Today FDA issued a final guidance document describing its policy on regulating mobile medical applications, an issue in which there has been a great deal of interest from Congress, industry, and the public (see, e.g., here and here).
As a preliminary matter, you might be wondering why FDA would regulate technology on your smartphone or tablet. The answer lies in the statutory definition of a medical device. Section 201(h) of the Federal Food, Drug, and Cosmetic Act (21 U.S.C. § 321(h)) defines a device as “an instrument, apparatus, implement, machine, contrivance . . . or other similar or related article, including any component, part, or accessory . . . ” that is intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or function of the body. Because of this broad definition, many commonly used mobile apps, for example certain calorie counters, fall within the definition of a medical device, and thus within FDA’s purview.
Although FDA’s legal authority over mobile medical apps is clear, the perceived tension between FDA regulation and innovation, and a lack of clarity about which apps are subject to FDA regulation, have sparked concerns. With the guidance issued today, FDA tries to address these concerns in two primary ways.
First, the guidance explains that, while a broad spectrum of mobile medical apps may meet the definition of a device, FDA will focus on regulating the subset of apps that pose the greatest risks to patients: (1) apps that are used as accessories to already-regulated medical devices, e.g., an app that alters the function or settings of an infusion pump, and; (2) apps that transform a mobile platform into an already-regulated medical device, e.g., an app that uses an attachment to a smartphone to measure blood glucose levels. For all other kinds of mobile medical apps that may meet the definition of a medical device, such as fitness trackers or apps that provide patients with reminders to take medications, FDA intends to exercise its enforcement discretion. In other words, although such mobile medical apps are technically required to comply with the laws and regulations governing medical devices, FDA does not intend to enforce those law and regulations—therefore these lower-risk products, de facto, will not be regulated by FDA.
Second, this guidance attempts to provide more certainty about precisely which apps are the focus of FDA’s oversight. In 2011, FDA issued a draft guidance outlining the policy described in the previous paragraph, and that guidance was criticized for not making clear which apps would and would not be the subject of FDA’s focus. The guidance issued today attempts to provide more clarity by, for instance, providing specific examples of the kinds of mobile medical apps for which FDA intends to exercise enforcement discretion, and the kinds of apps that are the focus of FDA’s oversight (see Appendices B and C of the guidance).
It seems to me that the final guidance issued today achieves the goals of more clearly communicating FDA’s policies, and providing a sensible approach for regulating these new, rapidly-evolving, and already-numerous products. While having spent the last 4 years as an attorney in FDA’s Office of Chief Counsel may bias me to view the agency in a positive light, so far, others – at least in industry – seem to agree that the final guidance outlines reasonable policies and provides clarity (see, e.g., here, here, and here). That said, today’s guidance may not be the last word on FDA’s thinking about the regulation of mobile medical apps. In January 2014, FDA, in consultation with the National Coordinator for Health Information Technology and the Federal Communications Commission, is due to produce a Congressionally-required report on the regulation of health information technology, including mobile medical apps. Stay tuned…