The Journal of mHealth Vol 1 Issue 5 (Oct 2014) | Page 36

The Evolving US mHealth Regulatory Landscape

The Evolving US mHealth
Regulatory Landscape
By Bradley Merrill Thompson, Kim Tyrrell-Knott and Matthew Driver
The explosion of mobile apps and digital health technologies has left regulators
struggling to provide timely and adequate
guidance to industry participants. In the
United States, some have proposed legislation to limit the FDA’s regulation of
health IT. At the same time, the FDA
has taken a number of steps that signal
an intention to take a risk-based, even
de-regulatory, approach to Healthcare.
In this, the second-part of our series of
articles written in collaboration with the
mHealth Regulatory Coalition we consider some of the major developments
to the mHealth regulatory landscape in
the USA, from the last year.
Final MMA Guidance
In the Final MMA Guidance, the FDA
divided apps into three categories, and
set out how they intend to regulate applications falling into each class:
1. Higher risk apps that involve medical device function will continue to be
regulated by the FDA. ‘Medical
device function’ involves apps that
are intended to be used for diagnosis, cure, mitigation, treatment or
prevention of disease or condition.
This would include, for example,
apps tha t analyse an EKG to identify
irregularities or perform a urinalysis
to evaluate hyperglycemia.
2. Apps that are used in the healthcare
setting but do not meet the definition
of a medical device. Applications in
this category will not be regulated by
the FDA.
3. Apps that may meet the definition
of medical device but are so low risk
that the FDA has decided to exercise
enforcement discretion. Enforcement discretion means the FDA will
not require companies that develop
these apps to comply with FDA regulations. The FDA does, however,
strongly recommend they follow the
FDA quality system requirements.
Apps in this category include those

34

October 2014

that trend and track health information, simple reminder tools that help
patients manage their health in their
day to day environment or allow
patients to document and communicate with the healthcare providers
about potential conditions. Enforcement discretion is not necessarily
permanent. It is subject to change if,
for example, there are adverse events
or safety issues with a particular app.
Overall, the Final MMA Guidance was
deregulatory in nature and reflected the
FDA’s intention to focus its regulatory
oversight on higher risk apps.
FDASIA Report
In July 2012, Congress directed the FDA
in collaboration with the Federal Communication Commission (FCC) and the
Office of the National Coordinator of
Health IT (ONC) (collectively referred
to as “Agencies”[1]) to develop a comprehensive and risk-based strategy for
the oversight of all health IT, including
mobile apps.
In April 2014, the Agencies released a
report proposing 3 categories of health
IT subject to the following levels of
oversight:
»» Administrative IT that will not be subject to regulation or oversight.
»» Health management health IT that will
be primarily overseen by ONC. This
oversight will include creating voluntary standards, certification and other
tools in partnership with the private
sector. It also includes establishing a
Health IT Safety Center. The report
made clear that the FDA will not
regulate products that fall within this
category even if they meet the medical device definition.
»» Medical device function will continue to
be subject to FDA regulation.
The report also discussed clinical decision support (CDS) software. It proposed that most CDS would fall within
the middle category. However, higher

risk CDS (e.g. computer aided diagnostic or radiation treatment planning
software) would be subject to continued regulation by FDA. The question
of if and how the FDA should regulate
CDS depends on a range of factors,
including issues of risk and whether the
user is substantially dependent on the
software or output. The regulation of
CDS requires additional discussion and
a more detailed framework addressing
the unique characteristics of CDS. The
Agencies specifically requested feedback
on the regulation of CDS software and
FDA is expected to release draft guidance on CDS in the near future.
Many commented, including the
mHealth Regulatory Coalition (MRC),
that the definition of health management
health IT versus medical device needs to
be more clearly articulated. The framework also needs to take a more nuanced
approach to considering the risks in
determining whether a specific function
is regulated or not. Dividing all health IT
into 3 categories does not fully take into
account the complexity of many health
IT systems today.
It will be critical for the Agencies to
address these comments in the final
report and the CDS guidance.
MMDS Draft Guidance
In June 2014, the FDA released a draft
guidance proposing that medical device
data systems (MDDS), and medical image storage and communication
devices be subject to enforcement discretion. MDDS are those devices that
transmit, store, display and convert in
a limited manner medical device data.
FDA just created the MDDS classification in 2011. It is significant that FDA
is proposing to deregulate MDDS for 2
reasons. First, many mhealth apps are
considered MDDS today. Under the
draft guidance, those apps would now
be subject to enforcement discretion.
Second, the fact that the FDA is revisiting MDDS, after only 3 years, reflects
a progression in FDA’s approach to low