- While multiple federal agencies play a role in the development and enforcement of policies concerning mobile health (mHealth) technology, the Food and Drug Administration has by far the most experience in regulating the use of software and hardware in healthcare settings dating back to the 1980s.
That being said, two recent pieces of guidance will determine how mHealth devices and applications are regulated moving forward.
The first dates back to 2013 and the publishing of the FDA's Mobile Medical Apps (MMAs) guidance for the subset of mobile apps that meet the definition of a medical device and "whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended."
In its definition, the FDA reiterates that its platform-agnostic approach regulating medical devices:
FDA’s oversight approach to mobile apps is focused on their functionality, just as we focus on the functionality of conventional devices. Our oversight is not determined by the platform. Under this guidance, FDA would not regulate the sale or general/conventional consumer use of smartphones or tablets. FDA’s oversight applies to mobile apps performing medical device functions, such as when a mobile medical app transforms a mobile platform into a medical device.
Last year, legal experts from Foley Hoag LLP identified three types of mobile medical apps that would qualify and be regulated as medical devices.
The first type includes those mHealth apps "that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing, or transmitting patient-specific medical device data."
The second category comprises those that "transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors or by including functionalities similar to those of currently regulated medical devices."
The last type contains mobile medical apps related to clinical analyses and diagnoses:
Mobile apps that become a regulated medical device (software) by performing patient-specific analysis and providing patient-specific diagnosis, or treatment recommendations. These types of mobile medical apps are similar to or perform the same function as those types of software devices that have been previously cleared or approved.
Medical mobile apps interacting with electronic or personal health records (EHR/PHR) warrant additional discretion and likely enforcement by the FDA. They can range from mobile apps giving patients access to information about their last clinical visit to the display of aggregated personal health trends specific to individual patients.
Following the Food and Drug Administration Safety and Innovation Act (FDASIA), the healthcare industry awaited the guidance the legislation would lead the FDA to issue which came in the form of the FDASIA Health IT Report, which a strategy and recommendations for a risk-based framework.
In the context of medical mobile apps and mHealth technology, the report reiterates the federal agency's commitment to a platform-agnostic approach as conveyed in its guidance for MMAs:
Throughout the report, the Agencies’ proposed strategy and recommendations are based on the premise that risk and corresponding controls should focus on health IT functionality – not on the platform(s) (e.g. mobile, cloud-based, installed) on which such functionality resides or the product name/description of which it is a part. Further, the Agencies’ strategy and recommendations seek to advance a framework that is relevant to current functionalities and technologies yet sufficiently flexible to accommodate the future and rapid evolution of health IT.
As for what's next in the regulation of mHealth and medical mobile apps, the FDA is still working its way through its three-year FDASIA implementation plan. So until the federal agency takes actions in enforcing its policies, the healthcare industry remains in a wait-and-see mode.