On July 19, the Food and Drug Administration (FDA) issued a new draft guidance document, titled Mobile Medical Applications, describing FDA's position on the regulation of mobile applications, i.e., software applications intended to run on mobile platforms, such as smart phones, personal digital assistants, tablets, and other mobile computing devices. FDA stated that its proposed approach is intended to focus only on a small subset of mobile applications, or "apps," that may impact the performance of currently regulated devices. To this end, the draft guidance provides some principles to apply and examples of the types of mobile apps that would be considered regulated medical devices. However, a number of uncertainties remain as to exactly where FDA draws the line between regulated and unregulated apps. Thus, although FDA stated intention is to concentrate on those mobile apps that present the greatest risk to patients, ambiguities in the draft guidance may hinder that objective.
In the new draft guidance, FDA defines a "mobile medical app" as a mobile app that (1) meets the definition of a "device" under the Federal Food, Drug, and Cosmetic Act (FFDCA) and (2) either (a) is used as an accessory to a regulated medical device or (b) transforms a mobile platform (such as a mobile phone) into a regulated medical device.
FDA states in the draft guidance that it intends to limit its regulation of mobile apps to those that fall within the definition of a "mobile medical app," and that it would exercise enforcement discretion for other mobile apps that meet the definition of a "device" under the FFDCA but do not meet the definition of a "mobile medical app."
However, the precise scope of what is and is not an actively regulated "mobile medical app" is not clearly discernible. For example, to fall within the "mobile medical app" definition, an app must be used as an accessory to, or transform a mobile platform into, a "regulated medical device," which FDA defines as a device that has been classified by FDA or otherwise cleared or approved by FDA (e.g., via a 510(k) premarket notification or premarket approval application). Taken together, the "mobile medical app" and "regulated medical device" definitions would exclude from active FDA regulation apps for novel device uses that have not been previously classified, cleared, or approved by FDA.
Nonetheless, the examples of regulated mobile medical apps provided in the draft guidance appear to include some apps that fall outside the above definition. For example, FDA states that it considers mobile apps "that allow the user to input patient-specific information and—using formulae or processing algorithms—output a patient-specific result, diagnosis, or treatment recommendation to be used in clinical practice or to assist in making clinical decisions" to be regulated mobile medical apps. However, there are likely many novel diagnostic software algorithms that would fall within the scope of this example but are not yet classified by FDA and, thus, would not meet the definition of a "mobile medical app."
The examples provided in the draft guidance for apps subject to enforcement discretion (i.e., apps that meet the definition of a "device" but do not meet the definition of a "mobile medical app") are similarly ambiguous. FDA includes in this category mobile apps that "log, track, and graph manually-entered (keyed in) data that lead to reminders or alarms." It is unclear, however, what types of reminders or alarms would fall within this category of unregulated apps or whether apps that contain formulae or algorithms to generate reminders or alarms would be included.
Notwithstanding the above ambiguities, the draft guidance provides useful examples of regulated mobile medical apps, including a lengthy appendix listing.
Manufacturers and marketers of mobile apps that may be affected by the draft guidance have 90 days to submit comments to FDA. If you have any questions on the issues discussed in this LawFlash or would like assistance in preparing comments to FDA, please contact the authors of this LawFlash, M. Elizabeth Bierman (202.739.5206; firstname.lastname@example.org) or Michele Buenafe (202.739.6326; email@example.com).