Pages Menu

Posted on Dec 20, 2012 in Articles, Original Article | 0 comments

The Legal Perspective of mHealth in the United States

William Garvin1

1Legal Counsel, Buchanan Ingersoll and Rooney PC, Attorneys and Government Relations Professionals, USA
Corresponding Author:
Journal MTM 1:4:42-45, 2012

The first step is to conduct a critical appraisal of existing literature relevant to the research question

The rapid rise of mobile smartphones has brought with it a proliferation of new software applications (“apps”) that assist the owner with a vast array of new information and tools.  Those in the medical community have seen a dramatic rise in apps designed to aid them in their medical practice, and these mobile medical apps have the potential to revolutionize the practice of medicine.[1]

Nevertheless, the Food and Drug Administration (“FDA”) has not yet resolved how it intends to regulate all mobile medical apps.  This regulatory uncertainty impedes the development of innovate medical apps and slows the adoption of useful apps by the medical community.  Physicians may even be scared to utilize these apps to their fullest capability due to a fear that these medical apps are unreliable and have not been vetted.

This article will provide an overview of the current regulatory regime for mobile medical apps under FDA law and regulations so that medical app developers are able to navigate the complex regulatory environment and so that practitioners can understand the status of the software that they depend upon.[2]  Additionally, this article will provide a brief update regarding recent actions that could have an effect on the mobile medical apps market.

I. Regulation of Medical Devices

The main regulatory issue facing many mobile medical apps is whether these programs would be regulated as medical devices.  Under FDA law, medical devices face a variety of regulatory and procedural hurdles in order to be sold.[3]

First, certain medical devices must be pre-approved by FDA before they can enter the market.  FDA classifies medical devices as Class I, Class II, or Class III devices with regulatory requirements increasing for a higher classification.  Class I devices may be marketed without first obtaining pre-market notification or approval from the FDA.  Class II devices must generally provide premarket notification to the FDA under a 510(k).  Class III devices generally must obtain pre-approval from the FDA under a Pre-Market Approval (“PMA”) before they can be marketed.[4]

Second, medical device manufacturers must comply with a variety of procedural requirements regarding how the product is produced as well as comply with providing FDA with information regarding the production of the medical device and its effects.  These requirements include: (1) requiring a company to register the establishment where the medical device is produced; (2) requiring that the company list their medical device with FDA; (3) requiring that the company follow all Quality System Requirements (“QSRs”) that dictate how devices should be produced; and (4) requiring that the company report adverse events associated with the medical device according to Medical Device Reporting (“MDR”) requirements.

Lastly, FDA law generally prohibits the sale of any medical device that could be considered adulterated or misbranded.  An adulterated medical device would include a medical device that was not manufactured in conformance with performance standards while a misbranded medical device is a device that has labeling that is false or misleading.[5]

Because those products that are not classified as medical devices do not need to meet costly requirements, the determination of whether a medical app is classified as a medical device can greatly impact the development of the product.

II. FDA Guidance on Medical Mobile Apps

In response to the demand for more information on whether FDA would classify a mobile medical app as a medical device, FDA issued a draft guidance document on July 21, 2011.[6]While FDA’s Guidance documents are usually not binding on the agency as final agency action, the guidance often provides insight into the agency’s enforcement position on controversial matters.

In this Guidance, FDA defines a mobile medical app as “a mobile app that meets the definition of ‘device’ [under the Federal Food, Drug, and Cosmetic Act (“FFDCA”)]; and either is used as an accessory to a regulated medical device; or transforms a mobile platform into a regulated medical device.”[2, p7]  FDA specifically excluded those companies that just distribute mobile medical apps but do not engage in the manufacturing of apps, e.g., Apple with its iTunes store, from being subject to medical device regulations.[2, p9]

In this guidance document, FDA discusses how it would determine how to classify a mobile medical app.  FDA stated that it will determine whether a mobile app is a medical device based on the “intended use” of the app.[2, p9]  This determination is based on the “intended use” because the FFDCA defines a medical device as a device that is “intended… for use in the diagnosis, cure, mitigation, treatment, or prevention of disease in man or other animals intended or to affect the structure or any function of the body of man or other animals.”[7]  Thus, the claims that a company makes about its mobile app can determine whether it will be regulated as a medical device.

In determining the intended use of the app, the FDA will take into account the labeling claims, advertising materials, and statement by the manufacturer or its representatives.[2, p8]  The intended use of an app can be determined from explicit as well as implied claims.

FDA stated in its guidance that certain apps would be considered outside the scope of a mobile medical app and that FDA would not take enforcement action against these products.[2, p12]  Those mobile medical apps that FDA excluded from regulating as medical devices included the following: (1) mobile apps that are merely electronic copies of medical textbooks or reference materials; (2) mobile apps that are solely used to track or make decisions regarding general health and wellness and not related to a specific disease (i.e., dietary tracking logs); (3) mobile apps that automate general office operations like medical billing or appointments; (4) mobile apps that are of general use but not marketed for a specific medical use (e.g., a magnifying glass app that does not make any claims for using the app for a medical purpose); and (5) mobile apps that operate like an electronic health record system.[2, p10-11]

FDA also stated that it would consider some apps to clearly be medical devices and that FDA intends to regulate these apps.  These mobile apps include the following: (1) mobile apps that are an extension of other medical devices and are used to control the original medical device; (2) mobile apps that are used with attachments that have the functionality of currently regulated medical devices (e.g., a mobile app and an attachment that acts as a blood glucose meter); (3) mobile apps that allow the user to input specific patient information and output a specific diagnosis or treatment recommendation for clinicians (e.g., a questionnaire that is used to help diagnosis a patient); (4) mobile apps that help display and transmit medical device data in its original format; and (5) mobile apps that create alarms, recommendations, or new information by interpreting medical device data.[2, p13-14]

Even though FDA has stated that it is taking enforcement discretion to refrain from regulating some of these mobile medical apps as medical devices, the Agency did state that it recommended that all manufacturers of mobile medical apps should follow FDA’s QSRs.[2, p12]  FDA also stated that the majority of failures related to medical apps were due to a failure to validate the software.[2, p12-13]

FDA also acknowledged that there were some areas that it had not yet resolved how to regulate.  For example, FDA normally requires that accessories to medical devices must meet the same requirement as those associated with the original medical device.  Nevertheless in its draft guidance, FDA stated that there are mobile medical apps that are designed to work with existing medical devices that should not be regulated under the same classification (e.g., an accessory that merely displayed data gathered from another medical device).  FDA has sought input from industry regarding how it should deal with these types of accessories.[2, p14]  Additionally, FDA acknowledged that it would later address in a separate document how to regulate those mobile medical apps intended to “analyze, process, or interpret medical device data (electronically collected or manually entered) from more than one medical device.”[2, p15]

FDA is expected to release a final revised version of this guidance by the end of the 2012.[8]

III. Other Developments Affecting Mobile Medical Apps

  1. FTC Guidance on Mobile Apps

The Federal Trade Commission (“FTC”) is generally responsible for ensuring that no company is able to promote a product in a way that is considered false or misleading, and the FTC closely regulates the claims made regarding medical products.  Because the FTC regulates advertising of medical products, the FDA and the FTC work together to ensure that their regulations of the medical industry are consistent.

The FTC recently published its own guidance document discussing restrictions on marketing mobile apps titled “Marketing Your Mobile App”.[9]

In this document, the FTC stated that all objective claims regarding a mobile app must be supported by “competent and reliable evidence.”  Additionally, if an app claims to provide a health benefit, then you need competent and reliable “scientific” evidence to support that benefit claim.  The FTC cited the enforcement action it recently took against the developer of a mobile medical app that was claiming that its app could help treat acne through colored lights emitted from the smartphones as an example where there was no scientific evidence to support the claim made by the app developer.[10]

Lastly, FTC stated that apps must disclose key information to the user in a clear and conspicuous manner and ensure that the app protects the user’s privacy.

  1. Recent legislative efforts

While this article describes the current status of regulation for mobile medical apps, it is important to note that this area is currently in a state of flux while the major participants try to finalize how this area will be regulated.

For example, one member of Congress has proposed to introduce legislation to create a new office within FDA to focus solely on regulating Medical Mobile Apps.  Rep. Mike Honda, a Democrat member of the House of Representatives that represents a district in California, has proposed the “Healthcare Innovation and Marketplace Technologies Act” (“HIMTA”), a bill that would force FDA to create an Office of Mobile Health that would provide recommendations regarding the development of mobile medical apps.[11]  Rep. Honda stated that he was introducing this bill because the current healthcare system worked against small-to-large startup entrepreneurs.[12]

While this legislation has not been formerly introduced into Congress, it is still important for mobile medical app developers to be aware of the activities in Congress.

  1. FDASIA Report

Under Section 618 of the Food and Drug Administration Safety and Innovation Act (“FDASIA”), Congress required Health and Human Services to create a report that discusses in part how to regulate mobile medical apps under an appropriate risk-based framework.  The law requires that the Secretary of Health and Human Services post a report that contains a “proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, which promote innovation, protects patient safety, and avoids regulatory duplication.”[13]   The Secretary can convene a working group of stakeholders and experts to provide recommendations regarding the report, but the Secretary has not convened this panel at this time.  This report is required to be published by January 2014.

  1. HIPAA restrictions

Mobile medical app developers should also ensure that their products do not violate any provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) that protects the disclosure of certain health related information.  In general, an application used by patients will not fall under HIPAA because there is no covered entity involved.  Nevertheless, any medical app that handles sensitive patient information should review the laws and regulations on handling patient health care information to ensure that they comply with all applicable requirements.


Mobile medical apps will certainly continue to grow as technology enables patients and doctors to connect to an ever growing network of information and complex analysis.  FDA should continue to use a risk-based approach to ensure that certain mobile apps are considered to be outside FDA’s regulatory framework while other apps that have more of a direct impact on patient health are regulated like medical devices.  While it is important for government entities to take the correct approach when regulating these mobile apps, it is also important that private organizations support the growth of these products.  Hospitals, health care organizations, non-profit institutions, and physician associations should help foster the growth of mobile medical apps by creating private standards and quality control mechanisms outside of government requirements.  The sooner that reliable institutions can provide a system for vetting and supporting valuable mobile medical apps, the sooner mobile medical apps will become a vital part of health care institutions.


[1].  Franko OI, Tirrell TF. Smartphone app use among medical providers in ACGME training programs. J Med System. 2012 Oct; 36(5):3135-9 (stating that over half of all physician surveyed reported using a medical app in their practice). 

[2].  FDA’s current position on mobile medical apps along with background documents can be found on FDA’s website at

ucm255978.htm (accessed 1 December 2012).

[3]. An overview of FDA’s regulations of medical devices can be found at FDA’s website at

default.htm (accessed 1 December 2012).

[4]. A discussion regarding how to classify your device under FDA regulations can be found at FDA’s website at

/ClassifyYourDevice/default.htm (accessed 1 December 2012).

[5]. FFDCA, 21 U.S.C. § 502 (2012).

[6]. US FDA. Draft Guidance, Mobile Medical Applications (2011)

/GuidanceDocuments/UCM263366.pdf (accessed 1 December 2012).

[7]. FFDCA, 21 U.S.C. § 321(h) (2012).

[8]. Mobile Medical App Policy Being Finalized. FDA Webview. 11 Oct. 2012.

[9]. US FTC, Marketing Your Mobile App: Get It Right from the Start (2012) (accessed 1 December 2012).

[10]. US FTC, “Acne Cure” Mobile App Marketers Will Drop Baseless Claims  Under FTC Settlements (2011) (accessed 1 December 2012).

[11]. Gaffney A. Proposed Legislation Calls for FDA to Form Office Dedicated to Mobile Apps. Regulatory Focus. 2012 Sep. 27.

[12]. Bill Would Create FDA Office of Mobile Health. FDA Webview. 27 Sep. 2012.

[13]. Food and Drug Administration Safety and Innovation Act (“FDASIA”),

Section 618, Pub. L. No. 112-144, 126 Stat. 993 (2012).