FDA Issues Guidance on Mobile Medical Devices

John Devine, Kimberly Klayman, Philip Yannella
Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The Food and Drug Administration’s recent guidance on mobile medical applications illustrates the FDA’s growing efforts to combat emerging cybersecurity issues that affect patient safety. The guidance, issued in February 2015, announces the FDA’s intent to regulate certain mobile medical apps used by doctors to diagnose and monitor patient health as medical devices. While the guidance provides much-needed clarity and predictability for mobile app developers and manufacturers, it leaves some questions open, and—given how rapidly the technologies are evolving—is likely not the last guidance the FDA will issue addressing cybersecurity and medical devices.

In October 2014, the FDA issued similar guidance addressing cybersecurity in implantable medical devices. The FDA recommended that developers and manufacturers consider cybersecurity risks as part of the design and development of medical devices and submit documentation to the FDA about those risks and the controls in place to mitigate them. For devices that are already on the market, the FDA instructs developers and manufacturers to submit any plans for providing updates to the data-related operating systems and software related to such devices.

The February guidance builds on the October guidance by announcing the FDA’s intention to treat certain mobile medical apps as medical devices. Apps that the FDA intends to regulate under the February guidance will have to go through normal FDA clearance processes, including premarket approval, labeling approval, and medical device reporting for adverse events. The guidance separates mobile medical apps into three categories:

  • Mobile apps that are considered medical devices, and which the FDA intends to regulate
  • Mobile apps that may be considered medical devices, but which the FDA does not intend to regulate
  • Mobile apps that could be used in a health care environment, but are not considered medical devices by the FDA

Whether or not a mobile medical app will be subject to FDA regulation depends on the app’s intended use. Specifically, the guidance notes that the FDA will focus its oversight on mobile apps that either are meant to be used as an accessory to a regulated medical device or are intended to transform a mobile platform into a regulated device. In other words, the guidance explains that “if a mobile app is intended for use in performing a medical function (i.e., for diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease) it is a medical device [subject to FDA regulation], regardless of the platform on which it is run.”

The FDA is primarily interested in regulating mobile apps whose functionality could pose a risk to a patient’s safety if the app does not function appropriately. Examples of mobile apps that the FDA considers to be medical devices include apps that control infusion pumps, calibrate hearing aids, control cochlear implants, connect to cardiac monitors and transfer data to a central platform, display images for diagnostic review, or connect to a perinatal monitoring system for remote monitoring of labor.

Though app manufacturers and developers should take steps to determine whether their apps will be subject to FDA regulation, a majority of mobile apps will likely not be subject to regulation. This is because the apps either do not meet the FDA’s current definition of a medical mobile app, or they are in a category in which the FDA intends to exercise enforcement discretion. Since the FDA is particularly concerned with mobile apps that can transform a mobile platform into a regulated medical device by using attachments, display screens, sensors, or other such methods, the FDA intends to regulate only a subset of apps. In this way, the guidance illustrates the FDA’s ongoing attempt to balance its growing concern about cybersecurity issues, which affect patient safety, with its desire to regulate only technologies that transform a mobile platform into a regulated medical device.

The convergence of regulations surrounding mobile apps can be complex. A mobile platform could be used in a clinical setting with a variety of different apps, some of which transform it into a medical device and others of which do not. Further, in light of the FDA’s prior cybersecurity guidance concerning, mobile apps that are not ultimately regulated as medical devices may still fall under FDA jurisdiction if they pose cybersecurity risks in the health care industry. Apps that offer data storage or data delivery services may be pulled into the FDA clearance process if they connect with medical devices. The FDA’s recent guidance signals the agency’s attempt to manage the evolving and complicating role that technology is playing in the health care industry. As the FDA refines its cybersecurity guidance, mobile app developers and manufacturers should begin to consider the costs and risks of regulation.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide