FDA finalizes Mobile Medical Apps guidance
Following release of the earlier draft guidance, the FDA solicited public comment and reportedly received more than 130 such comments.2 According to the Agency, the comments were largely supportive of the FDA’s general proposed approach. Consistent with that view, the final guidance proposes the same fundamental approach to regulation of mobile medical apps as was featured in the draft guidance.
Specifically, the final guidance explains that any app meeting the definition of a medical device set forth in the Federal Food, Drug, and Cosmetic Act (FDC Act)3 could be regulated by the FDA, but that the Agency will focus its regulatory oversight on mobile apps that either:
- are intended to be used as an accessory to a regulated medical device, or
- transform a mobile platform into a regulated medical device.
The FDA indicates that any apps meeting the definition of a medical device, but not falling into one of these two categories, will be subject to enforcement discretion.4 The Agency further clarifies the categories of apps proposed for active regulation by providing a series of categorical examples, including:
- Mobile apps that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing, or transmitting patient-specific medical device data;
- Mobile apps that transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors or by including functionalities similar to those of currently regulated medical devices. Mobile apps that use attachments, display screens, sensors, or other such similar components to transform a mobile platform into a regulated medical device are required to comply with the device classification associated with the transformed platform; and
- Mobile apps that become a regulated medical device (software) by performing patient-specific analysis and providing patient-specific diagnosis, or treatment recommendations. These types of mobile medical apps are similar to or perform the same function as those types of software devices that have been previously cleared or approved.
Notably, while the final categories of apps falling within the regulated space are consistent with the draft guidance, the specific product examples provided by the FDA give further insight into the changes in Agency thinking compared to the draft guidance. In addition, one notable difference between the draft guidance and the final guidance is the FDA’s explicit identification in the final guidance of existing product codes for many of the mobile medical apps that fall into the regulated space.
Key examples of regulated apps
The final guidance provides numerous examples of apps that are or will be regulated under the new guidance. Below we’ve provided a few of the key examples, although the complete list from the guidance can be found in Appendix C of that document.
- Apps that display, transfer, store, or convert patient-specific medical device data from a connected device:
- Mobile apps that connect to a nursing central station and display medical device data or connect to a physician’s mobile platform for review (i.e., a medical device data system or MDDS). Product code: OUG (21 CFR 880.6310).
- Mobile apps that connect to bedside (or cardiac) monitors and transfer the data to a central viewing station for display and active patient monitoring. Possible product code(s): DSI, MHX, MLD (21 CFR 870.1025), DRT, MWI, MSX (21 CFR 870.2300).
- Apps that connect to an existing device type for purposes of controlling its operation, function, or energy source. Of note, these do not have to be physically connected to the regulated device; wireless connection is sufficient:
- Mobile apps that alter the function or settings of an infusion pump. Possible product codes: MEB, FRN, LZH, LZG, OPP, MEA (21 CFR 880.5725), FIH (21 CFR 876.5820), LKK.
- Mobile apps that control or change settings of an implantable neuromuscular stimulator. Possible product code(s): GZC (21 CFR 882.5860).
- Mobile apps that calibrate, control, or change settings of a cochlear implant. Possible product code(s): MCM.
- Apps that transform the mobile platform into a regulated medical device:
- Mobile apps that use a sensor attached to the mobile platform or tools within the mobile platform itself to record, view, or analyze eye movements for use in the diagnosis of balance disorders (i.e., nystagmograph). Possible product code: GWN (21 CFR 882.1460).
- Mobile apps that use a sensor attached to the mobile platform or tools within the mobile platform itself (e.g., accelerometer) to measure the degree of tremor caused by certain diseases (i.e., a tremor transducer). Possible product code: GYD (21 CFR 882.1950).
- Mobile apps that use an attachment to the mobile platform to measure blood oxygen saturation for diagnosis of a specific disease or condition. Possible product code(s): DQA, NLF, MUD, NMD (21 CFR 870.2700) or DPZ (21 CFR 870.2710).
- Mobile apps that use an attachment to the mobile platform to measure blood glucose levels. Possible product code: NBW (21 CFR 862.1345).
- Mobile apps that use an attachment to the mobile platform (e.g., light source, laser) to treat acne, reduce wrinkles, or remove hair. Possible product code: OLP, OHT, OHS (21 CFR 878.4810), OZC (21 CFR 890.5740).
Interestingly, the Agency’s treatment of the third category of actively regulated mobile apps (patient-specific analysis) in the final guidance appears to have changed. To begin, the Agency description of this category of apps no longer contains the phrase “…that are used in clinical practice or to assist in making clinical decisions” as was found in the draft guidance. In conjunction with the scope of the final guidance, which states that the guidance does not address “software that performs patient-specific analysis to aid or support clinical decision-making”, it would appear that the Agency is attempting to carve out clinical decision support (CDS) software from the scope of the mobile medical apps guidance (perhaps as the FDA, ONC, and FCC work on the report to Congress regarding Health Information Technology regulation required by the Food and Drug Administration Safety and Innovation Act (FDASIA)5 and as the FDA continues its efforts on a reported draft guidance to address CDS). Nonetheless, by retaining the broad category of regulated apps that use patient-specific information to output a patient-specific diagnosis or treatment recommendation, the Agency has effectively reserved an avenue to actively regulate some CDS-like apps.
Unfortunately, the final guidance does not provide in Appendix C specific examples of mobile apps for this third category of apps that is subject to active regulation. The only guidance provided as to the type of software of particular interest to the FDA is the characterization of such apps as performing “sophisticated” analysis or as interpreting data from another medical device, and the provision of several general examples of already regulated software products including: apps that use patient-specific parameters and calculate dosage or create a dosage plan for radiation therapy; Computer Aided Detection (CAD) software; and image processing software. Per the final guidance, a number of apps identified by the guidance as falling into this regulated space will now be subject to enforcement discretion, including apps that act as calculators or utilize algorithms to produce an index, score, scale, or other similar calculations (e.g., Glasgow Coma Scale, Apgar score, NIH stroke scale, etc.). In sum, the FDA appears to have narrowed the scope of the types of actively regulated mobile apps that perform patient-specific analysis and provide patient-specific diagnosis or treatment recommendations. However, the relationship between this category of regulated apps and the CDS software products that are considered outside the scope of this final guidance remains unclear.
Key examples of apps that are not medical devices or will be subject to enforcement discretion
Perhaps of even more interest than the examples of regulated apps are the examples of products that are not considered medical devices or would fall into the enforcement discretion category. The FDA emphasizes in the final guidance that many mobile apps used in a healthcare environment or in patient management are not considered medical devices and thus not subject to any regulation by the FDA. The Agency provides a list of examples, all of which would not meet the definition of a medical device. The list includes apps that do not involve clinical assessment of an individual patient or replace the judgment of clinical personnel and:
- provide access to electronic copies of reference materials (e.g. medical dictionaries, libraries of clinical diseases and conditions, medical textbooks);
- are intended for use as educational tools for health care providers (e.g. flash cards, surgical training videos);
- are intended for general patient education (e.g. portal for providers to distribute educational information to their patients, help patients find the closest medical facilities);
- automate office operations in a healthcare setting (e.g. apps related to insurance claims and billing, tools for managing shifts, appointment reminders, online bill pay);
- are generic aids or general purpose products (e.g. apps that allow providers and patients to communicate via email or, that allow use of mobile platforms for note-taking).
Additionally, the FDA intends to exercise enforcement discretion over certain mobile apps that may fit the definition of a medical device, because the Agency believes these apps pose a low risk to patients. This list of apps subject to enforcement discretion is new to the final guidance.
Mobile apps subject to enforcement discretion include apps that help patients self-manage disease or track their health information, without providing treatment suggestions, such as apps that help asthmatics track inhaler usage and asthma attacks. The Agency will also exercise enforcement discretion over apps that help patients document, show, or communicate potential health conditions to providers, such as apps that allow users to collect blood pressure data and share this data through email or upload it to an electronic health record. Apps that provide easy access to information related to patients’ health conditions or treatments will also fall under enforcement discretion. These would include, for example, apps that use patient characteristics such as age, sex, and behavioral risk factors to provide patient-specific screening, counseling, and preventive recommendations from established authorities.
The list of apps over which the FDA will exercise enforcement discretion appears to encompass some apps currently subject to regulation, such as medication reminders that aid in treatment adherence and apps that aid patients in managing chronic diseases (e.g. diabetes) by promoting a healthy weight, diet, and exercise regimen. As to whether enforcement discretion will be applied to devices of this nature will depend to a great extent on the specific labeling of such devices and their functionality.
Importantly, as in the draft guidance, FDA recommends that all manufacturers of a mobile app that may be a medical device follow the quality system regulation (QSR), including manufacturers of products subject to enforcement discretion. The Agency states that compliance with the QSR is important because the FDA has found that the majority of software-related failures in medical devices are due to design errors and failure to properly validate software.
Finally, a new section of Frequently Asked Questions (FAQs) has been added to the final guidance. In addition to addressing topics such as avenues to seek guidance from the FDA about a particular app, including the filing of 513(g) petitions, and application of the QS regulation to mobile apps, this section specifically notes that mobile apps that provide electronic access and are intended for use as a digital version of medical device labeling or instructions for use are not considered mobile medical apps. These types of apps are considered part of the medical device labeling and are subject to the regulatory labeling requirements relevant to the particular product.
Key points from the final guidance
There are a number of points worth noting about the content of the final guidance.
- Consistent with the draft guidance and standard FDA policy, the Agency notes that it will not seek to regulate general purpose technology (e.g., the smartphones themselves, wireless or internet connectivity services, etc.) unless it is promoted specifically for a medical device intended use. For example, a physician and patient may use the camera on a smartphone to exchange pictures of a skin condition, but that would not result in regulation of the smartphone unless the manufacturer specifically marketed the phone for capturing medical images.
- Also consistent with the draft guidance, the final guidance notes several times that distributors of apps who are not involved in the design or development process, but only sell the apps (e.g., iTunes App Store), would not fall within the scope of the FDA’s intended regulatory oversight.
- The final guidance clarifies that software developers who only create an app to meet another party’s specifications would not be a regulated medical device manufacturer. Rather, the developer of the specifications would be treated as the manufacturer and regulated accordingly.
- While the general categories of apps that will be subject to regulation largely remained consistent with the draft guidance, notable product examples provided by the Agency were shifted from the regulated to enforcement discretion category. For example, the draft guidance noted Apgar and other standard score/index calculators as examples of products that would be regulated, while the final guidance lists these as subject to enforcement discretion. Meanwhile, other examples, such as the majority of drug dose app examples, were removed entirely from the final guidance. In general, the list of examples of regulated apps appears to have narrowed notably compared to the draft guidance.
- As noted above, the final guidance explicitly does not address the regulation of apps that perform patient-specific analysis to aid in clinical decision-making (CDS) functionality. The ongoing work by the FDA, ONC, and FCC to provide a report to Congress on the regulation of Health Information Technology broadly has implications for CDS.5 Thus, the FDA may be waiting to move forward on such products until that report is issued. In addition, the FDA has indicated previously that a CDS guidance document is being separately prepared by the Agency. While such a guidance document has yet to be issued in draft form and did not appear on the list of 2013 priority guidance documents for the FDA, such a document may still be forthcoming. However, the final mobile apps guidance still retains an avenue for the FDA to actively regulate some CDS-like apps by the continued inclusion of apps that use patient-specific information and output a patient-specific diagnosis or treatment recommendation.
- The final guidance, which places into the enforcement discretion bucket mobile apps that allow patients to log, track, and trend their biometric measurements (electronically or manually entered) as part of a disease-management plan, and share that information with their physicians, raises questions about the relationship between such mobile apps and similar remote patient monitoring systems, which are class II, non-exempt devices. Again, this is an area where the specific labeling and functionality of the device will lead the FDA to exercise enforcement discretion.
- The FDA specifically excludes from regulation any app developed by a physician exclusively for use in his or her practice. In addition, the final guidance notes that if the physician is part of a group practice, the app may be used by the entire practice without triggering regulatory concerns. This explanation likely comes as much needed clarification for the medical community where app development has become somewhat more common in recent years.
There are many areas in this final guidance where discussion with the FDA may be warranted before a company decides whether the app at issue is regulated as a medical device or will be the subject of enforcement discretion. Prudence would dictate in those areas of doubt that the author or manufacturer of the app seek greater clarity from the FDA. That quest for clarity could be in informal discussions with the appropriate branch or division of the Center for Devices and Radiological Health or through the submission of a written request under Section 513(g). What is clear is that this final guidance will lead to further discussions and possibly even changes as this rapidly evolving area of technology moves into new and unpredictable areas of medicine and science.
1 Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff (September 25, 2013). Available at http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM263366.pdf
2 Press Release. FDA issues final guidance on mobile medical apps: Tailored approach supports innovation while protecting consumer safety. Issued September 23, 2013. Available at http://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm369431.htm
3 21 U.S.C. 321(h)
4 FDA explains that by “enforcement discretion” the Agency means that it will not pursue enforcement action for violations of the FDC Act. However, the Agency also notes that this does not change the requirements of the FDC Act or any applicable regulation.
5 Hogan Lovells Medical Device Alert: FDA considers new FDASIA workgroup recommendations for regulating health IT. September 16, 2013. Available at: