How to Make Mobile Apps Comply with FDA Medical Device Regulations

Is a wearable fitness monitor a "medical device?"

Advances in technology cause regulatory ambiguity.

An example of ambiguity appears in the regulation of mobile apps that relate to health.

Inventors are rolling out a plethora of mobile apps and computer services that empower patients directly to control, monitor and care for their health.  These apps and services can provide a form of healthcare that does not necessarily involve the services of a healthcare provider, such as a physician or a clinic.

Growth in the number of apps and services of this nature will accelerate.

Many new apps and services perform functions for which there is little historical precedent.

Are These Apps Regulated as “Medical Devices?”

The US Food and Drug Administration regulates medical devices.  Often medical devices must be approved by FDA before they are made generally available.

However, a great many devices that touch on health do not justify FDA’s attention.  FDA’s resources for reviewing devices are limited, and it wants to apply them efficiently.

FDA has published guidance on which mobile apps warrant advance FDA approval and which do not:  Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, September 25, 2013

Reduce Chance of Rigorous Regulation

This Guidance can help an app maker know how to reduce the chance that its app is rigorously regulated and requires pre-approval.

To quote the Guidance:  “FDA intends to apply its regulatory oversight to only those mobile apps that are medical devices and whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended.”

Given this as the standard, the maker of a mobile app can take steps like the following to help know and/or establish that the app does not pose the identified risk.

  1. Conduct field tests that evaluate risk.
  2. Consult experts on the risk and document the results of that consultation.
  3. Document diligent deliberation into the possibility of risk and how to mitigate it.
  4. Warn users in a way that reduces risk.  For instance, users might be warned (through labels, notices, videos or white papers) that the app is for education only and should not be used as a substitute for care from a physician.

Promoter’s Intent is Crucial

The Guidance also teaches larger lessons on how the developers of new technology can cope with regulations that are unclear owing to the novelty of the technology.

It is remarkable how much emphasis the FDA places on the intent of the promoter of an app in determining whether the app is a regulated medical device.  Intent is in large measure ascertained by looking at the words the promoter uses to market and describe the app. Quote:

The intended use of a mobile app determines whether it meets the definition of a “device.” As stated in 21 CFR 801.4, intended use may be shown by labeling claims, advertising materials, or oral or written statements by manufacturers or their representatives. When the intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man, the mobile app is a device. [footnotes omitted]

Thus if a promoter markets an app simply as audio sounds for happiness and relaxation, it is less likely to be deemed a regulated medical device . . . even though others including doctors call the app a cure for cancer.

Accordingly, the promoter’s choice of words and marketing
context carries much weight in interpreting the regulation with respect to any given app.

Words Carry Influence

FDA’s Guidance describes what FDA thinks is the difference between an app that needs rigorous regulation and one that does not.  This description uses key words and phrases.  The applicability of any given key word or phrase to any particular app can be subjective and open to interpretation.

An app promoter can adopt or shun key words and phrases to help build the case that its app does not require rigorous regulation (such as pre-approval).

Key words that suggest an app does need rigorous regulation include:

  • “sophisticated,” 
  • “patient-specific diagnosis,” and 
  • “control” of things that are already regulated as medical devices (e.g., an insulin pump).  

An app promoter is wise to avoid those words and phrases and similar statements.

On the other hand, key words and phrases that suggest an app does not need rigorous regulation include:

  • “simple,” 
  • “coaching,” and 
  • “help patients manage their health in their daily environment.”  

An app promoter has incentive to use these words and phrases in
  • its marketing, 
  • its product literature, and 
  • directly in the interactivity of the app itself.

Savvy Practices Reduce Chance of Regulation

Another step to help avoid regulation would be (voluntarily) to implement quality controls in the development and revision of the app.  Quote:

The FDA strongly recommends that [promoters] of all mobile apps that may meet the definition of a device follow the Quality System regulation (which includes good manufacturing practices) in the design and development of their mobile medical apps and initiate prompt corrections to their mobile medical apps, when appropriate, to prevent patient and user harm. [footnotes omitted]

If FDA sees the app meets quality controls, then it sees lower risk. If it sees lower risk, then it sees less need for rigorous regulation and it elects to focus its limited resources on regulating something else.

Update 2017: The Trump Administration has generally signaled intention to ease federal regulation in many industries. One can surmise that this intention may eventually lead to more leniency by FDA with respect to novel mobile apps and services. Therefore, astute use of the ideas above may be even more effective at helping inventors release new apps and services with low risk of burdensome regulation.



  1. How a contract can protect patient privacy in electronic health records.
  2. Telemedicine compliance with local regulation.

No comments:

Post a Comment