Regulatory Focus™ > News Articles > FDA Confirms it Won't Regulate Apps or Devices Which Store Patient Data

FDA Confirms it Won't Regulate Apps or Devices Which Store Patient Data

Posted 06 February 2015 | By Alexander Gaffney, RAC

FDA Confirms it Won't Regulate Apps or Devices Which Store Patient Data

The US Food and Drug Administration (FDA) has put the finishing touches on a new policy which explains how it plans to regulate medical devices, including mobile apps, which track patient data and store patient images.


FDA has in recent years begun to establish a regulatory platform by which to regulate emerging types of medical software, which can be regulated as a medical device under the Food, Drug and Cosmetic Act (FD&C Act).

Under the law, FDA is able to regulate any product which is defined as:

An instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is:

  • recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them
  • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals
  • intended to affect the structure or any function of the body of man or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes

Under 21 CFR 801.4, products which are labeled using claims reserved for devices may also be regulated as devices. For example, a flashlight is ordinarily not a medical device, but if it was labeled with claims that it its light could cure acne, it would be a medical device.

FDA's Changing Regulatory Approach for Medical Software

Since 2011, FDA has begun to shift in its approach to regulating medical software. Under a guidance known as Mobile Medical Applications, the agency said it would regulate mobile applications according to the risk they posed to consumers.

In general, unless the application was working with an accessory which was a medical device, made specific medical claims that the app could treat or cure a disease, or stored or analyzed patient-specific medical data, the agency said it would not regulate the device.

Read more on how FDA regulates mobile medical software here.

Since the release of that guidance, which was modified in 2013, FDA has said it's mostly not interested in regulating most low-risk consumer devices, including mobile apps.

For example, in January 2015 FDA released a draft guidance document General Wellness: Policy for Low Risk Devices, which said FDA had little interest in regulating fitness trackers, calorie trackers or lifestyle trackers as long as they didn't make disease-specific claims.

Read more about FDA's guidance on general wellness products here.

Also in January 2015, FDA released a draft guidance document covering the regulation of medical device accessories, which are devices which function with another "parent" medical device, or even a smartphone. FDA adopted a new risk classification scheme which would make it easier for device accessories to reach the market.

Read more about FDA's guidance on medical device accessories here.

In another guidance from June 2014, FDA said it would exempt medical device data systems (MDDS)—devices used to collect and store data from other medical devices—from regulation entirely. They had previously been regulated as Class I, "low-risk" medical devices.

Read more about FDA's guidance on medical device data systems here.

In all cases, FDA's approach was clear: It would take a risk-based approach that would leave most consumer devices free from regulatory requirements (such as registration with FDA, meeting good manufacturing practices or filing premarket applications) as long as they did not make disease-specific claims.

Final Guidance Published

Now the agency is finalizing its approach toward two types of products: Mobile medical applications ("apps”) and medical device data systems.

On 6 February 2014 FDA released the final versions of Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devicesand Mobile Medical Applications.

Both documents, FDA officials said in a blog posting, reflect the agency's opinion that a tailored approach to oversight will best serve both the public and the medical device industry.

"Through these actions, we continue to clarify which medical devices are of such low risk that we will no longer focus our regulatory oversight on them or we will regulate them under a lower risk classification, narrowly tailoring our approach to the level of risk to which patients or consumers are exposed," wrote Jeffery Shuren and Bakul Patel of FDA's Center for Devices and Radiological Health (CDRH).

"Through such smart regulation we can better facilitate innovation and at the same time protect patients," they added.

The mobile apps guidance is unchanged except to make it consistent with the new medical image storage device guidance, FDA said, while the MDDS guidance confirms that FDA has no plans to regulate devices which store patient data or images "due to the low risk they pose to patients and the importance they play in advancing digital health."


Medical Image Storage Devices, and Medical Image Communications Devices

Mobile Medical Applications


© 2022 Regulatory Affairs Professionals Society.

Regulatory Focus newsletters

All the biggest regulatory news and happenings.