People who use mobile devices to monitor their health may be surprised to hear that up until now, there has been little definitive guidance on what medical apps need regulatory approval. In some cases, this represents a real risk as mobile phone apps and devices attached to phones come onto the market that can measure everything from blood pressure to blood sugar as well as tell you what is in your urine.
Unlike traditional dedicated medical devices, mobile apps have escaped general regulation up until now. However, in the United States and Australia at least, that is about to change. Almost in tandem, the agencies responsible for medical device regulation – the US Food and Drug Administration (FDA) and the Australian Therapeutic Goods Administration (TGA) – have released guidelines about what mobile health apps they consider need regulatory approval.
Both agencies have taken a similar approach in trying to distinguish between apps that simply provide information or are deemed “low risk” and those that are involved in “diagnosis, prevention, monitoring, treatment or alleviation of disease”. So for example, they would classify an electronic health record application as not needing regulation but software that tells you what dose of a drug you need to take based on a measurement would, even if the measurements weren’t made by the mobile app itself.
In principle, the guidelines should bring some clarity to the market and from a medical app developer perspective, this may serve to remove obstacles to obtaining potential investment. In the past, the possibility that an app would be subject to regulation from the FDA or TGA and then risk not getting approval has been considered as enough reason to scare off most potential investors.
The problem is that although it seems that this guidance is relatively clear, most medical software, whether mobile or not, falls in a grey area. Take the example of an electronic health record. Whilst electronic records are principally about saving clinical information about a patient, most software incorporates facilities to provide guidance and alerts based on decision support algorithms acting on data entered into the software. Technically, that would make TGA or FDA approval mandatory as it carries a potential risk to the patient if the guidance or decisions are wrong.
Even with apps that clearly act as a medical device, it may not always be clear what the actual risk is to a patient. Part of this is dependent on the context that the app is being used in. A heart rate monitor to measure physical exertion during exercise is not going to be considered a high-risk device. However if the heart rate monitor is being used to detect anomalies in the heart beat or manage exertion in cardiac patients, then that is a different matter.
Risk will vary depending on whether an app is being used by the consumer to diagnose potential problems themselves or by a health professional using it as an everyday diagnostic tool. Beyond diagnosis, the app could be used to manage the condition, alerting the patient to the need to increase or decrease the dose of a medication, for example. There is plenty of scope for things to go wrong in these scenarios.
Take the Spirometer app, which measures how well a person’s lungs are working. The app can be used to diagnose potential problems such as asthma and chronic obstructive pulmonary disease. If the app alerts someone to a problem, it can be checked out and confirmed by other means. If the app reports that there is nothing wrong, this could potentially delay someone from seeking help and that delay may make things worse.