By: Seth A. Mailhot
The U.S. Food and Drug Administration (FDA) issued a final guidance September 25, 2013 titled, “Mobile Medical Applications.” The guidance sets out the scope of FDA’s enforcement discretion on medical software applications designed for mobile devices. The final guidance follows up on a draft guidance issued on July 21, 2011, and is intended to provide even more predictability and clarity for manufacturers of mobile medical apps. The final guidance provides further examples of the types of mobile medical apps to be regulated (and not regulated) by FDA. FDA has planned a Twitter chat to discuss the new guidance on September 26 at 3:30 p.m.
Much of the guidance reiterates or restates the longstanding policy set out by FDA on the regulation of software as a medical device. For example, as noted in the guidance, “when stand-alone software is used to analyze medical device data, it has traditionally been regulated as an accessory to a medical device or as medical device software.” The regulatory policy set out in the guidance applies a risk based approach to mobile medical apps. As stated in the guidance, “certain mobile medical apps can pose potential risks to public health. Moreover, certain mobile medical apps may pose risks that are unique to the characteristics of the platform on which the mobile medical app is run. . . .FDA intends to take these risks into account in assessing the appropriate regulatory oversight for these products.”
One important point to note is that with the expansion in portable computing power, almost any medical software application that operates on a current off-the-shelf operating system may be viewed as a mobile medical app subject to the guidance. According to the guidance, “mobile platforms are defined as commercial off-the-shelf (COTS) computing platforms, with or without wireless connectivity, that are handheld in nature. Examples of these mobile platforms include mobile computers such as smart phones, tablet computers, or other portable computers.” While the guidance refers to “desktops” as being distinct from “mobile platforms,” the guidance does not distinguish software that may operate on both a desktop and a mobile platform due to a shared operating system.
The definition of a mobile platform is actually a departure from the draft guidance, which adhered more closely to what would typically be considered a “mobile platform.” In the draft guidance, the definition included as examples, “the iPhone®, BlackBerry® phones, Android® phones, tablet computers, or other computers that are typically used as smart phones or personal digital assistants (PDAs).” While computing technology has advanced, expanding the definition to contemplate notebooks and other slim-profile computers adds a certain layer of confusion to the guidance.
The final guidance restates and expands the policy from the draft guidance on the entities that qualify, and do not qualify, as mobile medical app manufacturers. For example, developers that create a mobile medical app based on specifications from an “author” do not qualify as a manufacturer subject to FDA regulation. Content distributors, such as the owners and operators of “Google play,” “iTunes App store,” and “BlackBerry App World,” also are not held to be mobile medical app manufacturers. The final guidance, however, fails to address what responsibility such content distributors might have in terms of complaint handling and recalls, given the control such content distributors exert over the distribution system for mobile devices1.
FDA did note that entities that distribute their mobile medical app software as a service, such as through a web-based subscription, do qualify as manufacturers. Note that this does not mean that FDA is extending into the regulation of services distributed through web-based software applications, only that the software distributed under this model would be subject to FDA regulation.
The core policy articulated in the guidance is the categories of medical software that are considered mobile medical apps, and those that are subject to enforcement discretion by FDA. FDA identifies three categories that the agency considers to be mobile medical apps:
- Mobile apps that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing, or transmitting patient-specific medical device data.
- Mobile apps that transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors or by including functionalities similar to those of currently regulated medical devices. Mobile apps that use attachments, display screens, sensors or other such similar components to transform a mobile platform into a regulated medical device are required to comply with the device classification associated with the transformed platform.
- Mobile apps that become a regulated medical device (software) by performing patient-specific analysis and providing patient-specific diagnosis, or treatment recommendations. These types of mobile medical apps are similar to or perform the same function as those types of software devices that have been previously cleared or approved.
FDA also outlines six general categories of medical software that are subject to enforcement discretion:
- Mobile apps that provide or facilitate supplemental clinical care, by coaching or prompting, to help patients manage their health in their daily environment.
- Mobile apps that provide patients with simple tools to organize and track their health information.
- Mobile apps that provide easy access to information related to patients’ health conditions or treatments (beyond providing an electronic “copy” of a medical reference).
- Mobile apps that are specifically marketed to help patients document, show, or communicate to providers potential medical conditions.
- Mobile apps that perform simple calculations routinely used in clinical practice.
- Mobile apps that enable individuals to interact with PHR systems or EHR systems.
In particular, FDA expanded the types of medical imaging software that would be exempt from FDA regulation. The previous draft guidance suggested that using a magnifying function for a specific medical purpose would make the software a regulated medical device. This left the impression that using any camera or light source native to a mobile platform for a specific medical purpose might be regulated by FDA. FDA clarified that “utiliz[ing] the mobile device’s built-in camera or a connected camera for purposes of documenting or transmitting pictures (e.g., photos of a patient’s skin lesions or wounds) to supplement or augment what would otherwise be a verbal description in a consultation between healthcare providers or between healthcare providers and patients/caregivers” would not be regulated by FDA as a mobile medical app.
FDA also provided specific clinical calculations that would be exempt from FDA regulation as a medical device:
- Body Mass Index (BMI)
- Total Body Water / Urea Volume of Distribution or Mean arterial pressure
- Glascow Coma Scale score
- APGAR score
- NIH Stroke Scale
- Delivery date estimator
Although the guidance ostensibly deals with mobile medical apps, the policy statements on what medical software qualifies for FDA regulation may also be applied to medical software designed for desktop platforms, as the underlying basis for many of the positions articulated by FDA are founded upon longstanding polices on medical software. The issuance of this guidance provides companies with an opportunity to review product offerings to confirm whether their medical software products meet the threshold for FDA regulation. Michael Best can assist medical software companies with this review, and can advise on how to meet FDA’s regulatory requirements for mobile medical apps. Michael Best has experience with medical software submissions to FDA, and the role that the software design control process plays in FDA’s regulation of medical software.
1 This was an issue carried over from the draft guidance. FDA suggests that these content distributors “do not engage in any manufacturing functions as defined in 21 CFR Parts 803, 806, 807, and 820,” but overlooks the pervasive control some content distributors have over software updates and complaint reporting.