examples include apps that use:

  • sensors on a mobile platform for creating electronic stethoscope function; and
  • the built-in accelerometer on a mobile platform to collect motion information for monitoring sleep apnea.

Mobile apps that become a regulated device (software) by performing patient-specific analysis and providing patient-specific diagnosis or treatment recommendations. Examples include:

  • apps that use patient-specific parameters to calculate dosage or create a dosage plan for radiation therapy; and
  • radiation therapy treatment planning software.

In its guidance, FDA identifies several categories of mobile apps for which the agency intends to exercise enforcement discretion.  Among these are apps that:

  • help patients self-manage their disease without providing treatment or treatment suggestions (e.g., help patients adhere to pre-determined medication dosing schedules);
  • are marketed to help patients document, display or communicate potential medical conditions for provider consideration (e.g., serve as videoconferencing portals for medical use); and
  • provide patients and providers with mobile access to personal health record (PHR) and electronic health record (EHR) systems.

Mobile medical apps, like other devices, may be classified into class I (general controls), II (general and special controls) or III (premarket approval), and must meet the requirements associated with their applicable device definition.  FDA recommends that all manufacturers of mobile apps that meet the device definition follow the Quality System Regulation (good manufacturing practices) in the design and development of their apps, even if the agency intends to exercise enforcement discretion for those devices.

In its guidance, FDA states that the regulatory obligations apply to mobile medical app manufacturers, including, among others, anyone who initiates specifications, designs, labels or creates a software system or application for a regulated medical device in whole or from multiple software components.  FDA makes clear that the guidance does not cover persons who distribute mobile medical apps without engaging in manufacturing functions, such as owners or operators of “Google Play” or the “iTunes App store.”  In addition, FDA states that it does not regulate the sale of general/conventional consumer use of smartphones or tablets. 

The final guidance is intended to provide greater clarity for developers of mobile apps to support the development of these products.  In its press release announcing the final guidance, the agency noted that it had cleared about 100 mobile medical applications over the past decade, 40 of which were cleared in the past two years.