The FDA Releases Long-Awaited Final Guidance on Mobile Medical Applications

by Sheppard Mullin Richter & Hampton LLP

On September 23, 2013, the U.S. Food and Drug Administration (the “FDA” or the “Agency”) issued long-awaited final guidance for developers of mobile medical or health applications (or “mobile medical apps”) used on smartphones and other mobile devices. The final guidance reflects a tailored approach by the Agency to analyzing mobile medical apps, and represents an important step in narrowing the field of interpretation of the current laws.

The Agency’s guidance indicates its intention to exercise enforcement discretion for most mobile medical apps on the basis that they pose minimal risk to consumers. Instead, the FDA will largely focus its enforcement attention on the functionality of the mobile applications and give greater consideration to those applications that the Agency believes present “a greater risk to patients if they do not work as intended.”

The final guidance comes over two years after the Agency published draft guidelines, and encompasses the comments of industry respondents which overwhelmingly supported a customized, risk-based approach. The FDA’s final statements reflects the Agency’s interest in balancing regulatory oversight with support of innovation in medicine and technology.

The final guidance focuses on mobile applications and not their platforms. Under the guidance, the FDA will not regulate the sale or general/conventional consumer use of smartphones or tablets.

What are mobile medical apps?

For purposes of the guidance, a mobile application is defined as a software application that can run on a mobile platform (i.e., a handheld commercial off-the-shelf computing platform, with or without wireless connectivity), or a web-based software application that is tailored to a mobile platform but is executed on a server.

A “mobile medical app” that is subject to regulatory oversight by the FDA is a mobile app that meets the definition of device in section 201(h) of the Federal Food, Drug, and Cosmetic Act (the “FD&C Act”) and either is intended:

  • to be used as an accessory to a regulated medical device (e.g., mobile apps that display medical device data to perform active patient monitoring, mobile apps that provide the ability to control the inflation or deflation of a blood pressure cuff through a mobile platform, or mobile apps that display, store or transfer medical data in its original format); or
  • to transform a mobile platform into a regulated medical device (e.g., attaching a blood glucose strip reader to a mobile platform to function as a glucose meter, or performing patient-specific analysis and providing patient-specific diagnosis or treatment recommendations).

The FDA will look at the intended use of a mobile app to determine whether it meets the definition of a “device.” Intended use may be shown by labeling claims, advertising materials, or oral or written statements by manufacturers or their representatives. When the intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man, the mobile app is considered a “device.” To provide additional clarification, Appendix C of the guidance as well as the FDA’s Products and Medical Procedures website contain a non-exhaustive list of examples of mobile apps that are the focus of the FDA’s regulatory oversight.

Many mobile apps involving health will not considered mobile medical apps because they do not meet the definition of a “device” under the FD&C Act. The FDA has indicated that the following mobile apps would not be considered a “device”:

  1. Mobile apps that are intended to be used as reference materials or for user or patient education and are not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease by facilitating a health professional’s assessment of a specific patient, replacing the judgment of clinical personnel, or performing any clinical assessment.

    This includes mobile apps that are:
    • intended to provide access to electronic “copies” (e.g., e-books, audio books) of medical textbooks or other reference materials with generic text search capabilities;
    • intended for health care providers to use as educational tools for medical training or to reinforce training previously received; and
    • intended for general patient education and facilitate patient access to commonly used reference information. These apps can be patient-specific (i.e., filters information to patient-specific characteristics), but are intended for increased patient awareness, education, and empowerment, and ultimately support patient-centered health care.
  2. Mobile apps that automate general office operations in a health care setting and are not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease.
  3. Mobile apps that are generic aids or general purpose products, such as mobile apps that allow patients or healthcare providers to interact through email, web-based platforms, video or other communication mechanisms (but are not specifically intended for medical purposes).

If a mobile app does not meet the definition of a “device” under the FD&C Act, the app will not be considered a mobile medical app for purposes of the guidance.

Will all mobile medical apps be regulated?

No. The fact that a mobile app meets the definition of a medical device does not necessarily indicate that the FDA will regulate it under the current laws. The Agency noted that it intends to exercise enforcement discretion over some mobile apps that meet the definition of a medical device if they pose a lower safety risk to the public. This means that the FDA will not consider these mobile apps to be “mobile medical apps” for purposes of the guidance and will not enforce the requirements under the FD&C Act. Appendix B of the guidance and FDA’s Products and Medical Procedures website contains examples of such mobile apps. Such mobile apps include (but are not limited to):

  1. Mobile apps that help patients with diagnosed psychiatric conditions (e.g., post-traumatic stress disorder, depression, anxiety, obsessive compulsive disorder) maintain their behavioral coping skills by providing a “Skill of the Day” behavioral technique or audio messages that the user can access when experiencing increased anxiety;
  2. Mobile apps that provide periodic educational information, reminders, or motivational guidance to smokers trying to quit, patients recovering from addiction, or pregnant women;
  3. Mobile apps that use GPS location information to alert asthmatics of environmental conditions that may cause asthma symptoms or alert an addiction patient (substance abusers) when near a pre-identified, high-risk location;
  4. Mobile apps that use video and video games to motivate patients to do their physical therapy exercises at home;
  5. Mobile apps that prompt a user to enter which herb and drug they would like to take concurrently and provide information about whether interactions have been seen in the literature and a summary of what type of interaction was reported;
  6. Mobile apps that help asthmatics track inhaler usage, asthma episodes experienced, location of user at the time of an attack, or environmental triggers of asthma attacks;
  7. Mobile apps that prompt the user to manually enter symptomatic, behavioral or environmental information, the specifics of which are pre-defined by a health care provider, and store the information for later review;
  8. Mobile apps that use patient characteristics such as age, sex, and behavioral risk factors to provide patient-specific screening, counseling and preventive recommendations from well-known and established authorities;
  9. Mobile apps that record the clinical conversation a clinician has with a patient and sends it (or a link) to the patient to access after the visit;
  10. Mobile apps that are intended to allow a user to initiate a pre-specified nurse call or emergency call using broadband or cellular phone technology;
  11. Mobile apps that enable a patient or caregiver to create and send an alert or general emergency notification to first responders; and
  12. Mobile apps that keep track of medications and provide user-configured reminders for improved medication adherence.

In an effort to demonstrate support for innovation in an industry that has shown immense growth in the past few years, the FDA noted that a majority of mobile apps on the market at this time either will not fit the definition of a device or will pose a lower safety risk to the public, and thus will not be considered mobile medical apps or be regulated by the FDA.

What Must Companies that Manufacture Mobile Apps Do?

The FDA strongly recommends that manufacturers of all mobile apps that may meet the definition of a device follow the Quality System Regulation set forth under Title 21 of the Code of Federal Regulations Part 820 (which includes good manufacturing practices) in the design and development of their mobile medical apps. The FDA also recommends that such companies initiate prompt corrections to their mobile medical apps, when appropriate, to prevent patient and user harm.

For mobile medical apps, manufacturers must meet the requirements associated with the applicable device classification. If the mobile medical app, on its own, falls within a medical device classification, its manufacturer is subject to the requirements associated with that classification. A mobile medical app, like other devices, may be classified as Class I (General Controls), Class II (Special Controls in addition to General Controls), or Class III (Premarket Approval).

What Does the Guidance Not Cover?

The guidance does not address the approach for software that performs patient-specific analysis to aid or support clinical decision-making. Also, the FDA’s policies regarding accessories to medical devices are not unique to mobile medical apps and go beyond the scope of the guidance. Specifically the guidance does not address the FDA’s general approach for accessories to medical devices.

Is the Guidance Binding?

The FDA’s guidance on mobile medical apps does not establish legally enforceable responsibilities. Instead, the guidance describe the FDA’s current thinking on a topic and should be viewed as recommendations, unless specific regulatory or statutory requirements are cited. The use of the word should in the guidance means that something is suggested or recommended, but not required. A company could use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations.

What to Do Next?

The FDA recommends that mobile medical app developers should contact the FDA as early as possible if they have any questions about their mobile app, its level of risk, and whether a premarket application is required.

Companies can also find more information at the Mobile Medical Applications Web Page and at the FDA’s website for consumers entitled Consumer Update: Keeping Up with Progress in Mobile Medical Apps.

Written by:

Sheppard Mullin Richter & Hampton LLP

Sheppard Mullin Richter & Hampton LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.