FDA’s new draft guidance on mobile apps and what it means to health IT vendors

The FDA released the (currently non-binding) “Draft Guidance for Industry and  Food and Drug Administration Staff on Mobile Medical Applications” earlier this week. I knew many of my clients and readers would be asking about the ramifications of this new guidance so I read the document as soon as it came out. In general I was impressed by the FDA’s balanced approach to patient safety and their desire not to stifle competition; overall I thought they were not looking to overreach their purview and I think they succeeded (except for the part on clinical decision support, discussed further below).

Unlike many regulations that come out of DC, this guidance document is quite readable by us mere mortals: it’s written in plain English  and not legal-speak so I recommend picking up a copy, setting aside 30 minutes, and going through it (if you’re on the beach, it’s great reading).

In case you’re not from DC (like me) and don’t spend your days around a bunch of govies (like I do) I wanted to let you know how big a step this is for the FDA. They’re taking a public stand about what they know and what they think are grey areas and I for one commend them for putting this document out.

The first 12 or so pages are preambles, definitions, and other important but not particularly fun reading. The real meat starts on page 13 with the “Mobile medical apps for which FDA will apply regulatory oversight” section and is probably a good place to start if you’re looking to skim the guidance.

The following examples represent mobile apps FDA considers mobile medical apps and that will be subject to its regulatory oversight (this is exact language from the guidance document):

  • Mobile apps that are an extension of one or more medical device(s) by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing, or transmitting patient-specific medical device data.
  • Mobile apps that transform the mobile platform into a medical device by using
    attachments, display screens, or sensors or by including functionalities similar to those of currently regulated medical devices.
  • Mobile apps that allow the user to input patient-specific information and – using formulae or processing algorithms – output a patient-specific result, diagnosis, or treatment recommendation to be used in clinical practice or to assist in making clinical decisions.

Keep in mind that while the guidance says “mobile apps,” that term  is defined as the following (page 7):

For purposes of this guidance, a mobile application or “mobile app” is defined as a software application that can be executed (run) on a mobile platform, or a web-based software application that is tailored to a mobile platform but is executed on a server.

Using the above definition, they might as well have called it “any modern app” instead of “mobile app”.

Pages 14 and 15 go into some pretty good and easy to understand clarifications of the rules and are well worth reading.

One of my favorite parts of the document (yes, I had several favorite parts, don’t judge me) is the “Scope” section starting on page 10 which defines what the FDA does not consider to be mobile medical apps for the purposes of the guidance (text pasted directly from guidance):

  • Mobile apps that are electronic “copies” of medical textbooks, teaching aids or reference materials, or are solely used to provide clinicians with training or reinforce training  previously received are exempt.
  • Mobile apps that are solely used to log, record, track, evaluate, or make decisions or suggestions related to developing or maintaining general health and wellness.  Such  decisions, suggestions, or recommendations are not intended for curing, treating, seeking  treatment for mitigating, or diagnosing a specific disease, disorder, patient state, or any  specific, identifiable health condition are exempt.
  • Mobile apps that only automate general office operations with functionalities that include billing, inventory, appointments, or insurance transactions are exempt.
  • Mobile apps that are generic aids that assist users but are not commercially marketed for a specific medical indication are exempt.
  • Mobile apps that perform the functionality of an electronic health record system or personal health record system are exempt.

The last bullet above is what keeps them out of the ONC’s domain (and Meaningful Use). However, one interesting sentence in the document (page 10) specifically says:

This guidance does not specifically address wireless safety considerations, classification and submission requirements related to clinical decision support software, or the application of quality systems to software. The FDA intends to address these topics through separate guidance(s).

The emphasis on clinical decision support (CDS) software above is mine, not the FDA’s. But, what I found interesting is that they set the stage for more guidance on CDS . Given that CDS is a major element of ONC’s Meaningful Use Phase 2 and beyond and that the FDA telegraphed that EHRs and PHRs are not going to be regulated it will be interested to see how they resolve the conflict between EHRs and CDSs. It will also be interesting to see if ONC is willing to let the FDA lead in the CDS area.

Fun times are ahead. Have you read the document? What do you think about the new guidance?

P.S. I’m speaking on Open Source in Medical Devices at OSCon next week. If you’re in the Portland area and would like to get together, let me know.

Newsletter Sign Up

14 thoughts on “FDA’s new draft guidance on mobile apps and what it means to health IT vendors

  1. what about EHR or PHR that are also MDDS?  It is a bit of a conflict when the FDA states that if you connect to a medical device you are a medical device and at the same time exempt EHR which connect to a multitude of medical devices?

    1. Great point, Jeff. Pretty soon the folks at ONC and FDA will need to talk and rectify that situation. The good news is that this documentation is “just” guidance and not really regulation so there’s plenty of room for interpretation, debate, and push-back.

      1. Yes,  It is causing a lot of confusion in the Market.  Many are playing the wait and see with HealthVault and this is not helping.  I have many customers that would like to connect our mHealth to HealthVault and we have it working in beta but I am concerned about releasing and then having to pull the app.   Bad for inovation and bad for health.

        I like what the FDA has published, but it has many far reaching implication and concerns.  

        1. Understood — but, one approach is to try and build your software with appropriate risk analysis, requirements management, testability, and documentation you’ll be fine. I know that seems like a lot of work but really the FDA wants to know that you have high-quality software in a safety-critical environment and if you prove that you’ll usually be OK. 

    2. Agreed. We’ve been seeing more and more EHRs and HIS systems connecting to mobile devices and vice versa. As the lines blur between mobile EHRs and other kinds of mobile health software that interact with mobile devices, it will be important to figure this out, even at the FDA guidance level.  

      The same can be said, as Shahid pointed out, about the distinction between EHRs and CDSSs, especially in a year or two from now when basically all EHRs will have Clinical Decision Support for meaningful use.

  2. Great summary on the new draft guidance. Clinical decision support systems are clearly in the FDA’s cross hairs, and are a great example of a “software only” medical device. 

    In a recent blog post, New National Research Council Report on Home Health Technology (http://medicalconnectivity.com/2011/07/19/new-national-research-council-report-on-home-health-technology/) I discuss the ONC and FDA’s impending conflict over who will regulate EMRs. I think the short answer is they both will – each according to their own sphere of interest. 

    1. Thanks, Tim. I read that posting you referenced with great interest — the chance for infighting between ONC, FDA, and other regulatory bodies is increasing over time and I think the FDA is likely to win on CDSs but ONC keeps the rest.

  3. mobile_pahma_dev


    Can’t parse how this effects mobile website development for branded pharmaceuticals. Still looking for clearer guidance regarding ISI, Privacy and Legal. Any ideas?

    1. Great question. I believe the FDA is still working on that guidance, which I believe is being bundled as social media guidance for pharma. If you have some specific questions send those along and I’ll blog separately about that.

  4. That is really good news. I never know that there is such application before. It is really great and useful for medical need. It is the advanced of our technology nowadays.

Add Comment