top of page

Health App Regulation Needs A New Direction-The HSB Blog 4/12/22

Our Take:

Digital health apps have been up and coming in recent years. As technology continues to advance, the apps are becoming more streamline and user friendly. The rise of new digital tools could potentially improve patient treatment and outcomes while easily connecting patients to their healthcare providers at their fingertips. However, major concerns circulating digital apps revolve around security, privacy, and usability. In particular, “Despite some recent initiatives, there is still no specific regulation procedure, accreditation system, or standards to help the development of the apps, mitigate risks, or guarantee quality.” Consequently, both in the U.S. and internationally, the struggle to incorporate the accelerating pace of growth of health apps into healthcare systems while ensuring its efficacy continues to pose a risk. As both the industry and regulations mature, these applications need to give users confidence that these apps can be used without exposing their PHI (personal health information) and with the peace of mind that the health information they gain is both accurate and reliable.

Key Takeaways:

  • According to the IQVIA Digital Health Trends report, there are now over 350K health-related mobile apps, and almost 90K were created in 2020 alone.

  • The FDA updated its guidance on Device Software Functions and Mobile Medical Applications in September 2019. According to the guidelines, the FDA would not enforce laws for software that assists patients in self-management of their condition without proposing specific therapies and automating simple tasks for healthcare practitioners.

  • Operationalization of digital health apps are not entirely understood and require adjustments in order to provide the best form of functionality.

  • Information quality, interface usability, digital divide, and physician burnout are among several factors that need to be addressed for the future of mobile health apps


The ongoing challenge of the health care system to integrate digital health apps will be limited until standards can be established for their safety and effectiveness. While the markets and technology are moving at a rapid pace, policies and efforts around regulation move extremely slowly and have generally lagged behind advancement. Nevertheless, despite the fact that regulatory regimes still lag behind the pace of development, factors like efficacy, quality, safety and data privacy still need to be assessed so that users can fully enjoy the benefits of these health apps. As noted in “Standards for Mobile Health–Related Apps: Systematic Review and Development of a Guide”, “this is a problem not only for the safety of end users (i.e., patients and health care professionals) but also for professional developers”. For example, developers need to understand the current and future direction of regulatory regimes so that product roadmaps and any required adjustments can be made in order to provide the best form of functionality.

In the U.S while policy is lagging innovation, it does seem to be at least moving in the right direction. In September 2019, the FDA amended its guidelines on Device Software Functions and Mobile Medical Applications. The guideline material suggested that the FDA will not enforce regulations for software that “assist patients in self-management of their ailment without recommending particular therapies and automating simple activities for healthcare practitioners.” Furthermore, the FDA stressed that software regulations are function-specific and apply across platforms. As a result, references to "mobile application" in the guideline have been replaced with "software function." In addition, in March of 2020, the FDA launched a Digital Health Innovation Action Plan, an initiative aimed at streamlining device approvals by concentrating on developers and processes. Under the plan, the FDA divides device software functions into two categories: 1) Software as a Medical Device (SaMD) and 2) Software in a Medical Device (SiMD). SaMD means that software itself is the device and according to the FDA it “ranges from software that allows a smartphone to view images obtained from a magnetic resonance imaging (MRI) medical device for diagnostic purposes to Computer-Aided Detection (CAD) software that performs image post-processing to help detect breast cancer.”

By contrast SiMD is software that is a component of another medical device that aids in its operation in some way. For example, “if the software in question helps in any way to run a medical device, it is SiMD. Software that powers the mechanics of a medical device or processes the information that is produced by a medical device is obviously considered SiMD as is software that controls the device remotely.” The FDA has created a definition that centers around the primary way to read or see the results, noting that “if you cannot use the medical device without this software, it is SMID.”

The Backdrop:

According to industry estimates, 325,000 healthcare apps were accessible on smartphones in 2017, equating to an estimated 3.7 billion mobile health app downloads by smartphone users globally that year. The foundation of digital health apps is to provide a convenient and efficient method for patients to not only take control of their health but have immediate access to their health information all stored in one place. Despite this, as noted in “Standards for Mobile Health–Related Apps: Systematic Review and Development of a Guide”, “the exponential growth in mHealth solutions has occurred with almost no control or regulation of any kind. Despite some recent initiatives, there is still no specific regulation procedure, accreditation system, orstandards to help the development of the apps, mitigate risks, or guarantee quality.” This impedes both innovation and confidence in development, for as the study goes on to point out “progress depends not only on what each research group is doing but also on developing general standards and improving certification procedures.” Moreover, because “very few of the health apps available have undergone a thorough validation process, the end result is a lack of confidence among health professionals.

Internationally “Belgium and Germany [appear to have] come the furthest in operationalizing and implementing their market access and reimbursement approval framework for medical apps (excluding apps that do not fulfill criteria for medical devices)” according to a recent article in NPJ Digital Medicine. “While in many other countries, initiatives to replace multiple local and fragmented initiatives with little impact with national frameworks are ongoing” in the U.S. regulation of medical apps is fragmented due to jurisdictional issues.

In the U. S. a "regulated medical device" is one that meets the definition of a device under section 201(h) of The Federal Food, Drug, and Cosmetic Act (FD&C Act) is a federal law enacted by Congress in 1938 that helped establish the legal framework within which FDA operates. Under the act a product has to have been cleared or authorized by the FDA via a review of a premarket submission or otherwise categorized by the FDA.

One example of how this is applied to digital health apps and emerging technology occurred back in September of 2017 when the FDA approved Pear Therapeutics De Novo request, allowing the company to market reSET for the treatment of patients with substance use disorder (SUD). This marked the first time the FDA had approved what are known as digital therapeutics, which are one type of health app and are defined by the Digital Therapeutics Alliance as devices which “deliver evidence-based therapeutic interventions that are driven by high quality software programs to prevent, manage, or treat a medical disorder or disease. They are used independently or in concert with medications, devices, or other therapies to optimize patient care and health outcomes of claims to improve clinical outcomes in a disease.

Despite this, challenges around thorough vetting and testing of digital health apps remain. As noted in the NPJ Digital Medicine article there is “a demand for ‘someone’ to provide a quality stamp on the apps that fulfill basic medical and privacy criteria, that is, to provide a labeling of apps that denote which ones have achieved standards or

endorsement of some type”. In addition, there is a “broad, international convergence in terms of requirements in the areas of transparency, health content, interoperability, and privacy and security” for such apps.


As the delivery of healthcare information continues to digitize, a number of concerns remain around the development, efficacy, data privacy and security of digital health apps. First and foremost, as noted in “Health app policy: international comparison of nine countries’ approaches” “apps currently provide alarmingly low levels of information to consumers about data use” dramatically undermining user confidence and trust. In addition, Transparency regarding ‘how the app achieves its decisions’ (suggested by [International Standards Organization] ISO) is similarly critical but needs to be better operationalized in all countries, not least in relation to the increasing incorporation of AI-based algorithms in apps,” contributing to hesitation to embrace the conclusions of the apps and concern among both patients and clinicians that they are dealing with a black-box.

To combat these issues the authors of “Standards for Mobile Health–Related Apps: Systematic Review and Development of a Guide” have come up with 8 criteria which should serve to create solid guidelines until a broader regulatory framework is in place. These include:

1) Usability (i.e., the app must be adapted to the targeted population),

2) Privacy (i.e., compliance with the law and treatment of users’ data),

3) Security (i.e., data protection, authorization mechanisms, and detection of vulnerability)

4) Appropriateness and Suitability (i.e., the benefits and advantages for the end users are explained),

5) Transparency and Content (i.e., scientific evidence and sources information),

6) Safety (i.e., the potentiality of risk to end users),

7) Technical Support and Updates (i.e., there is a policy about the maintenance of the app post launch),

8) Technology (i.e., the app works smoothly and does not fail abruptly).

Finally, app developers and product teams should remember medical terminology used in the apps may be hard to understand or grasp by certain patients, so it should be adjusted so that it is accessible to all. In addition, while some individuals may be more technologically savvy than others, those who are older or not familiar with using smartphones may not be able to understand how to use health apps at its optimal level. This ties very closely with concerns around the so-called “digital divide” and how that digital divide may turn into a social determinant of health as these apps gain popularity. This could occur where patients with low health literacy or who are unable to access or afford technologies such as smartphones or tablets will be unable to experience or benefit from them. And lastly, physician burnout may be intensified by the load of digital health apps and having to learn how to utilize them. So, it may be a burden for some physicians to adapt to new technologies and transition to a more digitized form of communication.

Related Readings:


Search By Tags
Recent Posts
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Social Icon
bottom of page