University of Washington School of Law

By Mariko Kageyama

The digital health field has been growing exponentially and is now expanding rapidly into emerging markets. As a result, mobile health apps, or “mHealth apps,” have exploded in popularity. If you search for “health” on online app stores such as Apple’s App Store or Google Play, you will have no problem finding countless apps with various health-related purposes. One survey reports that nearly 260,000 mHealth apps were available worldwide by 2016.

However, what mHealth app developers and consumers may not realize is that these new technologies are becoming the target of increasingly tight regulations by both federal and state laws in the United States.

At the federal level, mobile health apps may be scrutinized under the following federal agency laws:

• Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act – These acts regulate data privacy and security of health information. They are enforced by the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC);
• Food, Drug, and Cosmetic Act (FDCA) – This act allows the Food and Drug Administration (FDA) to regulate the safety and effectiveness of “medical devices;” and
• Federal Trade Commission Act (FTC Act) – This act both creates the FTC and allows it to enforce and penalize deceptive or unfair business practices including false or misleading claims about apps’ performance.

Among these major agency players, the FDA has struggled the most with trying to adapt its existing regulatory framework to include and regulate mHealth apps.

For instance, the FDA can regulate “medical devices,” but what qualifies as a “medical device” under FDA law? According to its 2015 Guidanace, the FDA does not want to regulate every single smartphone app that tangentially relates to fitness or wellness. Instead, the FDA only wants to keep an eye on a small subset of apps called “mobile medical apps” that may pose moderate to high risks to a patient’s safety if the apps fail to work as intended. “Mobile medical apps” can either be those connected to existing medical devices already regulated by FDA, or those that “transform” mobile platforms into an FDA-regulated device.

The FDA explains that a mobile app “transforms” into a medical device when it uses attachments, display screens, or sensors, or when it uses a mobile platform’s built-in features such as light, vibrations, and camera to create functionalities similar to those of currently regulated devices. But the exact actions that constitute a “transformation” are not yet known and remain open to significant agency discretion.

Therefore, if you were to create a new mHealth app that “transforms” a mobile device, you may need to seek FDA approval for a specific medical device classification based on the level of safety risks it poses. The classes are ranked I, II, or III and any class of device can be subject to what is known as Premarket Notification 510(k).

In anticipation of ambiguities in this field, multiple federal agencies collaborated in 2016 to create the Mobile Health Apps Interactive Tool. What is unique about this user-friendly educational website is that it is clearly intended for IT developers, not healthcare professionals or general consumers.

State laws have also come into play. Earlier in 2017, the New York Attorney General settled with three mHealth app developers for state law violations over their misleading marketing and privacy practices. Those mHealth apps are: My Baby’s Beat–Prenatal Listener; Heart Rate Monitor & Pulse Tracker; and Cardiio-Heart Rate Monitor + 7 Minute Workout. As illustrated in the settlement documents, these apps do not look any more sophisticated than other similar apps, but the New York AG maintained that these cardiac rate monitors probably fall under FDA Class II medical devices. Such a classification means that these are higher risk devices than Class I and thus subject to greater regulatory controls. Although the investigation did not go further, these state cases show that mHealth app developers and manufacturers can be exposing themselves to large amounts of liability at the state level as well as the federal level.

Despite this heightened oversight, the current FDA Guidance is clearly nothing more than a temporary fix when much more is needed to address these issues in such a rapidly growing and changing field. Because Congress has a less-than-great track record of quickly enacting laws, the FDA and other relevant agencies should act swiftly to reevaluate these regulations in order to ensure consumer health and safety while simultaneously fostering innovation in this massively beneficial field.

Picture Source