FDA Regulation of Mobile Medical Apps

Content determines whether an app requires FDA approval. Essentially, and with some exceptions, an app only needs FDA approval if it handles private patient information, is used to make a diagnosis, acts as or powers a medical device, or any of the above. See our infographic here: CMI Infographic FDA App Approval WEB

The FDA has issued its Draft Guidance for Industry and Food and Drug Administration Staff (on) Mobile Medical Applications (hereafter referred to as the “Mobile Guidance”). This whitepaper explores the Mobile Guidance in order to accurately capture the essential information we need to understand internally and to communicate to our clients, as well as to clearly comprehend our respective roles in assuring compliance.

What is covered?
The Mobile Guidance was issued July 21, 2011 and is undergoing a public comment period ending in early 2012. During this period, the FDA states that the document “contains nonbinding recommendations.” However, it is prudent to act as if the recommendations are actually regulations applicable now; this is because they are based upon precedence drawn from the FDA’s existing Medical Device Reporting regulation. In that regulation, a “device” is defined as “…an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent….” that is “…intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man….” or “…intended to affect the structure or any function of the body of man or other animals…” It is important to understand that this definition encompasses not only equipment but also software.
Accordingly, in the Mobile Guidance, a mobile application (Mobile App) is defined as “…as software application that can be run on a mobile platform, or a web-based software application that is tailored to a mobile platform but is executed (run) on a server.” A mobile app is not per se a device. When it is, it then is considered to be a “mobile medical app.” Specifically, to be considered as such, the software must meet the definition of a device and “is used as an accessory to a regulated medical device….or transforms a mobile platform into a regulated medical device.” An example of the former is an app that allows a smartphone to be used to transmit a medical image directly from an imaging archiving or communications server. An example of the latter would be an app that transforms a smartphone into an EKG monitoring device.

Given this, only a small subset of the health apps on or coming to the market will actually need the agency’s regulatory attention according to Bakul Patel, a policy adviser at the Center for Devices and Radiological Health, an FDA unit in Silver Spring, MD.

What is not covered?
The Mobile Guidance does not cover:
– Mobile apps that are essentially digital forms of general educational materials not intended to be patient-specific (e.g., ePDR, eMPR, preloaded imagery libraries, disease state or drug slide programs).
– Mobile apps that are used solely for monitoring, evaluating, decision-making or production of suggestions regarding developing or maintaining general health and wellness. These are not intended for diagnostic or curative purposes.
– Mobile apps that automate general office operations/functions such as billing/coding, appointment-setting/tracking, automatic patient history-taking, and insurance transactions.
– Mobile apps that can be used a generic aids for medical tasks but are not marketed for a specific medical application (e.g., audio and video recording, task archiving, alarm systems).
– Mobile apps that perform as an electronic health record system or personal health record system.

What types of mobile apps are covered?
Regulated mobile medical apps are categorized as:
– Those that display, store or transmit patient-specific data in its original format from a medical device (used as secondary displays not as primary diagnostic or treatment tools).
– Those that control the intended use, function, modes, or energy source of the connected medical device (essentially an operator).
– Those that transform or make the mobile platform into a regulated medical device (such as enabling a smartphone to act as a heart monitor).
– Those that create alarms, recommendations, or create new information (data) through analysis or interpretation of medical device data

Who is responsible?
For regulated medical devices, the manufacturer has the responsibility to seek pre-approval review from the FDA just like the NDA process. A “mobile medical app manufacturer” is defined as any person(s) or entity that:
– creates, designs, develops, labels, re-labels, modifies, or re-manufactures a software system from multiple components;
– provides mobile medical app functionality through a web-service or web support for use on a mobile platform; and/or
– initiates specs or requirements for mobile medical apps or procures development/manufacturing services from a second party for subsequent commercial distribution.
It would appear that Singularity and/or InfoCures would be defined as a “mobile medical app manufacturer” to the extent that they perform any of the functions listed above.