The Food and Drug Administration issued final guidelines for mobile health apps Monday, outlining the apps that the regulations will affect and the requirements those apps must meet to achieve FDA approval.
The FDA's tailored approach focuses on regulating apps that carry significant risks if they aren't operated correctly, such as apps intended to be used as an accessory to a regulated device or apps that transform a mobile platform into a regulated medical device.
For example, regulated apps are ones that allow a physician to make a diagnosis via smartphone or tablet, or apps that turn a smartphone into an electrocardiography machine to detect abnormal heart rhythms.
The guidelines come at a time of unprecedented growth in the mobile health app space, and a time when many developers are looking for regulatory guidance to make a successful product. President Obama signed legislation last July allowing the FDA to continue developing mobile health regulations. The guidelines were based on previous regulatory drafts.
The two categories of apps that won't be regulated are apps that aren't medical devices, and apps that might meet the definition of a medical device but pose a low risk to the public. Apps that will not be regulated include apps that:
-- help patients manage their disease or conditions without providing specific treatment;
-- provide patients with simple tools to organize and track their health information;
-- provide easy access to information related to patients' health conditions or treatments;
-- help patients document, show or communicate potential medical conditions to healthcare providers;
-- automate simple tasks for health care providers; or
-- enable patients or providers to interact with personal health record or electronic health record systems.
The regulatory criterion for whether an app qualifies as a "device" is intended use, as revealed by labeling claims, advertising materials or statements by manufacturers. The app is considered a "device" if its intention is to diagnose, treat or prevent disease, or affect the function of the body.
Apps that are an extension of medical devices, such as the remote display of data from bedside monitors or the display of medical images, are subject to regulation.
Class I, or low-risk, apps must include adequate design controls, registration, device listing, adverse event reporting, and corrections and removals. These apps are used as a secondary display to a regulated medical device and are not intended to provide primary diagnosis or treatment decisions. Class II requires more specific control and Class III requires pre-market approval.
The FDA has cleared about 100 medical apps over the past decade, with about 40 of those cleared in the past two years.
"Some mobile apps carry minimal risks to consumers or patients, but others can carry significant risks if they do not operate correctly," said Jeffrey Shuren, director of the FDA's Center for Devices and Radiological Health. "The FDA's tailored policy protects patients while encouraging innovation."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.