The start-up segment of our healthcare regulatory practice is focused on companies bringing digital health tools to market. As part of the efforts of the U.S. Food and Drug Administration (“FDA” or the “agency”) to clarify its regulatory stance on digital health tools, the agency released a revised guidance in 2019 entitled, Policy for Device Software Functions and Mobile Medical Applications - Guidance for Industry and Food and Drug Administration Staff (the “Guidance”).1 Not a regulation resulting from formal rulemaking, the Guidance (in the FDA’s own words) does “not establish legally enforceable responsibilities” and “should be viewed only as recommendations.”2 Even so, it is a valuable communication to inform us of the agency’s regulatory approach to mobile applications.
Using the Guidance
In the Guidance, the FDA has broadened the scope of regulatory oversight by expanding the meaning of software applications to include mobile applications.3 Specifically, the agency intends to apply its regulatory oversight to software applications that are intended for mobile or general-purpose computing platforms.4 For example, the FDA considers a mobile application to be a medical mobile application if it incorporates device software functionality that meets the definition of device in section 201(h) of the Food, Drug, and Cosmetic Act (“FD&C Act”) and is intended either:
- To be used as an accessory to a regulated medical device; or
- To transform a mobile platform into a regulated medical device.5
Consistent with the FDA’s existing approach to digital health regulations, what matters to the agency are those “software functions that are medical devices and whose functionality could pose a risk to a patient’s safety if the device were to not function as intended.”6 Clearly, the public policy goals of patient safety and consumer protection are a driver of their efforts in this area.
Next, the FDA structured the Guidance so as to divide software application functionalities into the following three levels of regulatory scrutiny: (i) subject of regulatory focus; (ii) subject to enforcement discretion; and (iii) not to be regulated by the agency. We have assisted clients with the assessment of where their product is likely to fall within this categorization.
More formally, the agency regulates medical devices according to the standard risk-based classification hierarchy, i.e., from Class I (least risk) to Class III (highest risk).7 Device software makers should consider whether an appropriate product classification exists when determining the level of likely regulation.8
The Guidance arrives at a time of accelerating momentum toward digital solutions in the healthcare industry. We are available to help start-ups and other market participants apply the Guidance to their own innovations.
1 U.S. Food and Drug Administration, Policy for Device Software Functions and Mobile Medical Applications Medical App - Guidance for Industry and Food and Drug Administration Staff 1-2 (Sept. 2019), https://www.fda.gov/media/80958/download.
2 Guidance at 2.
3 Id. at 4.
4 Id. at 1.
5 Id. at 4-5.
6 Id. at 2.
7 Classify Your Medical Device, FDA.GOV, https://www.fda.gov/medical-devices/overview-device-regulation/classify-your-medical-device (last visited Jan. 30, 2020).
8 How to Determine if Your Product is a Medical Device, FDA.GOV, https://www.fda.gov/medical-devices/classify-your-medical-device/how-determine-if-your-product-medical-device (last visited Jan. 30, 2020).
Raja Sékaran has practiced in the healthcare industry for twenty-five years. He represents healthcare delivery systems, health plans, hospitals, Federally Qualified Health Centers, dialysis centers, medical groups, medical ...
Ming Chuang counsels health plans and providers on regulatory compliance matters. He has experience with laws and regulations related to telehealth, health care information technology, patient care collaborations, and ...
Our Health Law Ticker is a one-stop resource for everything new and noteworthy in healthcare law. We cover recent developments in healthcare legislation, healthcare reform, Medicare/Medicaid, managed care, litigation, regulatory compliance, HIPAA, privacy, peer review, medical staffs and general business operations for healthcare companies and licensed healthcare professionals.