The draft guidance helps the agency balance safety and foster innovation by providing manufacturers and developers of mobile medical applications (apps) with a clear understanding of agency expectations. It defines a small subset of mobile apps that present the greatest safety risk—such as applications that are an accessory to a medical device or that transform the mobile communications device, such as a smartphone, cellphone, or electronic tablet into a medical device.

By limiting our oversight to apps that present risk to patients we can support continued innovation in this field. The draft guidance describes mobile apps that fit the definition of a medical device, but that we are not planning to regulate at this time.

The guidance is aimed at focusing only on devices that may prove problematic to patients; on the other hand, we want to promote mobile health apps that empower patients to take charge of their healthcare.

The guidance focused only on devices that may prove risky to patients; on the other hand, we want to promote mobile health apps that empower patients to take charge of their healthcare. People already expect medical devices to be safe – we want to make sure that such confidence continues – regardless of the device's platform: For example, that an electrocardiogram (ECG) should be safe and effective even if it's on a tablet or a smartphone.

The FDA has a public health responsibility to oversee the safety and effectiveness of a small subset of mobile medical applications that present a potential risk to patients if they do not work as intended. We have defined the small subset of mobile medical applications that may impact the performance or functionality of currently regulated medical devices. This includes mobile medical applications that:

  1. Are used as accessories to medical devices already regulated by the FDA: for example, an application that allows a healthcare professional to make a specific diagnosis by viewing a medical image from a picture archiving and communication system (PACS) on a smartphone or a mobile tablet; or

  2. Transform mobile communications devices into regulated medical devices by using attachments, sensors, or other devices: for example, an application that turns a smartphone into an ECG machine to detect abnormal heart rhythms or determine if a patient is experiencing a heart attack.

You can see how some of these could pose a health risk, and why it's important that we review certain apps. It's important to note that at this time the FDA has not received any reports of clinical problems related to the use of mobile medical applications. However, we usually expect underreporting with all devices. This draft guidance will increase awareness of mobile medical apps, and we are prepared to see an increase in the number of reports.

As outlined in the draft guidance, we are focusing on a small subset of apps that present a potential risk to patients. This outlined approach does not cover the majority of mobile medical apps, such as those for general wellbeing, like calorie counters.

It's important to note that at this time the FDA has not received any reports of clinical problems related to the use of mobile medical applications.

Examples of general wellbeing and low risk devices would be those that track exercise, weight, and calories for generally staying healthy. We want patients to have access to those apps as they will likely lead to better informed heathcare decisions. That is why the draft guidance focused on apps, which, if they don't work, pose a risk to the patient.

Regulating a medical device based on risk to patients requires differentiating between general health/wellbeing (even though some of these may technically meet the definition of a medical device) and, say, a treatment therapy.

Risk to patients is the number one criterion. Some general wellbeing apps may meet the definition of a medical device, but they likely don't pose a great enough risk to patients for FDA's active oversight.

To clarify some guidance terminology, the term “enforcement discretion” means that even if the medical app may meet the definition of a medical device, the FDA can choose to not enforce our requirements because we have determined that the risk to patients is low.

In the guidance, we had a sentence to the effect that we will “decline to pursue enforcement actions” and only choose to enforce something if it raises public health concerns. Some might be concerned that enforcement is open-ended, but this is not true. If we were to blanket-change the policy, we would follow an open public-input process.

With so many apps at our fingertips, how do we know which ones are safe to use?

With so many apps at our fingertips, how do we know which ones are safe to use?

Close modal

For people concerned about a hypothetical scenario in which a low risk device turns out to be high risk, the important thing to consider is how patients are affected. For a particular device, we enforce regulations to protect patients.

Even if a general wellbeing app qualifies as a Class I device, we would not be interested in regulating it, because of low risk. Risk to patients is the number one criterion.

The draft guidance outlines what we consider to be medical devices. As such, they will be classified like all other medical devices, according to their level of risk. FDA premarket review applies only to Class II and Class III mobile medical applications. At this time we believe the majority of mobile medical applications in the marketplace are likely to be Class I, meaning they do not require premarket review.

People new to the medical device field often do not realize that Class I devices do not require premarket review. Also, entering the field of healthcare from another field, people often don't realize that they are subject to new rules and federal regulations.

At CDRH, we don't think that safety and innovation are incompatible. Rather than focus on more regulation or less regulation, we focus on smart regulation.

We encourage all developers of mobile medical apps—and mobile apps in general—to submit comments on the draft guidance so that we can work together to create a final document that best supports industry and patient safety. We also encourage these developers to work with the FDA earlier, especially if they have questions on the risk level of their app.

Not everything is a long process, as some of these apps can be Class I, requiring no process; just registration, and a promise to follow good quality management techniques to maintain the quality of the app.

At CDRH, we don't think that safety and innovation are incompatible. Rather than focus on more regulation or less regulation, we focus on smart regulation. Smart regulation allows innovation to thrive, by eliminating undue regulatory obstacles, and assures consumer confidence that medical technology in the U.S. remains safe and effective.

We believe that safety and innovation are complementary, mutually supporting aspects of our public health mission. This holds true for all medical devices—we continuously strive to make sure our processes are aligned to what is needed.

We also understand that technology is evolving much faster. We want to make sure that we are regulating at the right level. I would like to close saying that we do want to make sure our regulations are smart and in accordance with the benefits and risks to public health.

Interview Subject

Bakul Patel is senior policy advisor to the center director, Center for Devices and Radiological Health (CDRH), at the U.S. Food and Drug Administration (FDA). E-mail: [email protected]