Navigating the FDA: Medical Device or Mobile Application?

The Healthcare Industry is finding new opportunities for improving the quality of ongoing care by offering services through mobile health applications. With the Health Information Technology for Economic and Clinical Health (HITECH) Act’s maturity set to early 2018, the industry wide adopt electronic patient health records and integration of digital systems will allow for more sophisticated mobile application functionality and services.

Growing interest in mobile applications has prompted HIPAA and the U.S. Food and Drug Administration (FDA) to seek more quality assurance controls[1]. The FDA provides a comprehensive framework that mobile application developers must navigate through prior to market. This framework is reflective of the changes in the mobile market as the line between mobile device and mobile application begin to blur from the growth in application sophistication.

Tremendous Mobile Application Market Growth

The market for mobile health applications has been experiencing tremendous growth in recent years. Studies conducted by Research 2 Guidance predict revenue generated by mobile health applications will reach $26 Billion by 2017[2]. A recent Pew Internet surveys also found that 52% of smartphone users access health information on their phones with 19% of users having at least one mobile health application on their phone[3].

Many of these apps are extending beyond user-input functions, such as pedometers and calorie counters and into increasingly sensitive tasks like diagnosing illnesses, mitigating diseases, or preventative treatment. Performing these tasks requires secure connections between ever-evolving devices and electronic protected health information (ePHI), as well as confidential communication between the patient and healthcare provider.

For most healthcare providers, before a mobile application is given access to ePHI, they must meet the security standards of the FDA.

Must Know FDA Classes and Definitions

The FDA sets and enforces regulations for drugs, vaccines, and medical devices. Depending on the functionality of the mobile application, the FDA may define the app as a medical device and require stringent regulation on performance, security, and information integrity. The administration uses three classes to help define the intentions of the mobile application before it can go to market[4]:

1. Class 1: Devices that present a relatively low risk of illness or injury if they fail. These devices will only require general controls, such as reporting and device tracking, as well as registration with the FDA before it can go to market.

2. Class 2: Devices whose functions will require more than general controls to assure safety and effectiveness. These devices must comply with general controls and special controls like special labeling requirements, mandatory performance standards, and post-market surveillance.

3. Class 3: Devices whose functions will require more than general and special controls to assure safety and effectiveness. Depending on the functions of the application, it may require patient registries, formal reviews, and design requirements.

Passing The Premarket Approval Process

Class 2 and 3 devices are subject to Premarket Approval Process (PMA) before they can reach the market. PMA’s consider the consequences of device or application failure, such as the degree of injury or the possibility of death[5]. If the application is intended to be used in combination with other regulated tasks like drug recommendations or diagnostic information, the FDA will inspect the application and its performance on mobile devices to assign additional quality controls.

Best Approach to Mobile Application Development

The market for mobile applications is open to innovative new processes and device versioning. As devices continue to grow more powerful, mobile applications become more sophisticated to utilize the functional potential of their host device.

Developing mobile applications should be a steady process that is flexible to the challenges and opportunities of market. New functionality and opportunities may change the nature of the application, prompting the FDA to further review. This is why it is recommended that development be continuous and responsive to changes in the market and federal regulation standards.

Device versioning may introduce its own challenges, creating outdated APIs or new hosting requirements that may lead to performance issues. The 3rd stage of the HITECH Act, and other regulations still in development, creates an environment where mobile applications need to prepare for the technical and security challenges that come with utilizing ePHI and the changing market.

Developing mobile applications for health and healthcare requires its own unique set of skills and regulatory training. Tiempo Development develops custom mobile application solutions with over 10 years of experience. Tiempo Development is also a proud partner of Xamarin, a robust cross-platforming tool that develops applications for a variety of operating systems in half the time at a greater value. To learn more about Tiempo Development’s mobile application development and maintenance services, check out our case studies.

[1] Marianne M. “Analysis: HITECH Stage 3 Security Rules”. Information Security Media Group.

[2] Ralf J. “The market for mHealth app services will reach $26 billion by 2017”. Research 2 Guidance.

[3] Susannah F. and Maeve D. “Mobile Health 2012”. Pew Research Center.

[4] “Guidance for Industry and Food and Drug Administration Staff”. U.S. Department of Food and Drug Administration.…/UCM263366.pdf

[5] Ibid.