This week must be the week of the FDA publications. In the same week the UDI final rule and guidance were published, the FDA has also released the guidance document on the FDA's plan for enforcement regarding Mobile Medical Applications. The FDA's final thoughts on how they'll regulate mobile medical applications will likely surprise many of their critics.
Flying in the face of critics who villainize the FDA and claim that they stifle innovation, the FDA took a de-regulatory action with regard to mobile medical applications. Yes. De-regulated. The stance, as explained during a great "tweet-chat" hosted by the FDA on September 26th (you can find most of those tweets by using #FDAApps) was to focus FDA oversight on the high-risk subset of mobile medical applications and leave the others to "enforcement discretion."
Many who have tried to wrangle 21 CFR Part 11 keenly understand that if enforcement discretion was a color it would be gray. It doesn't mean that the FDA is simply ignoring those apps - no, the FDA clearly stated that a risk to public health would immediately result in investigations and up-regulations on this subset of medical devices. It simply means that the FDA is choosing, within their right, to enforce action upon only the highest risk devices. Think of it like a highway with a speed limit of 65 MPH. You're cruising along at 72 MPH, and someone blows by at 90 MPH. Who gets the ticket? 90 MPH, even though you technically were violating the speed limit yourself. That's enforcement discretion.
So which apps are the highest risk?
- Apps that transform a phone into a regulated medical device (ex: use a sensor to measure and display ECG, electronic stethoscope, nystagmograph, audiometer, blood glucose reader, etc.);
- Apps that connect to an existing device as a control;
- Apps that display transfer, store, or convert patient-specific medical device data from a connected device and therefore are mobile medical apps.
The guidance even goes into the detail of what product codes to look for - thanks FDA!
Some other critical points from the "tweet-chat" today:
- FDA considers both applications in respective app stores as well as web-based applications intended to be viewed on a mobile device as mobile medical applications.
- Unique Device Identification requirements will apply to mobile medical applications according to the rule and guidance published this week
- The release of the guidance this week and FDA's current activity is focused on notification and education. FDA is granting time prior to enforcement of requirements.
- Most mobile applications currently on the market do not require FDA review.
- FDA has cleared 100 mobile medical applications over the last 10 years.
The greatest take-away, for me, was that this "tweet-chat" and the way FDA has handled mobile medical applications showed the agency's willingness to listen and initiate the conversation of how to fairly but effectively regulate new categories of devices. The FDA representative constantly reminded questioners that if they had questions regarding a specific application to email them at email@example.com, continuing the highly-cooperative character the agency has been displaying recently.
Finally - this is great news for app developers. Develop, voluntarily comply, sell! Another example of the FDA shedding it's "baddy" label - well done.