Article prepared by and republished courtesy of our colleagues Mary Langowski, Rebecca Jones McKnight, Kristen Ratcliff and So-Eun Lee; originally published here: http://www.dlapiper.com/offering-health-care-solutions-at-consumers-fingertips-what-you-should-know-about-fda-regulation-of-mobile-medical-apps/.

Over two years after the Food and Drug Administration issued draft guidance on “mobile medical applications,” the agency recently issued its greatly anticipated final guidance. As FDA considered comments from stakeholders during this prolonged review period, many in the industry continued to struggle with understanding the boundaries proposed by FDA and their potential impact on businesses across the health care sector.

The principles outlined in the final guidance remain consistent with those described in the draft guidance. FDA has stated that it is “not expanding [FDA’s] universe” by regulating mobile medical applications (i.e., apps), but rather applying longstanding basic tenets of medical device regulation and–at the core – requirements of the Food, Drug and Cosmetic Act (FDCA). These principles may, however, be unfamiliar to many in the technology space, particularly those who have not previously been involved with FDA-regulated devices.

In response to industry requests for clarity, FDA added a number of specific examples in the final guidance, including examples of mobile apps that would not be considered regulated devices; and those that would technically be considered devices, but to which FDA would apply enforcement discretion.

Below we provide an overview of FDA’s final guidance, including a high-level look at FDA’s intended regulatory approach.

Should I be paying attention?

FDA’s guidance applies to “mobile medical app manufacturers,” so in determining whether the guidance is relevant to you, there is a two-part analysis: (1) what is the exact nature of the product; and (2) what is your role with respect to the design, specification development, manufacture, packaging or labeling.

This same analysis is relevant for any product that is, or might be considered, a “medical device.” It is especially noteworthy, however, for companies which may be new to the FDA-regulated space and may be unfamiliar with FDA’s broad definitions of “medical devices” and “manufacturers.”

Is the app regulated?

As a starting point, a software application will be subject to FDA regulation if it meets the definition of a “device” in the FDCA. The statutory definition includes any “instrument, apparatus, implement machine, contrivance . . . or other similar or related article, including a component part, or accessory which is: . . . intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals.”

The “intended use” is a critical determining factor for whether FDA will deem a technology a “device” subject to regulation. FDA notes that labeling claims, advertising materials and/or oral or written statements by manufacturers or their representatives are instructive when determining the “intended use” of a device. Further, FDA clarifies that “when the intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man,” the mobile app is a device.

In defining a “mobile medical app,” the guidance calls out two particular ways that a technology could be deemed within the statutory definition: if it is “an accessory to a regulated medical device” or intended “to transform a mobile platform into a regulated medical device.”

The final guidance separates apps into three broad categories:

Category 1: Apps that do not meet the statutory definition of a device, and thus are not subject to FDA oversight

Category 2: Apps that may meet the statutory definition of a device, but present such a low risk of patient harm that the FDA is not going to exercise oversight at this time

Category 3: Apps that do meet the statutory definition of a device and the above definition of a “mobile medical app,” and that present potential patient risks warranting FDA oversight at this time

As outlined in the FDA’s guidance, examples of each type of app include:

Apps that do not meet the   statutory definition of a device, and thus are not subject to FDA oversight Examples include:

  • Mobile apps that are intended to provide electronic   “copies” of medical textbooks or other reference materials with generic text   search capabilities
  • Mobile apps that are intended for health care providers   to use as educational tools for medical training or to reinforce training   previously received
  • Mobile apps that are intended for general patient   education and facilitate patient access to commonly used reference   information
  • Mobile apps that automate general office operations in   a health care setting and are not intended for use in the diagnosis of   disease or other conditions, or in the cure, mitigation, treatment or   prevention of disease
  • Mobile apps that are generic aids or general purpose   products
Apps that may meet the   definition of a device, but present such a low risk of patient harm that the   FDA is not going to exercise oversight at this time Examples include:

  • Mobile apps that provide or facilitate supplemental   clinical care, by coaching or prompting, to help patients manage their health   in their daily environment
  • Mobile apps that provide patients with simple tools to   organize and track their health information
  • Mobile apps that provide easy access to information   related to a patients’ health conditions or treatments (beyond providing an   electronic “copy” of a medical reference)
  • Mobile apps that are specifically marketed to help   patients document, show or communicate to providers potential medical conditions
  • Mobile apps that perform simple calculations routinely   used in clinical practice
  • Mobile apps that enable individuals to interact with   personal health record systems or electronic health record systems
Apps that do meet the   statutory definition of device and the definition of a “mobile medical app,”   and that present potential patient risks warranting FDA oversight at this   time. Examples include:

  • Mobile apps that are an extension of one or more   medical devices by connecting to such device(s) for purposes of controlling   the device(s) or displaying, storing, analyzing or transmitting   patient-specific medical device data
  • Mobile apps that transform the mobile platform into a   regulated medical device by using attachments, display screens or sensors or   by including functionalities similar to those of currently regulated medical   devices
  • Mobile apps that become a regulated medical device   (software) by performing patient-specific analysis and providing   patient-specific diagnosis, or treatment recommendations

FDA “strongly recommends” that manufacturers of all apps that meet the definition of “device,” including those over which FDA will exercise regulatory discretion (the second category above), follow FDA’s Quality System regulation in the design and development of their apps.

For apps in the third category, another level of analysis is required to determine exactly how FDA will regulate the app, and what specific requirements apply, depending on the classification (e.g., Class I, Class II, Class III), device type and intended use. For example, an app might be a “Medical Device Data System,” which is a Class I device, or – based on features offered – it might be regulated at a higher level, e.g., as an accessory to a connected device, which then must comply with the controls applicable to that connected device.

Are my operations regulated?

Being deemed a “manufacturer” has significant consequences in terms of FDA compliance, in a variety of areas. Definitions of “manufacturer” or “manufacture” are detailed in regulations setting out related responsibilities for: medical device reporting when malfunctions, injuries or deaths occur (21 C.F.R. Part 803); reporting of device corrections or removals (21 C.F.R. Part 806); establishment registration and listing and premarket notification (510(k)) (21 C.F.R. Part 807); and Quality Systems/Good Manufacturing Practice requirements (21 C.F.R. Part 820).

In the final guidance, FDA provides several examples of a “manufacturer” in the mobile medical app context, clarifying that it includes any person or entity that:

  • Creates, designs, develops, labels, re-labels, remanufactures, modifies or creates a mobile medical app software from multiple components
  • Initiates specifications or requirements for mobile medical apps or procures product development/manufacturing services from other individuals or entities (second party) for subsequent commercial distribution
  • Creates a mobile medical app and hardware attachments for a mobile platform that are intended to be used as a medical device by any combination of the mobile medical app, hardware attachments and the mobile platform or
  • Creates a mobile medical app or a software system that provides users access to the medical device function through a website subscription, software as a service, or other similar means.

For companies involved in any way with the development, creation or distribution of mobile medical technologies, we recommend careful consideration of the regulatory definitions to proactively assess their applicability and to ensure compliance.