Federal regulators are calling on members of the healthcare industry, including medical device and pharmaceutical companies, to provide input on a report to be published detailing a new national risk-based health information technology (IT) regulatory framework for mobile medical applications.
Mobile medical applications can best be understood as programs run on a mobile device such as a smartphone or tablet that allow a user to access a medical technology wherever and whenever they wish. For example, a smartphone application that uses a camera's phone to determine if a skin growth is likely cancerous would be considered a mobile medical application, as would a huge array of other already-cleared applications.
Members of the medical device industry have long been wary of excessive or duplicative federal intervention in the mobile medical application space. Two issues seem to come to the forefront time and again:
- Which agencies should regulate medical apps-the US Food and Drug Administration (FDA), the Federal Communications Commission (FCC), the Federal Trade Commission (FTC), or just FDA?
- Which aspects of a mobile medical application should be regulated? Are all healthcare applications technically medical devices requiring premarket approval or premarket notification? And what of the mobile device that runs the application?
Those questions were answered in part in 2012, with both FDA and FTC releasing guidance documents regarding various aspects of mobile medical applications. FDA, for its part, said that it plans to exercise "enforcement discretion" regarding mobile medical applications, only going after those that would clearly be a medical device, while leaving all others to FTC.
But despite those assurances, FDA has recently come under fire from legislators who charged that FDA could conceivably use its regulatory authority to regulate smartphones and tablets-a claim that FDA officials would later debunk and deny. In the meantime, other legislators, such as Rep. Mike Honda (D-CA), have called on FDA to create an office of mobile medical applications in an effort to encourage their development and coordinate agency expertise.
Honda's legislation has not yet attracted much support in Congress, and in the meantime FDA's mobile medical applications effort has fallen largely to Bakul Patel, senior policy advisor to the director of the Center for Devices and Radiological Health (CDRH) and the author of FDA's draft guidance on the subject. Bakul noted in a recent interview with Fierce Mobile Healthcare that FDA has already reviewed approximately 100 applications over the past decade, and is now reviewing approximately 20 per month. Most, he added, are seen as Class II (moderate risk) medical devices and are cleared via the 510(k) premarket notification process in an average of 69 days.
But not everything in the mobile medical application space is happening at FDA, as a recent Federal Register notice makes clear. In 2012, the FDA Safety and Innovation Act (FDASIA) was passed into law, and with it a requirement for FDA to issue a report in consultation with the Office of the National Coordinator for Health Information Technology (ONC) and the chairman of the FCC.
That report is required to "offer a proposed strategy and recommendations for an appropriate risk-based Health IT regulatory framework that would include mobile medical applications and promotes innovation, protects patient safety, and avoids regulatory duplication," the US Department of Health and Human Services (DHHS) wrote in a little-noticed Federal Register notice this week.
To facilitate the development of that report, FDA is now working with ONC and FCC in the form of a new group called the FDASIA Workgroup to assist ONC's Health Information Technology (HIT) Policy Committee to provide recommendations.
Those recommendations fall into three areas, the group wrote in the notice:
- types of risk that may be posed by health IT that impact patient safety, the likelihood that these risks will be realized, and the impact of these considerations on a risk-based approach
- factors or approaches that could be included in a risk-based regulatory approach for health IT that also promote innovation and protect patient safety
- approaches to avoid duplicative or overlapping regulatory requirements.
Until now, much of those recommendations have come from internal sources, which the group said includes patients, companies and investors. But now it is opening up the process to provide an opportunity for broad public comment.
ONC said it would like feedback on five specific questions:
- What types of health IT should be addressed by the report developed by FDA, ONC, and FCC?
- What are the risks to patient safety posed by health IT and what is the likelihood of these risks?
- What factors or approaches could be included in a risk-based regulatory approach for health IT to promote innovation and protect patient safety?
- Are there current areas of regulatory overlap among FDA, ONC, and/or FCC and if so, what are they? Please be specific if possible.
- If there are areas of regulatory overlap, what, if any, actions should the agencies take to minimize this overlap? How can further duplication be avoided?
Comments should be received before 30 June 2013 in order to be considered. A meeting is also taking place on 30-31 May 2013, the webcast of which may be found here.
Federal Register Notice