FDA’s new draft guidance on mobile apps and what it means to health IT vendors

The FDA released the (currently non-binding) “Draft Guidance for Industry and  Food and Drug Administration Staff on Mobile Medical Applications” earlier this week. I knew many of my clients and readers would be asking about the ramifications of this new guidance so I read the document as soon as it came out. In general I was impressed by the FDA’s balanced approach to patient safety and their desire not to stifle competition; overall I thought they were not looking to overreach their purview and I think they succeeded (except for the part on clinical decision support, discussed further below).

Unlike many regulations that come out of DC, this guidance document is quite readable by us mere mortals: it’s written in plain English  and not legal-speak so I recommend picking up a copy, setting aside 30 minutes, and going through it (if you’re on the beach, it’s great reading).

In case you’re not from DC (like me) and don’t spend your days around a bunch of govies (like I do) I wanted to let you know how big a step this is for the FDA. They’re taking a public stand about what they know and what they think are grey areas and I for one commend them for putting this document out.

The first 12 or so pages are preambles, definitions, and other important but not particularly fun reading. The real meat starts on page 13 with the “_Mobile medical apps for which FDA will apply regulatory oversight_” section and is probably a good place to start if you’re looking to skim the guidance.

The following examples represent mobile apps FDA considers mobile medical apps and that will be subject to its regulatory oversight (this is exact language from the guidance document):

  • Mobile apps that are an extension of one or more medical device(s) by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing, or transmitting patient-specific medical device data.
  • Mobile apps that transform the mobile platform into a medical device by using
    attachments, display screens, or sensors or by including functionalities similar to those of currently regulated medical devices.
  • Mobile apps that allow the user to input patient-specific information and – using formulae or processing algorithms – output a patient-specific result, diagnosis, or treatment recommendation to be used in clinical practice or to assist in making clinical decisions.

Keep in mind that while the guidance says “mobile apps,” that term  is defined as the following (page 7):

For purposes of this guidance, a mobile application or “mobile app” is defined as a software application that can be executed (run) on a mobile platform, or a web-based software application that is tailored to a mobile platform but is executed on a server.

Using the above definition, they might as well have called it “any modern app” instead of “mobile app”.

Pages 14 and 15 go into some pretty good and easy to understand clarifications of the rules and are well worth reading.

One of my favorite parts of the document (yes, I had several favorite parts, don’t judge me) is the “Scope” section starting on page 10 which defines what the FDA does not consider to be mobile medical apps for the purposes of the guidance (text pasted directly from guidance):

  • Mobile apps that are electronic “copies” of medical textbooks, teaching aids or reference materials, or are solely used to provide clinicians with training or reinforce training  previously received are exempt.
  • Mobile apps that are solely used to log, record, track, evaluate, or make decisions or suggestions related to developing or maintaining general health and wellness.  Such  decisions, suggestions, or recommendations are not intended for curing, treating, seeking  treatment for mitigating, or diagnosing a specific disease, disorder, patient state, or any  specific, identifiable health condition are exempt.
  • Mobile apps that only automate general office operations with functionalities that include billing, inventory, appointments, or insurance transactions are exempt.
  • Mobile apps that are generic aids that assist users but are not commercially marketed for a specific medical indication are exempt.
  • Mobile apps that perform the functionality of an electronic health record system or personal health record system are exempt.

The last bullet above is what keeps them out of the ONC’s domain (and Meaningful Use). However, one interesting sentence in the document (page 10) specifically says:

This guidance does not specifically address wireless safety considerations, classification and submission requirements related to clinical decision support software, or the application of quality systems to software. The FDA intends to address these topics through separate guidance(s).

The emphasis on clinical decision support (CDS) software above is mine, not the FDA’s. But, what I found interesting is that they set the stage for more guidance on CDS . Given that CDS is a major element of ONC’s Meaningful Use Phase 2 and beyond and that the FDA telegraphed that EHRs and PHRs are not going to be regulated it will be interested to see how they resolve the conflict between EHRs and CDSs. It will also be interesting to see if ONC is willing to let the FDA lead in the CDS area.

Fun times are ahead. Have you read the document? What do you think about the new guidance?

P.S. I’m speaking on Open Source in Medical Devices at OSCon next week. If you’re in the Portland area and would like to get together, let me know.


Shahid N. Shah

Shahid Shah is an internationally recognized enterprise software guru that specializes in digital health with an emphasis on e-health, EHR/EMR, big data, iOT, data interoperability, med device connectivity, and bioinformatics.