It seems like every month another raft of “wellness” apps and “not-medical” apps are released into the wild. There’s clearly a lot of energy being expended to create apps that help people manage their lives, wellness and medical conditions. However, many developers that we speak with are really not sure how to tell if their wizzy new project needs to be worrying about complying with medical device regulations.
Navigating medical app development
Help is at hand, if you’re developing an app that collects, manages or creates user data, diagnoses or treats diseases, for the US market. The US Federal Trade Commission (FTC) has launched an online tool to help you understand which (if any) of these laws and regulations you will need to comply with:
- Health Insurance Portability and Accountability Act (HIPAA), enforced by the US Department of Health & Human Services[reveal heading=”%image% Click here to show more”]The Office for Civil Rights (OCR) within the U.S. Department of Health & Human Services (HHS) enforces the HIPAA rules, which protect the privacy and security of certain health information and require certain entities to provide notifications of health information breaches.[/reveal]
- Food, Drug & Cosmetic Act, enforced by the FDA[reveal heading=”%image% Click here to show more”]The FDA enforces the FD&C Act, which regulates the safety and effectiveness of medical devices, including certain mobile medical apps. The FDA focuses its regulatory oversight on a small subset of health apps that pose a higher risk if they don’t work as intended.[/reveal]
- Federal Trade Commission Act, enforced by the FTC[reveal heading=”%image% Click here to show more”]The FTC enforces the FTC Act, which prohibits deceptive or unfair acts or practices in or affecting commerce, including those relating to privacy and data security, and those involving false or misleading claims about apps’ safety or performance.[/reveal]
- Health Breach Notification Rule, enforced by the FTC[reveal heading=”%image% Click here to show more”]The FTC’s Health Breach Notification Rule requires certain businesses to provide notifications following breaches of personal health record information.[/reveal]
Finding out if your app is a Medical app
The tool holds your hand through answering 9 questions, resulting in guidance about which (if any) of these laws apply to your product.
1. Do you create, receive, maintain, or transmit identifiable health information?
2. Are you a health care provider or health plan?
3. Do consumers need a prescription to access your app?
4. Are you developing this app on behalf of a HIPAA covered entity (such as a hospital, doctor’s office, health insurer, or health plan’s wellness program)?
5. Is your app intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment or prevention of disease?
6. Does your app pose “minimal risk” to a user?[reveal heading=”%image% Click here to show more about ‘minimal risk'”]
According to the FDA, “minimal risk” apps are those that are only intended for one or more of the following:
- helping users self-manage their disease or condition without providing specific treatment suggestions;
- providing users with simple tools to organize and track their health information;
- providing easy access to information related to health conditions or treatments;
- helping users document, show or communicate potential medical conditions to health care providers;
- automating simple tasks for health care providers;
- enabling users or providers to interact with Personal Health Records (PHR) or Electronic Health Record (EHR) systems; and
- transferring, storing, converting format or displaying medical device data, as defined by the FDA’s Medical Device Data Systems regulations.[/reveal]
7. Is your app a “mobile medical app?”[reveal heading=”%image% Click here to show more about medical apps”]A “mobile medical app” is one that is intended for any of the following:
- use as an accessory to a regulated medical device (for example, an app that alters the function or settings of an infusion pump)
- transforming a mobile platform into a regulated medical device (for example, an app that uses an attachment to the mobile platform to measure blood glucose levels)
- performing sophisticated analysis or interpreting data from another medical device (for example, an app that uses consumer-specific parameters and creates a dosage plan for radiation therapy)[/reveal]
8. Are you a non-profit organization?
9. Do you offer health records directly to consumers (or do you interact with or offer services to someone who does)?
Developers unfamiliar with the requirements surrounding medical devices, such as the Quality System Regulation, FDA registration and approval process may find the tool useful in understanding whether the “thing” they’re creating qualifies as a medical device.
Evaluate your medical app development project
Talk with us about your medical app, because an independent view of your development project checks you’re on the right track.