Mobile Medical App Regulations

Author: Novarum DX

With more mobile phones on the planet than people*, the growth of smartphone technology in recent years has been exponential. Widespread accessibility of smartphone technology increases connectivity and creates mobile eco-systems for end-users to share information.

Smartphone technology has already introduced a step-change within the medical sector, as the launch of numerous mobile medical apps promises to transform the way we access provision of healthcare services. The number of opportunities for diagnostic companies aiming to tap into this lucrative market are huge, but the perception of complex regulatory barriers to entry will often restrict them, particularly when targeting markets in the USA and EU.

Although regulators, such as the Food and Drug Administration (FDA), recognise the benefits of utilising mobile technologies and may consider re-evaluating their approach towards mhealth, the regulatory landscape around mobile technology remains a cause for confusion.

Novarum DX™ develops mobile medical apps as software solutions that offer users with the ability to read, share and store results of diagnostic tests – which would otherwise be visual or confined to laboratory use – using nothing more than a smartphone. Novarum’s patented image capture technology enables patients to connect with medical professionals and help move diagnostic testing and analysis from a laboratory environment to the point of care. This connected solution offers the ability to store data, monitor and trend key results leading to better and more timely optimisation of treatment plans.

The FDA recommend clear guidance for the development of mobile medical apps and whilst it is not the intention to exhaust them here, we’ve captured 11 key deliverables in our new regulations’ whitepaper, which is available for download.

The team at Novarum is well-versed in developing and delivering apps that comply within global regulatory frameworks. Drawing upon this experience, we’ve highlighted key considerations for the development of mobile medical apps which Novarum has found to be the most pertinent:

Regulatory Mobile App Whitepaper

1. Define your regulatory strategy early

Defining the regulatory strategy early in the development de-risks the development process, saving time and cost. All product developments require an understanding of target markets, potential risks, project scope and timescales. Development of a medical software product is no different, requiring an understanding of the system within the regulatory landscape to ensure a quality product and appropriate validation is in place to achieve market clearance.

Mobile medical apps should be designed from the outset with regulatory requirements in mind.  To achieve this, the developer must manage the software lifecycle under IEC 62304 – a standard for the lifecycle requirements of medical device software – from design through development to release and post-market maintenance. This standard is recognised globally, therefore applicable in the EU and USA, and generally used as a benchmark for regulatory compliance worldwide.

2. Determine if your proposed app will be regulated

Apps with a medical function are generally regulated in the same way as other medical devices in the USA and EU.  This needs an understanding of the system – the parent device, any accessories – including what role the new software has in the system.

While there are subtle differences between the definition of medical devices in the EU and USA, in general, any app which is intended for use in diagnosis, treatment, mitigation or prevention of disease is considered a medical device.

  The FDA has defined Medical Mobile Applications (MMA) as:

  • – Apps that meet the definition of a “medical device”
    – Apps that are intended to be used as an accessory to a regulated medical device
    – Apps that transform a mobile platform into a regulated medical device

Providers of mobile medical apps must therefore develop the app under an appropriate quality management system that meets internationally recognised standards such as ISO 13485 in the EU and 21 CFR 820 in the USA.

3. Determine the software safety classification

The software safety classification in IEC 62304 enables the definition of strictness of the development and maintenance processes in advance. While the FDA recognises this standard, deliverables for a successful submission in the US are based primarily on Level of Concern.

For the most part, software safety classification and software level of concern can initially be assigned from Risk Assessments of the system and identifying harm that may arise from the software in a clinical context.  The system includes any parent medical device and accessories as well as the app, all required to provide the medical function.

This designation, based on risk, determines the requirements for software validation and deliverables to a regulator for market clearance evaluation. As a consequence, there is a direct impact on the development process and likely timescales. Retro-fitting regulatory deliverables for existing apps may be extremely difficult, and certainly costly and time consuming, which can delay market entry.

4. Consider impact on the system

Performance and safety are key considerations and incorporation of a mobile medical app into the system will likely change your claims. The system will generally include the parent medical device (such as an IVD test), any existing accessories, mobile medical app (software) and perhaps a connected web portal and database (software). It is important to note that the mobile phone hardware is not a regulated part of the system.

When evaluating the system for performance and safety against product claims, all components must be considered. Software verification should include evaluation of its performance on representative mobile phones, and validation must include usability considerations in the intended use environment.

5. Develop the app for phones in target market

We’ve acknowledged that the regulatory status of the mobile phone within the system can cause confusion. However, mobile phone hardware is not regulated as a medical device, therefore the app provider does not need to consider design control of these platforms.

Nonetheless, app providers should ensure their apps will function properly on the hardware they are used. The FDA has clarified that App Stores are not subject to regulatory scrutiny for medical app distribution, and therefore the app provider must verify the apps, distributed in this way, are not subject to uncontrolled modification, which may impact overall performance and patient safety.

It is therefore beneficial to identify likely phones used in the target markets and select those for verification activities.

With level of risk in mind, developers may integrate some of the following controls:

  • – Limits on which devices can install or run the app (e.g. whitelist, blacklist)
  • – Warning to users operating on untested devices
  • – Checks on device hardware


6. Choose an experienced provider

Responsibility for regulatory compliance rests with who introduces the app into the market. Where development is contracted, this will usually not be the developer, but rather the legal manufacturer of the medical system.

While there are countless app developers worldwide, few have encountered the development of apps for regulated healthcare markets and with medical device product development experience. The required development lifecycle addresses everything from design and development planning, risk management, design, implementation, verification and validation, release and post-market maintenance.

These are just a few key considerations for mobile medical app development that Novarum DX has advised on over the years, having pioneered the concept of smartphone diagnostic testing in 2012.

Since then, Novarum’s smartphone reader solutions have been used in remote and challenging locations to test for high-risk infectious diseases like HIV, malaria, or Influenza, and to support patients with chronic conditions, like Inflammatory Bowel Disease, from the comfort of their own home.

The views expressed in this blog are those of the author and do not necessarily reflect the official policy or position of the company.

– Dr Alasdair Christie, Head of Regulated Product, Novarum DX™.

SOURCE: *The Independent (2014)