Mobile devices, including cell phones and tablets, have had a major impact on the practice of medicine, how patients interact with their doctors, receive or implement treatments, as well as how software developers view the medical industry as a potential source of revenue. In response to this, the FDA released an industry Guidance late last year that took some very specific steps:
- Defined Mobile Medical Apps as a mobile app that meets the definition of device in section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act); and either is intended;
- to be used as an accessory to a regulated medical device; or
- to transform a mobile platform into a regulated medical device based on the purpose of the app, based on the app’s labeling claims, marketing and advertising materials or oral or written statements by manufacturers or their representatives. (See 21 C.F.R. § 801.4.)
- Thus, the Guidance classified intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man, the mobile app is a device.
- Defined a subset of Mobile Medical Apps over which the FDA would exercise enforcement discretion (meaning not enforce) using a risk-based analysis of each application. Low-risk applications included those which simply track medical device or drug usage, provide generalized medical information (similar to WebMD or Wikipedia), provide daily advice or educational information, games to promote exercise, among others that are nonspecific or not designed to treat, diagnose or mitigate a disease or condition.
This Guidance announced that the FDA was going to be regulating an entirely new industry – software developers making mobile phone and tablet applications. Based in part on a rise in the number of applications making wild and impossible claims (by curing acne with your smartphone screen, for example), and the lack of clear applicability under existing medical device regulations, the new Guidance represented a new set of challenges for new and emerging companies and technologies.
Earlier this year, the FDA followed this Guidance with another entitled “Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices,” which in turn clarified the FDA’s regulatory oversight of Medical Device Data Systems. Through this Guidance, the FDA expressed its intention not to enforce compliance with the regulatory controls that would normally apply to other Class I medical devices including device registration and listing, premarket review, postmarket reporting and quality system regulation for manufacturers. The FDA defines an MDDS as:
- A medical device data system (MDDS) is a device that is intended to provide one or more of the following uses, without controlling or altering the functions or parameters of any connected medical devices:
- The electronic transfer of medical device data;
- The electronic storage of medical device data;
- The electronic conversion of medical device data from one format to another format in accordance with a preset specification; or
- The electronic display of medical device data.
- An MDDS may include software, electronic or electrical hardware such as a physical communications medium (including wireless hardware), modems, interfaces, and a communications protocol. This identification does not include devices intended to be used in connection with active patient monitoring.
(21 C.F.R. § 880.6310.) Importantly, the FDA was explicit in stating that MDDSs are not those applications or devices which are used in active patient monitoring (a patient telemetry station that displays information from a bedside hospital monitor to a nurses station in an ICU, for example).
However, with the release of this Guidance, some industry members were left wondering where the line was drawn between a MMA and an MDDS. As a result, the FDA has updated its original MMA guidance to take into account the new treatment of MDDSs.
In the newly updated Guidance, the FDA stresses, in particular, the purposes of the two platforms as well as the difference between the hardware on which they are run. In the case of an MMA, the software in question is run on a handheld device, such as a cell phone, tablet or similar device. MDDSs are generally run on desktop computers or, more likely, server platforms for the purpose of making their stored data more widely available. Furthermore, the FDA also emphasized the software’s stated intended use under 21 C.F.R. § 801.4. Because MDDS applications are used simply to store and distribute information, without transforming it, applying it, or deriving recommendations from it, an MDDS does not transform the hardware upon which it runs into a medical device.
However, those MMAs which the FDA has decided to regulate are those that are used in “the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man.” Such a function would be entirely inapposite to the definition of an MDDS found in 21 C.F.R. § 880.6310. MMAs can also be used for active monitoring of patients, and often provide data that must be acted upon quickly, a use strictly forbidden in the definition of an MDDS.
This distinction is vital for the industry to understand, since the difference between an MDDS and a regulated MMA under the FDA regulatory requirements is that of extensive, specific compliance requirements. In the case of an MDDS, the manufacturer would likely only need to register with the FDA, while the manufacturer of a regulated MMA would need to comply with significant requirements above and beyond an establishment registration, including device registration, listing, premarket notification (a “510(k)”) or even premarket approval and testing.
Diane Romza-Kutz is a partner in Thompson Coburn's Health Law Practice Group.