Offering health care solutions at consumers' fingertips? What you should know about FDA regulation of mobile medical apps


Over two years after the Food and Drug Administration issued draft guidance on “mobile medical applications,” the agency recently issued its greatly anticipated final guidance. As FDA considered comments from stakeholders during this prolonged review period, many in the industry continued to struggle with understanding the boundaries proposed by FDA and their potential impact on businesses across the health care sector.

The principles outlined in the final guidance remain consistent with those described in the draft guidance. FDA has stated that it is “not expanding [FDA’s] universe” by regulating mobile medical applications (i.e., apps), but rather applying longstanding basic tenets of medical device regulation and–at the core – requirements of the Food, Drug and Cosmetic Act (FDCA). These principles may, however, be unfamiliar to many in the technology space, particularly those who have not previously been involved with FDA-regulated devices.

In response to industry requests for clarity, FDA added a number of specific examples in the final guidance, including examples of mobile apps that would not be considered regulated devices; and those that would technically be considered devices, but to which FDA would apply enforcement discretion.

Below we provide an overview of FDA’s final guidance, including a high-level look at FDA’s intended regulatory approach.

Should I be paying attention?

FDA’s guidance applies to “mobile medical app manufacturers,” so in determining whether the guidance is relevant to you, there is a two-part analysis: (1) what is the exact nature of the product; and (2) what is your role with respect to the design, specification development, manufacture, packaging or labeling.

This same analysis is relevant for any product that is, or might be considered, a “medical device.”  It is especially noteworthy, however, for companies which may be new to the FDA-regulated space and may be unfamiliar with FDA’s broad definitions of “medical devices” and “manufacturers.”

Is the app regulated?

As a starting point, a software application will be subject to FDA regulation if it meets the definition of a “device” in the FDCA.  The statutory definition includes any “instrument, apparatus, implement machine, contrivance . . . or other similar or related article, including a component part, or accessory which is: . . .  intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals.”

The “intended use” is a critical determining factor for whether FDA will deem a technology a “device” subject to regulation. FDA notes that labeling claims, advertising materials and/or oral or written statements by manufacturers or their representatives are instructive when determining the “intended use” of a device. Further, FDA clarifies that “when the intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man,” the mobile app is a device.

In defining a “mobile medical app,” the guidance calls out two particular ways that a technology could be deemed within the statutory definition: if it is “an accessory to a regulated medical device” or intended “to transform a mobile platform into a regulated medical device.”

The final guidance separates apps into three broad categories:

  • Category 1: Apps that do not meet the statutory definition of a device, and thus are not subject to FDA oversight
  • Category 2: Apps that may meet the statutory definition of a device, but present such a low risk of patient harm that the FDA is not going to exercise oversight at this time
  • Category 3: Apps that do meet the statutory definition of a device and the above definition of a “mobile medical app,” and that present potential patient risks warranting  FDA oversight at this time

As outlined in the FDA’s guidance, examples of each type of app include:

Apps that do not meet the statutory definition of a device, and thus are not subject to FDA oversight

Examples include:

  • Mobile apps that are intended to provide electronic “copies” of medical textbooks or other reference materials with generic text search capabilities
  • Mobile apps that are intended for health care providers to use as educational tools for medical training or to reinforce training previously received
  • Mobile apps that are intended for general patient education and facilitate patient access to commonly used reference information
  • Mobile apps that automate general office operations in a health care setting and are not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease
  • Mobile apps that are generic aids or general purpose products

Apps that may meet the definition of a device, but present such a low risk of patient harm that the FDA is not going to exercise oversight at this time

Examples include:

  • Mobile apps that provide or facilitate supplemental clinical care, by coaching or prompting, to help patients manage their health in their daily environment
  • Mobile apps that provide patients with simple tools to organize and track their health information
  • Mobile apps that provide easy access to information related to a patients’ health conditions or treatments (beyond providing an electronic “copy” of a medical reference)
  • Mobile apps that are specifically marketed to help patients document, show or communicate to providers potential medical conditions
  • Mobile apps that perform simple calculations routinely used in clinical practice
  • Mobile apps that enable individuals to interact with personal health record systems or electronic health record systems

Apps that do meet the statutory definition of device and the  definition of a “mobile medical app,” and that present potential patient risks warranting FDA oversight at this time.


Examples include:

  • Mobile apps that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or displaying, storing, analyzing or transmitting patient-specific medical device data
  • Mobile apps that transform the mobile platform into a regulated medical device by using attachments, display screens or sensors or by including functionalities similar to those of currently regulated medical devices
  • Mobile apps that become a regulated medical device (software) by performing patient-specific analysis and providing patient-specific diagnosis, or treatment recommendations

FDA “strongly recommends” that manufacturers of all apps that meet the definition of “device,” including those over which FDA will exercise regulatory discretion (the second category above), follow FDA’s Quality System regulation in the design and development of their apps.

For apps in the third category, another level of analysis is required to determine exactly how FDA will regulate the app, and what specific requirements apply, depending on the classification (e.g., Class I, Class II, Class III), device type and intended use.  For example, an app might be a “Medical Device Data System,” which is a Class I device, or – based on features offered – it might be regulated at a higher level, e.g., as an accessory to a connected device, which then must comply with the controls applicable to that connected device.

Are my operations regulated?

Being deemed a “manufacturer” has significant consequences in terms of FDA compliance, in a variety of areas.  Definitions of “manufacturer” or “manufacture” are detailed in regulations setting out related responsibilities for: medical device reporting when malfunctions, injuries or deaths occur (21 C.F.R. Part 803);  reporting of device corrections or removals (21 C.F.R. Part 806); establishment registration and listing and premarket notification (510(k)) (21 C.F.R. Part 807); and Quality Systems/Good Manufacturing Practice requirements (21 C.F.R. Part 820). 

In the final guidance, FDA provides several examples of a “manufacturer” in the mobile medical app context, clarifying that it includes any person or entity that:

  • Creates, designs, develops, labels, re-labels, remanufactures, modifies or creates a mobile medical app software from multiple components
  • Initiates specifications or requirements for mobile medical apps or procures product development/manufacturing services from other individuals or entities (second party) for subsequent commercial distribution
  • Creates a mobile medical app and hardware attachments for a mobile platform that are intended to be used as a medical device by any combination of the mobile medical app, hardware attachments and the mobile platform or 
  • Creates a mobile medical app or a software system that provides users access to the medical device function through a website subscription, software as a service, or other similar means.

For companies involved in any way with the development, creation or distribution of mobile medical technologies, we recommend careful consideration of the regulatory definitions to proactively assess their applicability and to ensure compliance.

Navigating the FDA landscape can be challenging, especially to companies new to the FDA-regulated space.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.