August 09, 2011
FDA Facing Huge Task in Regulating Mobile Medical Apps
“The entire device regulation begins with a concept that is based on the intended use. Nowhere in that intended use statement does it either exempt or include any type of technology. It's applicable to any type of technology." John Murray, FDA
The Withings blood pressure monitor connects with an app available on iOS devices like the iPhone and iPad.
The FDA has already cleared a handful of mobile medical apps used by health care professionals, such as a smartphone-based ultrasound and an application for iPhones and iPads that allows doctors to view medical images and X-rays. But to-date, the FDA has not cleared any consumer-facing mobile medical apps. Nor does it appear that the FDA realizes how big a job this will be.
Apple says its iPhone App Store has more than 350,000 apps overall. As of this writing, there are more than 10,000 iPhone apps that implement 'medical' or 'health-related' content, many with interpretive or decision-support or image or waveform display functions that are within the scope of what the FDA says it will now actively regulate. There are more than 1,500 medical apps for Android phones and about 500 for Blackberry devices. For the ones that are moderate-risk Class II devices, fewer than 10 such apps today have FDA 510(k) clearance. Here are some that have:
Almost none of the manufacturers of the ones that are low-risk Class I devices have so far registered and listed their apps with the FDA.
Although the guidance document released on July 19 provides clarification on how the Agency will regulate mobile medical apps, it leaves many areas unaddressed. For example, the FDA states that it intends to exercise case-by-case “enforcement discretion” with regard to certain mobile apps that do not meet the definition of a “mobile medical app,” but may meet the statutory definition of a software “medical device.” Apps that enable consumers to self-manage their diseases or disease risks are an example of devices that FDA will monitor and exercise case-by-case "enforcement discretion" with.
And, the guidance document clarifies that “a mobile platform is not a ‘medical device’ simply because it can be used to run a mobile medical app." But if the tablet, smartphone, or other mobile platform is being marketed with a medical device intended use, then it would meet the statutory definition of a medical device and it would then be subject to full force of FDA regulation, including Good Manufacturing Practices (GMP) regs.
According to the FDA guidance document, examples of mobile medical device manufacturers include any person or entity that:
- Creates, designs, develops, labels, re-labels, remanufactures, modifies, or composes a software system from multiple components. This could include a person or entity that creates a mobile medical app by using commercial off-the-shelf software components and markets the product to perform as a mobile medical app;
- Provides mobile medical app functionality through a "web service" or "web support" for use on a mobile platform. For example, a manufacturer of a mobile medical app that allows users to access the application's medical device functionality over the web is considered a mobile medical app manufacturer;
- Initiates specifications or requirements for mobile medical apps or procures product development/manufacturing services from other individuals or entities (second party) for subsequent commercial distribution; or
- Creates and distributes a mobile medical app, whether for money payment or at no charge, that is intended to be used on a mobile platform, or that manufactures a mobile app to be supported by hardware attachments to the mobile platform with a medical intended use.
Most of the developers of the thousands of medical apps that exist today for mobile devices are not traditional medical device manufacturers. Few of them have ever “manufactured” anything before they developed their app. Few of them have any familiarity with FDA regulations. Even fewer have staff who are trained in regulatory submissions and compliance.
FDA does not consider the following to be mobile medical apps for purposes of active their active oversight:
- Mobile apps that are only used to log, record, track, evaluate, or make decisions or suggestions related to developing or maintaining general health and wellness, including dietary and exercise logs, appointment reminders, dietary suggestions based on a calorie counter, posture suggestions, exercise suggestions.
- Mobile apps that only automate things like medical appointments or insurance transactions.
- Mobile apps that function only as electronic health records or personal health records, unless they also implement imagery, waveforms, trend analysis, or other display or decision-support features that are intended for preventing, diagnosing, treating, or mitigating a specific disease, disorder, or identifiable health condition (such as WakeMate or FitBit or Jawbone Up or smartphone accelerometer sensors tracking sleep apnea).
- Mobile apps that are only electronic "copies" of medical textbooks or reference materials, or are solely used to provide clinicians with training or reinforce training previously received and do not contain or emit any patient-specific information.
In contrast, the FDA does say they intend to regulate mobile apps that allow the user to input patient-specific information along with reference material to automatically diagnose a disease or condition are considered mobile medical apps. But apps like iTriage (seen below) are in a “gray” area. They are possibly not within the scope that the FDA intends to actively regulate, because they are nominally 'reference database look-up' apps, enabling the user to retrieve symptom, disease, procedure, medication, and other information. But, on the other hand, apps like iTriage do imply, and overtly represent in their marketing materials, that they counsel consumer users and direct them to seek medical attention or, conversely, not to seek it, depending on how the displayed information matches (or not) the information the patient provides. In other words, clicking on an item in iTriage or similar apps denotes a user’s intention to receive—and the company’s intention to deliver—actionable medical advice and decision-support interpretations from the app, including where to get or not get medical services and what those services will be. So finger-pressing a GUI item on a mobile app like this constitutes a type of personal information entry every bit as much as keying in the word for that diagnosis or medicine or procedure, in traditional keyboard-centric tell-and-ask style.
The iTriage app strangely seems to assert that no medications are relevant to AAA management.
In a way, there is nothing "new" in the newly-released guidance from the FDA. Nothing new anyhow for companies that are well-experienced in delivering products and services subject to medical device regulations. Nor is there anything "new" in the guidance with regard to consumers, who expect that medical devices should be safe and effective and work the way they are intended to work. The only ones who will find anything "new" are entities who have up until now gratuitously denied that their health apps are medical devices subject to regulation or GMP/QSR or Design Assurance or validation testing or other SOPs and controls of any kind, or who object to governments' regulatory role in protecting public safety.
The main problem I see at this point is that many app types that are marketed with health claims do not yet have FDA product codes. There are currently 5,708 FDA medical device product codes, but the thousands of current mobile medical apps are mostly for use-cases the FDA has never thought of, and that therefore the FDA has never created product codes for. And it will likely take the Agency months to create a new product code each time they receive an inquiry about something that’s not now on their product code list. In terms of innovation, there is no recipe there to “go fast."
So, if a typical innovative mobile app developer tries to do the right thing and register with the FDA and list their mobile apps and submit 510(k) or other applications, the developer may not be able to do that right away, because the FDA has no product-code "bin" to assign it to. Just the same, every mobile medical app developer should establish contact with the Agency and start the process, to avoid a Warning Letter or other serious sanctions. The FDA may not have a product-code ready for your app yet, but at least you will have correspondence from the Agency that is evidence of your intention to do what is right.
In summary, the new FDA guidance on mobile apps is a good step toward better safety for consumers and for a more level playing field for all participants in the mobile medical apps marketplace. It places “get-rich-quick” medical app developers on-notice that the FDA now intends to begin enforcing the law and regulations that have always been on the books but that the FDA has, up to now, not applied to them, but which the FDA has for many years applied to larger, traditional software medical device companies. Despite the fact that the FDA guidance says ‘draft’ and is open for ‘public comment’, the days when the regulations (and the costs associated with complying with them) were selectively applied to just a few are effectively over. Recent FDA Warning Letters and field inspections show that this is so, every bit as much as the Guidance document does.
Mobile apps’ ability to empower consumers is naturally associated with the potential to unsafely disintermediate the services of clinically-trained professionals, from whom consumers might otherwise have sought advice and care. For people who do not have ready access to those services because of lack of insurance coverage or shortages of providers or other reasons, ‘some’ medical advice is usually better than ‘nothing.' But there’s tension between cheap mobile apps and protecting patients from unnecessary risks that may arise with those apps. For the FDA, it’s not just about sensors or devices attached to the phones or tablets. It’s about the overall system, the manufacturer’s intended use and the usership, the use-case, the hazards that arise with that use-case, everything.
Douglas McNair, MD, PhD, Senior VP, is one of three Cerner Engineering Fellows and is responsible for innovations in decision support and very-large-scale datamining. McNair joined Cerner in 1986, first as VP of Cerner’s Knowledge Systems engineering department; then as VP of Regulatory Affairs; then as General Manager for Cerner’s Detroit and Kansas City branches. Subsequently, he was Chief Research Officer, responsible for Cerner’s clinical research operations. In 1987, McNair was co-inventor and co-developer of Discern Expert®, a decision-support engine that today is used in more than 2,000 health care facilities around the world. Between 1977 and 1986, McNair was a faculty member of Baylor College of Medicine in the Departments of Medicine and Pathology. He is a diplomate of the American Board of Pathology and the American Board of Internal Medicine.