In recent years, mobile platforms — like smartphones and tablets — have become more accessible, user-friendly, and powerful. As a result, software developers increasingly have begun to create applications for mobile devices (mobile applications or “mobile apps”) designed to be used either by healthcare providers in the delivery of patient care, or by individuals in the management of their own health and wellness. These mobile apps appear to fall squarely within the very broad definition of medical device contained in the Federal Food, Drug, and Cosmetic Act (FD&C Act or the Act). Under the Act, a medical device is any instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part or accessory, which is . . . intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man . . . which does not achieve its primary intended purposes through chemical action within or on the body of man . . . and which is not dependent upon being metabolized for the achievement of its primary intended purposes.

Indeed, to date, the Food and Drug Administration (FDA) has cleared or approved roughly 100 health-related mobile apps.

Given the breadth of the FD&C Act’s definition of medical device (and the corresponding breadth of the FDA’s jurisdiction), medical device manufacturers and mobile app developers alike have raised numerous questions, including: Will FDA stifle innovation by regulating the thousands of mobile apps that have some connection to human health? How will FDA oversee the development and use of mobile apps that are intended to aid in the diagnosis, cure, mitigation, treatment, or prevention of diseases or other health conditions? Will FDA treat mobile apps like traditional medical devices? Will FDA regulate mobile apps with a heavy hand or a light touch?

Background
In 1989, FDA issued a general policy statement describing how the agency planned to determine whether a computer- or software-based product qualified as a medical device and, if so, how FDA intended to regulate it. The document, FDA Policy for the Regulation of Computer Products, became known as the “Draft Software Policy.” Since 1989, the use of computer and software products as medical devices has grown exponentially, and the types of products have become more diverse and complex. As a result, FDA determined that the Draft Software Policy did not adequately address issues related to the regulation of medical devices utilizing software. Accordingly, in 2005, the Draft Software Policy was withdrawn.

Earlier this year, despite the uncertainty regarding how FDA would regulate health-related mobile apps, the agency sent a letter to Biosense Technologies Private Ltd., the developer of a mobile app called the uChek Urine analyzer. The app enables a mobile phone to analyze urine dipsticks “for the qualitative and semi-quantitative determination of urine analytes including glucose, urobilinogen, pH, ketone, blood, protein, bilirubin, nitrite leukocyte, and specific gravity.”  The letter required the company to explain to FDA why its mobile app was not a medical device subject to clearance under section 510(k) of the FD&C Act. To date, FDA’s letter to Biosense is the only regulatory action the agency has ever taken against a mobile app developer.

On September 25, 2013, in response to the proliferation of mobile apps targeted at the healthcare sector, FDA issued a comprehensive, 43-page final guidance entitled Mobile Medical Applications.  The guidance, a draft of which was issued in 2011, informs software developers, medical device manufacturers, and other interested parties about the way the agency intends to apply its regulatory authority to mobile apps. Specifically, it divides mobile apps into three categories and specifies the level of FDA regulation that will be applied to each. In some measure, it addresses whether mobile app developers can expect FDA to increase its enforcement efforts against them.

Categories of Mobile Apps
The Mobile Medical Applications guidance identifies three distinct categories of mobile apps. The first category consists of mobile apps that FDA has determined are not medical devices. These apps do not meet the FD&C Act’s definition of a medical device and, per the guidance, FDA therefore does not intend to regulate them. The second category consists of mobile apps that meet the statutory definition of medical device but pose a low risk to public health and safety. Accordingly, FDA intends to exercise enforcement discretion over these devices (meaning that, in general, the agency will not enforce the requirements of the FD&C Act with regard to this category of mobile apps). FDA explains in the guidance that the majority of mobile apps on the market at this time fall within these first two categories. Stated differently, FDA will not regulate the vast majority of health-related mobile apps, either because they technically are not medical devices or, although medical devices, they do not pose a significant risk to the public.

The third category of mobile apps consists of apps that meet the statutory definition of medical device and could pose a risk to patient safety if the mobile app were to malfunction. Consistent with FDA’s current approach, which considers functionality rather than platform, FDA intends to apply its regulatory oversight only to those mobile apps that fall into this third category. Thus, only a relatively narrow subset of mobile apps will be subject to FDA regulation. FDA refers to these apps as “Mobile Medical Apps.”

Because the categorization of a mobile app will determine the manner in which it is regulated by FDA, the agency describes at length in the Mobile Medical Applications guidance the various types of mobile apps in each of the categories. Indeed, the guidance provides numerous examples of the types of companies and products that will be subject to FDA’s regulatory scrutiny.

Mobile Apps That Are Not Medical Devices: The guidance makes clear that not all mobile apps used in the context of medical care will qualify as medical devices. According to FDA, the following are examples of mobile apps that the agency does not consider to be medical devices:

• Mobile apps that are intended to provide access to electronic copies of medical textbooks or other reference materials with generic text search capabilities (e.g., e-books, audio books).
• Mobile apps that are intended to be used by healthcare providers as educational tools for medical training or to reinforce training that was previously received (e.g., videos, interactive diagrams).
• Mobile apps that are intended to increase general patient awareness, education, and empowerment, as well as facilitate patient access to commonly used reference information for the purpose of supporting patient-centered healthcare (e.g., apps that provide restaurant menu allergen information).
• Mobile apps that automate general office operations in a healthcare setting and are not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease (e.g., apps that compile insurance claim data for processing).
• Mobile apps that are generic aids or general purpose products (e.g., a mobile platform that is used as an audio-recorder, notebook, or magnifying glass).

Mobile Apps for Which FDA Plans to Exercise Enforcement Discretion: The guidance also identifies several types of mobile apps that FDA considers to be medical devices, but that the agency does not expect will be the focus of its enforcement attention because they pose a low risk to public health and safety:

• Mobile apps that provide or facilitate supplemental clinical care, by coaching or prompting, to help patients manage their health in their daily environment (e.g., apps that remind patients to adhere to pre-determined dosing schedules).
• Mobile apps that provide patients with simple tools to organize and track their health information (e.g., apps that help patients track blood pressure measurements).
• Mobile apps that provide easy access to information related to patients’ health conditions or treatments, beyond providing an electronic copy of a medical reference (e.g., apps that function as tools for looking up drug interactions).
• Mobile apps that are specifically marketed to help patients document, show, or communicate information to healthcare providers about potential medical conditions (e.g., apps that facilitate videoconferencing between patients and healthcare providers).
• Mobile apps that perform simple calculations routinely used in clinical practice (e.g., apps that provide a Body Mass Index calculator).
• Mobile apps that enable individuals to interact with Personal Health Record systems or Electronic Health Record systems (e.g., apps that provide mobile access to patient records).

Mobile Apps That Will Receive Enforcement Attention by FDA: Unlike mobile apps that fall into the two categories above, manufacturers of any of the following types of Mobile Medical Apps should expect FDA to focus its enforcement efforts on their devices:

• Mobile apps that are an extension of one or more medical devices by connecting to such devices for purposes of controlling the devices or displaying, storing, analyzing, or transmitting patient-specific medical device data (e.g., apps that offer remote displays of data from bedside monitors).
• Mobile apps that transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors, or by including functionalities similar to those of currently regulated medical devices (e.g., apps that facilitate the attachment of a blood glucose strip reader to a mobile platform to function as a glucose meter).
• Mobile apps that become a regulated medical device by performing patient-specific analysis and providing patient-specific diagnosis or treatment recommendations (e.g., apps that use patient-specific parameters to calculate dosage forms or quantities).

Applicability of General Medical Device Requirements to Mobile Medical Apps
The Mobile Medical Applications guidance confirms that Mobile Medical Apps are, in fact, subject to the same regulatory requirements as traditional medical devices. Where a Mobile Medical App, on its own, falls within a medical device classification, its manufacturer is subject to the requirements associated with that classification. Manufacturers must meet all requirements associated with the applicable device classification, including those related to the following general requirements for medical devices:

Establishment Registration and Medical Device Listing: Like the requirements imposed on traditional medical device manufacturers, Mobile Medical App manufacturers are required to register their establishments with FDA and list their devices by identifying for FDA the Mobile Medical Apps they market.

Investigational Device Exemption Requirements: A Mobile Medical App manufacturer must comply with all applicable investigational device exemption requirements imposed on the collection of safety and effectiveness data required to support a Premarket Approval application or a Premarket Notification submission (i.e., 510(k)) to FDA. FDA encourages Mobile Medical App manufacturers to engage in discussions with FDA as early in the product development process as possible to determine the appropriate route to market for a particular device.

Labeling Requirements: Medical device manufacturers, including those that manufacture Mobile Medical Apps, are required to comply with all applicable labeling regulations, including those found in 21 C.F.R. pts. 801 (for medical devices) and 809 (for in vitro diagnostic products).

Premarket Submission for Approval or Clearance: Like all medical device manufacturers, Mobile Medical App manufacturers must identify the current classification covering their device. A Mobile Medical App, like other devices, may be classified in Class I (general controls), Class II (special controls in addition to general controls), or Class III (premarket approval). The device classification will determine the premarket submission required by FDA for a particular device.

Quality System Regulation: Mobile Medical App manufacturers are required to comply with the quality system regulation (21 C.F.R. pt. 820), which provides a framework for all manufacturers to help ensure that their products consistently meet applicable production requirements and specifications. The regulation also requires all Mobile Medical App manufacturers to appropriately verify and validate their Mobile Medical Apps, along with associated mobile platforms, to ensure safe and effective operation of their devices.

Adverse Event Reporting: The medical device reporting regulation (21 C.F.R. pt. 803) imposes mandatory adverse event reporting requirements on all device manufacturers to report each significant adverse event to FDA.

Correcting Problems: Like all medical device manufacturers, a Mobile Medical App manufacturer may voluntarily take action at any time, or may be asked by FDA to take action at any time, to correct a problem that has been identified with the manufacturer’s device. Similarly, manufacturers of Mobile Medical Apps are required to report promptly to FDA that a corrective action has been taken by or on behalf of the manufacturer to address a problem with the manufacturer’s device.

Although FDA’s Mobile Medical Applications guidance provides some answers, many questions remain. It seems clear that FDA wants to avoid stifling innovative development of health-related mobile apps by lightly regulating most mobile apps and focusing agency resources on those apps that meet the statutory definition of medical device and would pose a significant risk if they malfunctioned, i.e., Mobile Medical Apps. What is less clear, however, is the manner in which FDA will regulate the fast-moving world of Mobile Medical Apps. Will FDA, for example, require approval or clearance of every software update developed for a Mobile Medical App? Or will the agency only require that updates presenting a material risk be subject to premarket requirements? Fortunately, FDA states in the guidance that the agency is open to working with mobile app developers on these and any other follow-up questions, and it has developed a website to disseminate information about ongoing FDA regulation and guidance in this developing area. 

References

1. Federal Food, Drug, and Cosmetic Act § 201(h), 21 U.S.C. § 321(h).
2. See FDA, “Examples of MMAs the FDA Has Cleared or Approved,” available at http://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/ConnectedHealth/MobileMedicalApplications/ucm368784.htm (last visited Oct. 16, 2013).
3. Letter from James L. Woods, Deputy Director, Patient Safety and Product Quality, Office of In Vitro Diagnostics and Radiological Health, Center for Devices and Radiological Health, FDA, to Myshkin Ingawale, Biosense Technologies Private Ltd. (May 21, 2013).
4. See FDA, Guidance for Industry and Food and Drug Administration Staff, Mobile Medical Applications (Sep. 25, 2013), available at http://www.fda.gov/medicaldevices/productsandmedicalprocedures/connectedhealth/mobilemedicalapplications/default.htm (last visited Oct. 16, 2013).

---

Kyle Sampson is a partner in the Washington, D.C. office of Hunton & Williams LLP (www.hunton.com) and a member of
the Firm’s Food and Drug Practice. He can be reached at ksampson@hunton.com. Allison L. Reschovsky is an associate
at Hunton and can be reached at areschovsky@hunton.com