Leveraging Your NSF Certification: Now that you've received NSF Certification ... why not leverage the Mark to your advantage.
By Brady D. Skinner, Research Associate, Becker & Associates Consulting, part of NSF International’s Health Sciences Division
Software-based products with a therapeutic or diagnostic intended use have been under regulation as medical devices by the U.S. Food & Drug Administration (FDA) for the past 23 years, insofar as they meet the definition of a device contained in section 201(h) of the Food, Drug and Cosmetic Act (“the Act”). However, recent technological advances have caused the functionality, capability and prevalence of these software-based devices to increase exponentially. No development has made this trend more evident than the arrival of mobile applications – anywhere from 300 to 2,000 new apps are released every day across various mobile platforms. It is often unclear which of these apps would or should qualify as an FDA-regulated medical device Does an interactive game to help manage weight for patients with diabetes qualify, for example? Currently, the FDA simply does not have the resources to evaluate all new apps.
Mobile medical applications have experienced accelerating demand by offering new and innovative ways for mobile technology to improve patient health and the quality and ease of access to healthcare. It is estimated that mobile medical applications are on over 50 percent of U.S. smartphones, according to a recent Pew Research Center report, with over 40,000 apps currently available. Recent analysis by marketing firm GlobalData estimated the U.S. mobile health market was worth $660 million in 2011, an amount that is expected to experience double-digit growth through 2016. Consumers use mobile medical apps to manage their health and wellness, while healthcare professionals use them as a diagnostic tool or to make medical decisions remotely. Mobile medical apps range in complexity from simple non-invasive caloric intake monitors to mobile X-ray viewing platforms to diabetes management applications.
The FDA has historically regulated medical software through a limited set of regulations and guidance documents. However, as a result of the recent trend in mobile medical technology, the FDA has made it a strategic priority to develop new guidance to accommodate the rapid shift in the software environment. At the same time, the FDA is under significant pressure from industry, patients, the medical community and Congress not to inhibit the rate of innovation in this new sector. The FDA nonetheless has the responsibility to oversee the safety and effectiveness of the small subset of mobile medical apps that present a potential risk to patients should they not work as intended. The FDA is currently attempting to balance these various requirements.
November, 1989: The FDA releases its first general policy statement on software, FDA Policy for the Regulation of Computer Products.
The 1989 FDA policy statement defined software products used in medicine in a manner that affects the diagnosis and treatment of patients as medical devices. In doing so, the FDA stated its intent to hold manufacturers of medical software products responsible for providing reasonable assurance that their products are safe and effective (Class III devices), or that they are as safe and effective as existing products (Class I and II devices), and for complying with other regulations applicable to medical devices.
The agency named a few exceptions to this policy. FDA regulations and authorities do not apply to software intended only for use in library functions such as storage, retrieval and dissemination of medical information. Regulations also do not apply to software intended for use in general accounting, communications or educational functions.
FDA regulations and authority do however apply to software when the product is a “similar or related article, including any component, part or accessory” of a product recognized as a medical device in its own right, i.e. when the software is a component of or accessory to a parent device. In these cases, the software inherits the regulatory classification and requirements of its parent device.
Software products that are actual medical devices and not components, parts or accessories of other medical devices are subject to one of four levels of regulatory control depending on their characteristics. Software manufacturers are not exempt from premarket notification requirements, and if the FDA finds a product to be substantially equivalent to a device classified into Class I,II or III, it is regulated to the degree as the equivalent preamendments or postamendments device. Manufacturers must register with the FDA, list their products, notify the FDA prior to marketing and meet all other requirements according to the device class.
Medical software manufacturers of general purpose articles not labeled or promoted for medical use, but that meet the definition of a medical device because of their application in healthcare, are exempt from registering their establishments and listing products with the FDA, reporting adverse effects under medical device reporting (MDR) regulations and premarket notification. These devices pose little or no risk, or are the sole responsibility of the healthcare professionals who use them in medical applications. A medical institution where a software product is developed is treated similarly, provided that the product is only intended for use in that institution.
After 1989, due to the exponential rise in the use of computer and software products in medical applications as well as the diversification of products, the FDA determined it would be impractical to prepare an overarching software policy to address all issues related to the regulation of all medical devices containing software. The FDA subsequently withdrew the draft software policy. Nonetheless, this statement provided an important insight into FDA’s thinking, and the agency continues to use the general framework established by this policy statement to regulate most medical software; that is, until the recent development of mobile medical apps.
July, 2011: FDA releases a draft guidance document, Mobile Medical Applications.
After 1989, FDA issued a few specific regulations and guidance documents that applied to a narrow set of software products. However, none of these documents offered broad guidance on the FDA’s overall regulatory framework. As a result, there was no precedent or clarity around the regulation of mobile medical apps when they began to enter the market. In response to this need, in 2011, the FDA issued its first major guidance on mobile medical applications.
This has been seen by industry and other stakeholders as a landmark document that describes how the FDA intends to approach regulation of mobile applications generally. It clarifies the type of apps the FDA intends to regulate, which at this time is only the subset of apps that the FDA defines as “mobile medical applications.” The FDA defines a mobile app as a software application that can run on a mobile platform, or a web-based software application that is tailored to a mobile platform but run on a server. Of these mobile apps, “mobile medical apps” are defined as those mobile apps that meet the legal definition of a medical device and are either used as an accessory to a regulated medical device or that transform a mobile platform into a regulated medical device. Thus, as with other regulated products, the intended use of the app determines whether it meets the legal definition of a medical device. Further, since the use of a mobile platform does not inherently preclude the potential risk to patients posed by these products, the FDA states that it will require premarket clearance or approval for regulated mobile medical applications per its standard premarket requirements.
Importantly, given the complexity and constant evolution of the mobile app market, the FDA states in this guidance that it intends to exercise enforcement discretion in cases where an app may appear to meet the definition of a device but is not clearly a mobile medical app. Examples of these apps are included in the guidance and include fitness or general wellness apps that do not have a specific diagnostic or therapeutic purpose. In doing so, the FDA takes a narrowly tailored approach to regulating mobile application developers. Generally speaking, the agency describes a regulatory system that requires premarket authorization only for those devices that pose the same amount of risk to public health as currently regulated devices, i.e. “mobile medical applications.”
Nonetheless, the FDA recommends that manufacturers of all health or medically-related mobile apps, regardless of whether they meet the mobile medical app definition, follow quality systems regulations including good manufacturing practices (GMPs). The FDA has found that the majority of software-related device failures are due to design errors, and one study specifically found the most common issue was failure to validate software prior to routine maintenance. For this reason, design controls and other GMP requirements are expected of all mobile app developers with a potential medical use.
The FDA indicates that it intends to further articulate its regulatory framework for mobile applications in future guidance documents that cover specific types of mobile medical apps, for example apps that act as an interface with multiple other medical devices of different types. In the interim, the regulation of these devices remains unclear, and the FDA recommends that industry work directly with the agency on developing a custom approval path for these programs.
September, 2011: FDA holds a public workshop, Mobile Medical Applications Draft Guidance.
This workshop sought input on the agency’s regulatory approach to certain mobile applications specific to medicine or healthcare that are designed for use on smartphones and other mobile computing devices. The workshop was designed to provide a forum for interested stakeholders to offer comment on:
With this meeting, the FDA sought to engage industry to solicit comments on the approach it should take for mobile medical apps that are accessories to other medical devices. Mobile medical devices intended for use in this manner may be used for (a) displaying, analyzing, storing or transmitting patient-specific medical device data or (b) controlling the operation, function or energy source of the medical device. This forum is indicative of the interactive approach that FDA would like to adopt toward regulation of this field, so that it can develop guidance responsive to industry needs. However, as of the time of this article, the FDA has yet to issue any additional guidance on this topic in follow-up to the forum. Further, the FDA has not yet finalized, and thus has not formally implemented, the initial draft Mobile Medical Applications guidance. The reasons for this delay are diverse. For example, FDA has been under congressional pressure to not interfere with the innovation potential in the mobile medical arena, which has led to some confusion and delay in terms of how and when the final regulatory framework will be implemented.
In the interim, the mobile medical application industry continues to rapidly develop and release new innovative products. It is clear that the FDA will eventually need to provide finalized guidance on how these products will be regulated as well as the best approach for industry to take in gaining market clearance for its products, in order to meet the regulatory demand and public health need represented by the vast number of novel medical apps. The specific details of how the agency will do so, however, remain unclear for the time being, pending issuance of final guidance. For now, the July 2011 guidance remains the best indication as to how FDA will implement a regulatory framework for mobile medical applications.