Does Your Mobile Medical App Need FDA Approval?

Developing mobile medical applications doesn’t require you to be a major manufacturer of medical devices. Mobile apps and innovations by healthcare providers, insurance companies and individual physicians, make healthcare news on a regular basis – even Amazon.com is in on it. In the United States, all medical applications fall under the jurisdiction of the US Food and Drug Administration (FDA). The purpose of this article is to help you determine whether your medical app will require FDA approval. Failing that, you will save a lot of time finding the specific regulations and resources to cover some wide-ranging grey areas.

What does the FDA have to do with mobile apps? Quite a lot when it comes to mobile medical application approval, specifically.

The FDA’s mission is to protect public health by assuring the safety, effectiveness, and security of the national food supply, drugs, biological products, cosmetics, and medical devices.

So, before going deeper into the need for FDA approval of medical applications, it’s worthwhile to take a look at some numbers.

Healthcare and Mobile Medical App Statistics

A major analysis of medical and healthcare related apps on Google Play and the App Store was conducted in June 2015 by the Institute for Healthcare Informatics (IMS). Their study found 165,000 mHealth apps. This number grew to about 325,000 by May of 2018 – almost double. The same 1% proportion of mHealth apps relative to total apps remained more or less consistent.

We can apply IMI’s original data on how those mHealth apps are divided across different categories. Their data starts by showing that roughly 76% of these apps relate to fitness, lifestyle, diet and other non-specific categories. Let’s call these types of apps mHealth-lite. The rest (about 80,000) are closer to the definition of medical applications, fitting into four major categories:

• Apps for specific diseases: ~ 35%
• Apps for female healthcare and pregnancy: ~ 30%
• Medication reminders and information: ~ 25%
• Apps for insurance and healthcare providers: ~10%

A fifth type of mHealth app covers the range of non-commercial apps and apps for specific medical devices. No easily obtainable statistics exist for this category.

The mHealth Market

Medical apps represent only ~1% of the overall mobile app market. Remember, the US healthcare market alone amounts to over $3 trillion annually.  In 2017, the mHealth market was worth $23 billion, with expectations for a compounded annual growth rate of 35% through 2020 . In contrast, games represent over 40% of the apps submitted to Google Play, but account for just a $110 billion global market.

Given the greater technical resources, requirements, and standards associated with developing medical applications, the disparity in raw numbers comes as no surprise. First, there’s the question of whether an application requires FDA approval. Secondly, virtually everything in the healthcare industry must meet Health Insurance Portability and Accountability (HIPAA) requirements, too.

Does my mobile medical app require FDA approval?

Just because you have an application intended for use within the overall healthcare market, does not determine whether it’s a medical application.

So, how do you determine this?

The best place to start is with the FDA’s guidance, issued in February 2015. “Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff Document,” is a 45 page PDF that covers a lot of ground. We will be referring to it frequently, but we think there’s one question that you can use to point yourself in the right direction:

Will your application be used on its own or with another device to monitor, analyze, diagnose, treat patients, or make use of patient-specific data involving any form of medical condition?

Yes, that’s quite a mouthful. Even so, you should be able to answer with a yes, no, or maybe. That’s 90% likely to be your answer on whether you’ll need FDA approval for your mobile product. But, let’s dive a bit deeper to make sure – and to take a look at what happens if you answered, “maybe.”

Applications Requiring FDA Approval

Put simply, if that question used any of the words you would use to describe your app, then odds (90+%) are, yes – it will need FDA clearance. Refer to the aforementioned PDF, Appendix C.

1. Your app monitors or analyzes patient data or patient-specific medical device data. Example: an app that electronically amplifies and projects sounds associated with the heart, like an electronic stethoscope.
2. The app connects to and/or controls the operation, function or energy source of a medical device (or implant). Example: an app used to calibrate hearing aids.
3. It turns a mobile platform into a regulated medical device that a licensed practitioner could use to diagnose or treat a medical condition. Example: An app intended to display images for use in diagnostic reviews.

What Doesn’t Need FDA Approval?

Will your applications be used for administrative functions, educational and training purposes, or generic aids?  Then no, you most likely (90+%) will not need FDA approval. Refer to Appendix A.

1. Provides access to electronic files of medical textbooks and reference materials.
2. Serves as educational tools for purposes of medical training.
3. Will be used by patients for educational purposes or to provide access to reference materials.
4. Automates general office functions.
5. Provides generic aids or general purpose products.

But, even if those don’t require mobile medical application approval by the FDA, they still need to protect any data stipulated by HIPAA regulations.

The Gray Area – FDA Enforcement Discretion

Call this the “maybe” category: applications with overlapping functionality that “may” fit the definition of being a medical device. A direct quote from Appendix B of the FDA guidance document describes this best:

This Appendix provides examples of mobile apps that MAY meet the definition of a medical device but for which FDA intends to exercise enforcement discretion. These mobile apps may be intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. Even though these mobile apps MAY meet the definition of medical device, FDA intends to exercise enforcement discretion for these mobile apps because they pose lower risk to the public.

Basically, the FDA may choose to regulate apps according to the degree of risk they pose to the public. Thus, enforcement discretion enables the FDA to decide if and how to punish cases that have infringed on medical device laws.

Examples of applications drawn from Appendix B include but are not limited to apps that:

• Use a checklist of common signs and symptoms to provide a list of possible medical conditions and advice on when to consult a healthcare provider;
• Enable a patient or caregiver to create and send general emergency notifications to first responders;
• Keep track of medications and provide user-configured reminders for improved medication adherence;
• Transfer, store, convert formats, and display medical device data without modifying the data and do not control or alter the functions or parameters of any connected medical device.

Mobile Medical App Development Considerations

Enforcement Discretion sounds nebulous at face value. The key issue is the potential risk to the public. Regardless of whether your app needs FDA approval, it will need to meet HIPAA regulations for securing patient data. Taken together, we can easily see why there are far fewer developers in the medical application space. Medical application development must meet a much higher standard than expected of nearly any other kind of application.

Many apps serve multiple functions. If you are in the earliest stages of developing your idea for an app, consider starting with a Minimum Viable Product (MVP). Consequently, focus on supporting the one feature why your end-users would recommend your app over others. You don’t want to get drawn into supporting expensive and complicated features where HIPAA or the FDA may add yet more complexity.

Recommendations for Medical App Developers

Make sure your app meets HIPAA requirements by doubling down on data security with data encryption. This will help you avoid fines, lawsuits and costly post-release fixes. Avoid adding non-essential features and functions adding unnecessary complexity to your app.

There’s another point truer to the FDA mission:- form a realistic and precise description of your medical app. Avoid indicating that your app will save lives or cure a disease unless you possess ample medical data backed by trials and professional medical evaluations. There’s a high standard of evidence required to support claims like that. On the other hand, an app that assists in the process of monitoring, treating or diagnosing medical conditions inherently sounds more realistic and is far easier to prove.

Explore the Federal Laboratories Consortium

One final recommendation is good for big and small developers alike. Check out the Federal Laboratories Consortium. Almost everyone raises an eyebrow when I make this suggestion, as in “Who in Hell is that and how could they possibly help me?”

Glad you asked! I’ll let the FLC answer that in their own words:

I would summarize it by saying that the Next Big Thing likely already exists and is waiting for the right business to find it. The United States Government is the world’s #1 investor in Research and Development, and the 300+ Labs of the FLC are a vanguard of both the R&D and Technology Transfer efforts. The FLC can be accessed through their main site and their one-stop shop for businesses.

The FLC can help you get access to:

• Nearly 70 world-class medical institutions like the National Naval Medical Center, Air Force Medical Center, National Institute of General Medical Sciences, the FAA’s Civil Aerospace Medical Institute, Murtha Cancer Center and many more.
• Scientists, Doctors and Engineers who are at the top of their field in just about everything.
• State of the art equipment to test just about anything.
• Patent licenses that can radically accelerate your time to market with new technologies and their variations.
• Networking assistance to help you partner with sponsors, manufacturers, suppliers, investors and other potential stakeholders.

Some will say that you have to be a big company to work with the government at any meaningful level. Others will say that this area is a niche market that is very difficult to get into. Those are increasingly outdated modes of thinking. While I won’t say that going through the FLC process for anything is “simple” — it’s only about 10,000 times easier than it’s ever been, they even provide you with step-by-step instructions for any area of interest you may have.

Consider it a shopping mall for the technologies of tomorrow – and 25% of them are dedicated to health and medicine.

Mobile Medical Apps – Regulations and Resources

Having trouble finding specific FDA guidance relating to Mobile Medical Applications? Start with The FTC’s Mobile Health Apps Interactive Tool. Answer their 10 questions and the tool will point you to relevant federal laws and resources relevant to your mobile health app.  Other important regulations and resource are listed below and we’ll update as new ones are found:

• FDA Overview of Mobile Medical Applications – The FDA’s main website.
• FDA Guidance on its Regulation of Mobile Medical Applications (PDF) – Primary document referenced in this article.
• FTC Best Practices for Mobile Health App Data Security – Also useful as it gives you access to the Start with Security: A Guide for Business 20 page PDF.

• Health Insurance Portability and Accountability Act (HIPAA) – Covers broader medical data privacy and data security requirements.
• Federal Trade Commission Act (PDF) – “Prohibits deceptive or unfair acts or practices in or affecting commerce, including those relating to privacy and data security, and those involving false or misleading claims about apps’ safety or performance.”
• FTC’s Health Breach Notification Rule – Reporting requirements following breaches of personal health records and information.

Are you looking for a developer? Obviously, you will want to work with one having considerable experience producing medical applications.  Medical applications from our own portfolio include:

• MyBreath by Breath  Research – a finalist at the UN Solve Conference.
• VisiMobile Patient Monitoring System by Sotera Wireless:

Disclaimer: The information contained in this article is for general guidance only. Laws vary widely based on the specific facts. Laws, rules, and regulations also change, so there may be inaccuracies in this post. This article is presented with the understanding that Reinvently and its authors are not engaged in rendering legal advice. This article should not be used or construed as a substitute for advice from a legal professional.