Many have asked me for an analysis of the new FDA Mobile Medical Applications NPRM.
The FDA will not seek to regulate mobile medical apps that perform the functionality of an electronic health record system or personal health record system. However, the FDA defined a small subset of mobile medical apps that may impact the functionality of currently regulated medical devices that will require oversight. Here’s a thoughtful analysis by Bradley Merrill Thompson of Epstein Becker Green, which he has given me permission to post:
“Today, FDA published the long-anticipated draft guidance on the regulation of mobile apps—more specifically, what the agency calls “mobile medical apps”. This draft reflects significant efforts by FDA in a fairly short amount of time, and we applaud that work. Much of the framework of the FDA guidance is consistent with the work the mHealth Regulatory Coalition (MRC) published on its website earlier this year (www.mhealthregulatorycoalition.org). While FDA has done a good job getting the ball rolling, there are a number of areas that require further work. We all (including FDA) recognize that this draft guidance is certainly not the end of the story.
The regulatory oversight recommended in today’s draft guidance applies only to a small subset of mobile apps, which FDA defines as any software application that runs on an off-the-shelf, handheld computing platform as well as web-based software designed for mobile platforms. To be regulated, as a first step the app would have to first meet the definition of a medical device and then as a second step either (1) be used as an accessory to another regulated device or (2) “transform” the handheld platform into a device, such as by using the platform’s display screens or built-in sensors.
The problem with the first step is that this guidance doesn’t explain how to determine whether the apps meet the medical device definition in areas where the MRC has questions about intended use. In our policy papers, we explain that many of the mHealth apps operate in the gray areas between treating disease and managing wellness. But the guidance simply states that apps intended for general health and wellness purposes are not regulated. That, unfortunately, doesn’t provide the clarity we need. We already knew that. Instead, we need to understand what types of claims a company can make about health and wellness that also implicate a disease before we can determine whether the app is regulated or not.
The second step has a number of ambiguities too. First there’s the question of accessories. At least for now, the FDA kept the old rule of treating apps that “connect” to regulated medical devices as accessories that are regulated in the same device classification as the “parent” device. The problem with this approach is that it produces over-regulation in mHealth systems, particularly where there are a number of different medical devices and non-clinical products involved. Fortunately, FDA appears to recognize that this approach could lead to over-regulation of low-risk apps, and seems open to considering other approaches. Indeed, the agency specifically requested comment on how to improve this framework. The MRC is developing an alternative approach that involves creation of classification regulations for specific types of mHealth apps so that these apps will be classified separately from the parent device. This approach will require rulemaking activities, which we believe is the reason FDA did not address it in the proposed guidance.
And then there are the apps that transform a mobile platform into a medical device: there are a bunch of good nuggets in the guidance, but still some uncertainty and slightly puzzling aspects. I think everyone (though perhaps no one more than the folks at iTunes, Blackberry App World, and Android Market) is excited to hear that FDA doesn’t plan to regulate as manufacturers those who “exclusively distribute” the app. Likewise, the smartphone manufacturers can breathe a sigh of relief that they too will not be considered regulated manufacturers so long as they merely distribute or market their platform with no device intended uses. What’s interesting is that FDA “expects” these distributors to cooperate with the regulated app developers in the event of a correction or a recall.
In the category of puzzling aspects, the FDA for example says that an entity that provides app functionality through a “web service” or “web support” for use on a mobile platform is considered a manufacturer. But at first blush, this type of entity may or may not meet the agency’s own definition of manufacturer because the web-service provider might not be responsible for initiating the specifications or designing, labeling, or creating the software system.
The agency offered some examples of what it believes to be outside of this guidance, including electronic copies of medical textbooks, health and wellness apps, apps that automate general office operations, general aids that assist users, and electronic/personal health records. In addition, FDA specifically indicated that it is exercising its enforcement discretion and will not currently regulate apps that automate common medical knowledge available in the medical literature or allow individuals to self-manage their disease or condition. This is helpful, but there remain a number of other types of apps that should be specifically identified as being outside of FDA regulation.
You need to read the draft guidance carefully, because if you are not familiar with medical device law, there is a category you might miss: clinical decision supports systems fall. This falls under the rubric of an app that would cause the mobile platform to become a device. I suppose most people instantly think of things like an electronic stethoscope where a senor is added to a phone, in addition to software. But no hardware needs to be added to a mobile platform to make it a medical device. Many people may not realize that a simple computer system of any type that runs software used to analyze clinical data to advise a healthcare professional can, in certain circumstances, be a regulated medical device. So an app that doesn’t run any hardware other that the mobile platform itself can be regulated.
This draft guidance has no doubt generated a ton of questions. So, the timing of the release is perfect! On July 27th, a large group of individuals involved in the mobile health space will be congregating at the Continua/ATA Summit to discuss regulation of mHealth products. Bakul Patel, the mobile health policy guru at FDA, will be there to discuss the details of this guidance, as will the mHealth Regulatory Coalition, which is set to release its own version of proposed mHealth guidance in the coming weeks. The discussion will surely be lively and informative. There’s still time to register and I hope to see you there.”
John Halamka, MD, is the CIO at Beth Israel Deconess Medical Center. He’s also the author of the popular Life as a Healthcare CIO blog, where he writes about technology, the business of healthcare and the issues he faces as the leader of the IT department of a major hospital system.