The Food and Drug Administration (FDA) released a new Draft Guidance June 20, 2014, that would make significant changes to the way mobile medical devices are regulated, despite only being claimed by the FDA in September 2013. In that original Guidance, the FDA defined a new industry that it intended to regulate: the creators and providers of mobile medical apps. Such apps originally included many different kinds of apps, from blood glucose monitors to apps that displayed MRI or ECG visual data.
This broad scope, however, seemed to encompass some apps that did not seem to fall under the FDA’s “risk-based” regime. That is, it included those apps that were not used in the active diagnosis, treatment and cure of diseases. With the Guidance released last week, this distinction has been clarified.
The original Guidance provided for two broad categories of mobile medical apps: Those that would be regulated because of the risk they presented to patients when used to diagnose, treat or cure a disease; and those apps that had no risk or relatively low risk to patients and which the FDA had elected to “exercise enforcement discretion” and decline to regulate. Seemingly included in both groups were apps that could display stored data on healthcare providers’ servers for the patient’s or their doctor’s use. In clarifying what apps fell on which side of this line, the FDA has proposed the following changes (new language in bold, deleted language struck through):
- The FDA proposes to change the first section of its examples of regulated mobile medical apps to clarify that the apps in question are only regulated if they are “for use in active patient monitoring or analyzing medical device data:”
Mobile apps that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing, or transmitting patient-specific medical device data for use in active patient monitoring or analyzing medical device data.
- The FDA proposes to change a later section to clarify that Medical Device Data Systems (those computer systems whose functionality is limited to data storage, as opposed to creation or active use) are not included in the regulation of Mobile Medical Devices. Again, the effect is to emphasize the active use of this data to treat, cure or diagnose diseases, as opposed to simple records access:
Examples of displays of patient-specific medical device data include: remote display of data from bedside monitors, display of previously stored EEG waveforms, and display of medical images directly from a Picture Archiving and Communication System (PACS) server, or similar display functions that meet the definition of an MDDS. Mobile medical apps that display medical device data to perform active patient monitoring are subject to regulations associated with such devices.
- The FDA proposes to delete the following section completely from the Guidance. The effect is similar to the first two edits proposed in that it exemplifies the FDA’s desire to avoid the regulation of major IT systems in heathcare corporations, as opposed to the smartphone and tablet apps it intends to target:
Examples of mobile apps that display, store, or transfer medical device data in its original format include: apps that are intended to display or store medical device data, without controlling or altering the functions or parameters of any connected medical device constitute a Medical Device Data System (MDDS) (21 CFR § 880.6310) and are subject to class I requirements (general controls). Class I are the lowest risk devices with the fewest requirements and generally no premarket submission. Class I general controls include these basics: adequate design controls, registration, device listing, adverse event reporting, and corrections and removals. The FDA believes that requiring general controls sufficiently manages the risks for mobile medical apps that are used as a secondary display to a regulated medical device and are not intended to provide primary diagnosis or treatment decisions (i.e., mobile medical apps that meet the MDDS definition).
- The second section of the original Guidance describes those applications that the FDA intends to exercise enforcement discretion and not regulate. The FDA proposes several changes to this section to clarify which apps will not be regulated. First, footnote 28 would be edited:
New Footnote 28:
We consider these mobile apps to be tools which are not intended to provide specific treatment recommendations and/or are NOT subject to limitations of exemptions referred in 21 CFR § 880.9(c)(4) — For assessing the risk of cardiovascular diseases; or in 21 CFR § 880.9(c)(5) — For use in diabetes management.
- Next, a new example would be added to those examples of non-regulated apps as follows:
Mobile apps that meet the definition of Medical Device Data Systems – These are apps that are intended to transfer, store, convert format, and display medical device data, without controlling or altering the functions or parameters of any connected medical device, as defined in the MDDS classification regulation (21 CFR § 880.6310). These mobile apps include those that are used as a secondary display to a regulated medical device and are not intended to provide primary diagnosis, treatment decisions, or to be used in connection with active patient monitoring (i.e., mobile apps that meet the MDDS definition).
- Finally, the FDA would add the following examples to the Appendices to the Guidance:
• Mobile apps that transfer, store, convert formats, and display medical device
data without modifying the data and do not control or alter the functions or
parameters of any connected medical device (i.e., mobile apps that meet the
definition of MDDS under 21 CFR § 880.6310).
• Mobile apps that connect to a nursing central station and display medical
device data to a physician’s mobile platform for review (i.e., a medical device
data system or MDDS). Product code: OUG (21 CFR § 880.6310).
Delete: Mobile apps that connect to a nursing central station and display medical
device data to a physician’s mobile platform for review. (i.e., a medical device
data system or MDDS). Product code: OUG (21 CFR § 880.6310).
• Remove the row for regulation 880.6310 from the Table.
The cumulative effect of these changes would be to focus the regulation of MMAs (Mobile Medical Apps) away from MDDS (Medical Device Data Systems), MISDs (Medical Image Storage Devices) and MICDs (Medical Image Communications Devices) which are each separately and differently regulated, and focus the regulation of MMAs on those devices and apps that are used in the active diagnosis, treatment and cure of a patient’s disease or condition.