October 2013 Update: Software and Mobile Medical Apps Regulation

October 28, 2013

Mobile Medical Applications: Final Guidance

On September 23, the U.S. Food and Drug Administration (FDA or the Agency) issued the final version of its controversial guidance document (the Final Guidance) on mobile medical applications (apps), confirming that FDA views such products to be within its regulatory authority. As with the draft guidance issued in July 2011, the Final Guidance describes FDA’s policy for regulating mobile medical apps through examples. Thus, the Final Guidance lists generic and specific examples of apps that FDA will or will not regulate rather than describing factors or rules to determine whether or not an app is regulated. This “guidance by example” approach suggests that FDA may have faced difficulties in determining exactly where the line should be between regulated and unregulated apps or how to define this line. Although the “guidance by example” approach provides certainty for apps that clearly fall within the examples described in the Final Guidance, it will be more problematic for apps that do not fit neatly into one of these categories.

The Final Guidance, however, does make clear that FDA intends to take a limited approach in its regulation of mobile medical apps. For example, the Final Guidance expands the apps subject to enforcement discretion (i.e., not actively regulated by FDA), limiting FDA’s active regulation to those mobile apps that present a greater risk. The Final Guidance also includes expanded guidelines for the types of entities that are not subject to regulatory oversight.[1]

FDASIA Workgroup Recommendations

On September 4, the Food and Drug Administration Safety and Innovation Act (FDASIA) Workgroup (the Workgroup) released its final recommendations on a risk-based regulatory framework pertaining to health IT, including mobile apps. The Workgroup recommendations described potential issues and problems associated with the current regulatory oversight of health IT by FDA, the Office of the National Coordinator for Health Information Technology (ONC), and the Federal Communications Commission (FCC). The Workgroup also provided recommendations for a new regulatory framework for health IT. With respect to FDA’s regulation of health IT, the Workgroup made the following specific recommendations:

  • FDA should actively establish a policy of “enforcement discretion” for the lowest-risk health IT where enforcement of regulations is inappropriate.
  • FDA should assess exemption from good manufacturing practices for lower-risk health IT.
  • FDA should expedite guidance on health IT software, mobile medical apps, and related matters.
  • FDA should improve internal coordination on health IT software and mobile medical apps policies and regulatory treatment.
  • FDA should utilize external-facing resources to proactively educate the public about how policies and regulation impact health IT and mobile medical apps.
  • There may exist a need for additional funding to appropriately staff and build FDA expertise in health IT and mobile medical apps.
  • Health IT should not be subject to FDA premarket requirements, except for the following:
    • “Medical device accessories” (to be defined clearly by FDA)
    • Certain forms of high-risk clinical decision support, such as “Computer Aided Diagnostics” (to be defined clearly by FDA)
    • Higher-risk software use cases, as described in the Workgroup report, including those where the intended use elevates aggregate risk

What’s Next

The FDA, ONC, and FCC will evaluate the Workgroup’s recommendations, along with any public comments they receive, to draft a report to Congress on proposed strategies and recommendations for an appropriate risk-based regulatory framework for health IT. By statute, the report must be submitted to Congress by January 2014.

Developers of clinical decision support (CDS) software will need to wait for the final FDASIA report to Congress for clarity on how, or whether, FDA intends to regulate such products. The Final Guidance on mobile medical apps explicitly excluded CDS software, and Dr. Jeffrey Shuren, Director of FDA’s Center for Devices and Radiological Health, stated that CDS software will be addressed separately in the FDASIA report.

[1]. For a more thorough analysis of the Agency’s current thinking on the regulation of mobile medical apps, see our September 25, 2013 LawFlash, “FDA Issues Long-Awaited Final Guidance on Mobile Medical Applications,” available here, and the materials from our recent webinar on the Final Guidance.