Healthcare // Policy & Regulation
Commentary
7/23/2014
09:06 AM
Stephanie Kreml
Stephanie Kreml
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

FDA Mobile Apps Loophole Hazardous For Healthcare

The FDA's reluctance to overregulate medical apps opens a pitfall for healthcare organizations that innovate too far ahead of the curve.

Healthcare IT Cloud Safety: 5 Basics
Healthcare IT Cloud Safety: 5 Basics
(Click image for larger view and slideshow.)

The FDA's recent guidance on mobile medical apps creates a gray area in which the agency will not automatically require approval for all new mobile medical apps, but may exercise "enforcement discretion," depending on how the app functions, the risks it introduces to patients/consumers, and its intended use.

In a previous post, I discussed the some of the regulatory issues with mobile medical apps and the FDA's new approach toward them, illustrating an uncertainty the agency has about placing all new medical software innovations under the regulatory umbrella. Some interesting scenarios came up during an FDA-focused event earlier this year, which I've discussed with Ken Block, head of Ken Block Consulting. Block has written extensively on the FDA's history of evaluating software and firmware innovations.

Just as the FDA was issuing its mobile medical application guidance last fall, Block was helping a US-based healthcare system develop an app that would be used only by clinicians within that system. He became more intrigued when he inquired with the FDA as to whether or not his client would have to apply for a 510(k) clearance. The FDA said no, as long as the app was used within the system's own practice. But if the app were marketed outside that healthcare system, the FDA would have to clear it.

[Texting Dr. Watson. Read IBM-Apple Deal: Healthcare iOS Nirvana?]

The FDA's answer surprised Block. Traditionally, a doctor was free to do what he wanted with a device as long as he used it only on himself, Block said, and there is long-standing case law in which a medical device requires regulation if used under the auspices of conducting business, including practicing medicine. In that case, the device is considered to be in commercial distribution. But with the FDA's announced enforcement discretion, Block said, if a doctor creates an app on a mobile device that connects to an external set of sensors for use on his own patients, this app may not be regulated.

The FDA has issued 510(k) clearances for mobile medical apps, including viewing of medical images, mobile blood pressure monitors, and medical device data systems that attach to a consumer mobile device. But the FDA does not want (and does not have the resources) to handle the oversight of 100,000 apps currently in existence. Therefore, Block said, questions remain:

  • What would stop a healthcare practice, hospital, or other such system from developing an EKG monitoring system built on a smartphone platform for internal use without FDA oversight?
  • What are the risks in this case with no risk analysis, operating system compatibility testing, and so on?

Block said that it really comes down an issue of labeling and promotion. An entity can use any internally developed software as long as it's not promoted outside that entity.

From my point of view, the lack of clarity is a bit concerning, as the lines between consumer and medical products are blurring. There are clear financial incentives for ensuring a solid hardware design release before going into production compared to releasing a piece of software. In both the consumer and medical device sectors, the capital outlay needed for manufacturing changes to implement a hardware revision is not insignificant; good design practices include thorough verification testing before a design is locked down for production, regardless of any regulatory requirements.

Although verification testing is also part of good software development practices in the consumer world, the financial repercussions for not ensuring a solid software release are less severe, and in the wireless age, the logistics of issuing an interim update between major releases are less challenging. Consider the difference in the number of consumer product recalls (around 1,500) versus the number of FDA product recalls (around 8,000) versus the number of software updates on any mobile platform in a year (too countless to even measure -- as of last year, there are almost 12,000 distinct Android devices).

Too much is at stake for software used in a medical setting, compared with a consumer application. A revision released too quickly for an app that was not vetted thoroughly may cause the app to have poor performance or to crash. This may be acceptable if it's a game or social networking app that mainly results in user frustration with no dire consequences. But suppose this is an app falling in the enforcement discretion gray area that a clinician depends on to monitor a patient with a chronic illness?

As the medical device industry evolves to include more software-driven products on consumer platforms -- and as we see more developers from outside the medical sector create applications intended for medical use -- we will see situations arise where the FDA will be forced to be more proactive in closing this loophole. My recommendation to healthcare organizations seeking to develop such apps is to contact the FDA early in the development process to clarify any questions via the pre-submission program and to ensure that your software developers are using best-practices during development.

Has meeting regulatory requirements gone from high priority to the only priority for healthcare IT? Read Health IT Priorities: No Breathing Room, an InformationWeek Healthcare digital issue.

Stephanie Kreml, M.D., is a Principal at Popper and Company. In her current role, she develops and implements business strategy for start-up companies and new business units in existing companies; consults in areas of clinical need, commercialization, and technology ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RendrewWolfson
100%
0%
RendrewWolfson,
User Rank: Apprentice
7/31/2014 | 8:16:59 AM
Why Mobile Healthcare App Development Should be Taken Seriously?
There are certain types of mobile applications which are out of the purview of FDA guidelines. Let us have a look at which applications are not to be validated by the FDA guidelines - http://bit.ly/1cA2mPt
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
7/25/2014 | 5:34:56 PM
Re: Working without a net
Let's hope those hospitals don't innovate themselves right into the courtroom.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/25/2014 | 5:02:58 PM
Re: Working without a net
That's a great point, especially when you think how many healthcare orgs now develop apps internally because it's comparatively simple. If they decide to take this approach, it's critical to ensure they're not going to run afoul of the government's rules (and patient safety).
Stephanie Kreml
50%
50%
Stephanie Kreml,
User Rank: Apprentice
7/24/2014 | 11:15:31 AM
Re: Working without a net
Good point! This is quite timely, as some hospital systems are creating environments to foster innovation in this area.
Stephanie Kreml
50%
50%
Stephanie Kreml,
User Rank: Apprentice
7/24/2014 | 11:12:34 AM
Re: Further Clarification?
Good questions! I think the FDA is overwhelmed at this point with limited resources, so they probably won't put forth any more guidance at this time. As for EMRs, my understanding is that the FDA hasn't really been involved with regulating these as they mainly store data for clinicians to use, and any treatment decisions ultimately are done by the clinician. Where the FDA is involved is when software includes clinical decision support (CDS). There have been some issues with stand-alone CDS software, and the FDA is working on draft guidance for these situations.

I don't know if the FDA has any plans to aid patients who want to correct EMR errors, or if the FDA would be the agency to involved for this scenario. These are definitely interesting times, and the story will continue to unfold!
asksqn
50%
50%
asksqn,
User Rank: Ninja
7/23/2014 | 6:51:39 PM
FDA Regulation: Meh
Were I a physician, I wouldn't worry so much about FDA approval of medical mobile apps.  This is the same government agency, after all, that regurgitates exactly what Monsanto wants it to:  GMOs = good for you as is aspartame and fluoride.  And then cites the appropriate Monsanto-financed study as conclusive proof. Besides, with the right about of money/lobbyists, the FDA has proven that it can pretty much be bought off for any reason regardless of harm to the consumer.  
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
7/23/2014 | 10:58:37 AM
Re: Further Clarification?
I think that the FDA will have to do a better work in catching up with technology.  As you pointed out in your article,if some healthcare organizations can by pass the regulation, the impact of the app will have on a person's life could be a matter of life or death.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
7/23/2014 | 10:37:15 AM
Working without a net
What I take from this is that app developers within healthcare organizations need to watch their steps because without this oversight the burden of doing the right thing falls entirely on them. Second guessing in the form of lawsuits and government intervention will follow if they make the wrong moves.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/23/2014 | 9:30:39 AM
Further Clarification?
Do you expect the FDA will further clarify these rules any time soon, as more non-medical developers enter this market -- especially if they now target the specific area of non-patient-facing, medical professional, in-facility usage you describe in your interesting article? Since patients don't own their own medical records and, (as I'm discovering for an upcoming article on InformationWeek), have a lot of difficulty correcting EMR errors, how can patients ensure a software-created error doesn't become part of their permanent medical record, especially as FDA scrutiny of these types of apps apparently decreases?
Research: Healthcare IT Priorities
Research: Healthcare IT Priorities
Meeting regulatory requirements barely inched out managing digital patient data as the top priority for our 363 healthcare provider IT pros.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.