It takes many years and hundreds of millions of dollars to develop a blockbuster new drug and then see it through regulatory approval. On the other hand, a mobile health app could be developed in weeks to months with nothing more than sweat equity. Only a fool would have trouble distinguishing these two, or would attempt to apply the regulatory framework of the former to the latter.
Fortunately, the FDA are not fools, and should be given credit for anticipating the trend towards proliferation of mobile healthcare at least as quickly as would seem reasonable in the current political climate.
Mobile Apps Regulation Timeline
Just over three years ago, on July 21, 2011 (back when only 23% of all adults used a smartphone to go online in a typical day, and most iPhone users were running iOS 3 and iOS 4), the FDA released draft guidance on mobile medical applications.
One year later, on July 9, 2012, the Food and Drug Administration Safety and Innovation Act, or FDASIA, was signed into law. One important component of this act was to "Promote Innovation," which included a provision to "further medical device innovation."
Fourteen months later, on September 23, 2013, the FDA issued "final guidance on mobile medical apps" that included a report summarizing their nonbinding recommendations. Despite the common misconception that the FDA plan to regulate all apps with any component of clinical decision support, this document makes clear that the FDA plan to focus "its oversight on mobile medical apps that:
- are intended to be used as an accessory to a regulated medical device – for example, an application that allows a health care professional to make a specific diagnosis by viewing a medical image from a picture archiving and communication system (PACS) on a smartphone or a mobile tablet; or
- transform a mobile platform into a regulated medical device – for example, an application that turns a smartphone into an electrocardiography (ECG) machine to detect abnormal heart rhythms or determine if a patient is experiencing a heart attack."
In April 2014, as a result of the FDASIA, a report was published that detailed "Proposed Strategy and Recommendations for a Risk-Based Framework" for health IT. The report recommended "that no new or additional areas of FDA oversight are needed," and also called for the creation of a "Health IT Safety Center" created by ONC (in collaboration with FDA, FCC and AHRQ) "with the ultimate goal of assisting in the creation of a sustainable, integrated health IT learning system that avoids regulatory duplication and leverages and complements existing and ongoing efforts." The report describes three distinct groups of medical apps, each requiring varying levels of oversight:
|Three categories of health IT functionality as described in the FDASIA Health IT Report, April 2014|
- Administrative Functionality (billing and claims processing, practice and inventory management, and scheduling): no additional oversight
- Health Management Functionality (health information and data exchange, data capture and encounter documentation, electronic access to clinical results, most clinical decision support, medication management, electronic communication and coordination, provider order entry, knowledge management, and patient identification and matching): no intention to focus oversight here if the product meets the statutory definition of a medical device
- Medical Device Functionality (computer aided detection software, remote display or notification of real-time alarms from bedside monitors, and robotic surgical planning and control): oversight required
The Path Forward
Update: click here to read my assessment of the current landscape and the path forward for FDA mobile app regulation.