Untangling the Intricate World of Digital Health Regulation-The HSB Blog 6/28/21
The current regulatory landscape for digital health tools is complex and doesn’t lend itself to easily determining where digital health tools belong or how they should be regulated. As a result it is not clear how to design these tools within regulatory guidelines and what process they should or may need to follow for approval. This can risk the health and safety of patients as well as slow the pace of development of innovative products to market. Furthermore, it risks having devices or services that are not safe and effective coming to market with the potential of exposing patients to an unacceptable level of risk and vulnerabilities. In addition, it risks stifling innovation, lowering the ability of patients to monitor and participate in their own care and slowing the development of digital tools that could result in higher quality, lower cost care. As a result, for startups to remain compliant they must learn how to navigate this complex web of regulation and guidance and create a system for staying on top off any updates from the appropriate agencies.
There is a lack of understanding about regulatory guidelines and how digital tools (i.e., software and medical applications) are classified.
There are at least six guidance documents from the FDA broadly concerning software related to medical devices and mobile medical applications.
The regulation of software that is based on Artificial Intelligence (AI) or machine learning (ML), created a whole new series of issues for regulators
The market for mobile health apps, both those intended for medical use as well as health and wellness, is projected to grow over 800% between 2019 and 2025 (Statista)
Healthtech regulation affects everyone, including patients, healthcare professionals, and manufacturers. The current regulatory landscape is complex and not set up to rapidly respond to classifying the space in which digital health tools belong. As a result, It is not clear how these tools should be designed within regulatory guidelines. Startups that are developing medical devices and mobile medical applications need to keep this in mind when considering what regulatory pathway, if any, they will have to follow.
Even prior to the COVID pandemic there was a large increase in the number of digital medical devices as well as health and wellness apps. This number grew exponentially during the COVID pandemic as providers looked for ways to extend healthcare to those in need while keeping them out of physical facilities and away from exposure to infection. According to Statista there were approximately 54,000 mHealth apps on the Apple App Store in Q1 2021. Like most current technology, most devices are driven by software and it is the most important component in healthtech. As a result in 2019, the FDA provided guidance for the regulation of software in medical devices in a document entitled, “Policy for Device Software Functions and Mobile Medical Applications/ Guidance for Industry and Food and Drug Administration Staff.” The goal of the document was to help developers understand which mobile medical applications fall under the medical device oversight requirement based on their functions.
Under the FDA’s classification scheme, software involved in medical devices broadly falls into two categories, 1) Software as Medical Device (SaMD) defined as software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device, and 2) Software in a Medical Device (SMD) which is defined as software that powers the mechanics of a medical device or processes the information that is produced by a medical device. According to the FDA guidance, how they regulate software is unrelated to the platform and instead is determined by the functionality of the software. As a result, the FDA only regulates applications (apps) that are intended for medical use (ex: provide a diagnosis) and not those that are intended just to help improve or monitor general health and wellness.
In 2016 the 21st Century Cures Act came into effect which modified the definition of “medical device” and specifically excluded from regulation any software that is used “for maintaining or encouraging a healthy lifestyle and is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition.” In its guidance the FDA noted that for certain types of medical devices, which meet the definition of medical devices but have low risk for the users of the device, the FDA will “exercise enforcement discretion.” As such developers wouldn’t have to obtain normal pre-market approval (PMA) from the FDA nor will manufacturers have to register devices with the FDA. According to the guidance document software, where the FDA expects to exercise enforcement discretion includes apps such as those that: 1) Help patients (i.e., users) self-manage their disease or conditions without providing specific treatment or treatment suggestions; 2) Automate simple tasks for health care provider, and, 3) Have software functions that coach patients with conditions such as cardiovascular disease, hypertension, diabetes, or obesity, and promote strategies for thing such as maintaining a healthy weight.”
In 2019 the FDA launched a precertification program “to help address the regulatory challenges posed by novel medical software.” As noted in an article in Psychiatric News, “companies that are ‘pre-certified’ by the FDA will be given a fast and streamlined review process for all their digital health products and will then be responsible for monitoring the effectiveness and user satisfaction of their products and providing periodic reports to the FDA.” According to the FDA the goal of the program is “to provide more streamlined and efficient regulatory oversight of software-based medical devices developed by manufacturers who have demonstrated a robust culture of quality and organizational excellence, and who are committed to monitoring real-world performance of their products once they reach the U.S. market.” According to the FDA, “this proposed approach aims to look first at the software developer or digital health technology developer, rather than primarily at the product, which is what we currently do for traditional medical devices. The agency expects the program to “enable a modern and tailored approach that allows software iterations and changes to occur in a timely fashion under appropriate controls”.
The regulation of software that is based on Artificial Intelligence (AI) or machine learning (ML), created a whole new series of issues for regulators. As a result, the FDA also recently proposed a regulatory framework for artificial intelligence (AI) in mobile medical apps (AKA adaptive AI). As noted in the Bioethics article cited above “the issue with adaptive AI is the software’s function can change over time as the AI algorithm learns. The implication is that software submitted to the FDA for review (and approval) could act and function very differently from the software eventually experienced by users.” The article notes that this has implications for the issue of “informed consent” as well as an issue of re-review by FDA. Currently the FDA’s guidance does not appear to cover apps that use adaptive AI that are not intended for medical use
Medical apps and software also fall under the regulatory purview of the Federal Trade Commission (FTC) but generally only after they are released under their power to regulate “unfair and deceptive trade practices”. s noted in a 2019 article from Bioethics, on regulation of health and wellness apps, “the FTC has thus far taken on more of the regulatory role that one might expect the FDA would play. For example, a number of app developers have agreed to pay settlements to the FTC for making false claims about their app’s ability to improve vision, cognitive performance, and measure blood pressure.”
The market for digital health tools is growing rapidly and the current regulatory apparatus is simply not fit to keep pace with either the pace of scale or change. According to Statista, the market for mobile health apps, both those intended for medical use as well as health and wellness, is projected to grow over 800% between 2019 and 2025. As a result the public is left with a market which is complicated and confusing, often leaving developers guessing which regulations apply to them and how to be compliant. While “intended use” of the company’s marketing the product is the key to determining how regulations apply, developers may not know or understand that they risk violating the regulations until they are notified by the FDA. Conversely, the labyrinth of regulations may slow the development of products to market or cause developers to inappropriately interpret regulations leading them not to apply their technology where it could have medical efficacy. Even worse yet, there is the potential that products may make it to market without the appropriate regulatory review of the medical technology possibly threatening patient safety and even potentially becoming ingrained in care protocols.
As a result there are a number of steps that developers can take to ensure they are following the appropriate regulatory pathway. While this is not meant to be an exhaustive list and is in no way meant as a substitute for legal or other professional advice, these steps should help clarify the regulatory pathway. Clearly review the products “intended use” as well as “labeling, promotional statements, and other statements made on or on behalf of the marketer” including those on your website. Consult with regulatory authorities and take the time to review these with outside advisors/counsel early on in the process. Review FDA interpretive guidance including the Policy for Device Software Functions and Mobile Medical Applications cited above and referenced at the end of the publication as well as the Cures Act to determine how your product may be regulated (note the Cures Act specifically excludes certain types of software from regulation). Along those lines startups should consult the FDA guidance documents entitled “General Wellness: Policy for Low Risk Devices” concerning where “enforcement discretion” will be applied (also referenced below). Moreover, startups and their developers need to stay on top of emerging FDA regulations regarding the use of adaptive AI algorithms in medical devices and FTC actions on deceptive trade practices to ensure they are aware of and following the latest developments and guidelines. While all of the above should aid you in educating yourself in determining if you are subject to FDA regulatory approval and which pathway to take, it is imperative that you take steps to continually monitor any and all developments from the appropriate regulatory bodies. As a result, given the complexity of the regulatory landscape, innovators would be well served to bring in outside counsel and advisors at crucial decision points in the planning and strategy process as money spent early on in the development of products and services will likely help avoid regulatory issues or delays and will have a high ROI.
Policy for Device Software Functions and Mobile Medical Applications Guidance for Industry and Food and Drug Administration Staff
Expanded FDA Regulation of Health and Wellness Apps - Bioethics
FDA’s Streamlined Health App Approval: Better for Patients or Companies? Psych News