Questioning the Who, What and How of Digital Health Regulation

March 25, 2014

The digital health world is buzzing with recent news about a proposed bill to reduce U.S. Food and Drug Administration (FDA) regulation on “low risk” mobile medical technologies, such as health apps for smartphones that provide health education, management and prevention tools for practitioners and patients. The bill, Preventing Regulatory Overreach to Enhance Care Technology (PROTECT) Act of 2014, aims to amend FDA regulatory guidance on mobile health technologies that are of “low risk” to patient safety. Brought to the Congressional floor by Sen. Deb Fischer (R-Neb) and Sen. Angus King (I-Maine), the bill would require only “high risk” technologies, or those that qualify as a medical device, to undergo the FDA’s arduous regulatory process.

With little risk to patient health, they argued, why not ease the regulatory burden on the makers of “low risk” mobile apps to foster technology innovation and economic growth? The bill proposes that the National Institute of Standards and Technology (NIST) oversee regulation of “low risk” health information technology and mobile health, and the FDA continue to enforce parameters on only “high risk” mobile medical devices, software, and apps.

The FDA currently regulates medical applications that meet the definition of a medical device. These include mobile apps that can be used as an accessory to a medical device, such as an app to control a blood-pressure cuff, or to transform a mobile device into a medical device, such as a heart monitoring sensor. These types of apps generally carry confidential patient data and perform clinical tests. What PROTECT deems as “low risk” are those apps that fall under FDA regulatory enforcement discretion. What this means is that the FDA can choose not to enforce regulatory requirements on these apps because the risk to patients is low, such as fitness trackers and medication reminder apps.  

While the PROTECT Act would certainly provide app developers and technology start-ups with more freedom to rapidly create and market new mobile health technology products, it is imperative to continually evaluate the safety, security, and health impact of health apps’ data and content, regardless of the FDA’s role. In fact, a national poll found that 42 percent of doctors will not prescribe mobile health apps because of lack of regulatory oversight, highlighting the need for credibility, which guidelines and external review can address. 

PROTECT addresses some of the challenging issues faced in ensuring patient safety in a highly evolving area:

  • Who should regulate mobile medical technology, like mobile health apps?
  • What level of risk should be regulated?
  • What are the standards that should be considered for low-risk mobile health apps?
  • How do we balance appropriate regulation while allowing for innovation and marketplace growth?
  • How do we encourage evaluation of mHealth for safety and effectiveness regardless of the level of risk?

Even in the absence of FDA oversight, as proposed by PROTECT, methodologies for rigorous non-FDA evaluation of apps deemed “low risk” should remain intact to ensure their safety and effectiveness.