[Ed. This is the first of a three part series examining the past & present of FDA regulation of mHealth ]

By: Felasfa Wodajo MD, Rene Quashie JD

As many of our readers know, the role of the FDA is evolving with respect to mobile medical software and devices. There is no question that the FDA has jurisdiction to regulate medical software, not to mention a responsibility. The difficulty for outside observers and software developers has been predicting what level of stringency the FDA will apply to medical apps and devices in the future.

Two well known examples of medical apps which have sought and been granted approval by the FDA are AirStrip, a cross-platform app for live fetal and ICU vital sign remote monitoring and MobileMIM, an iOS app for viewing CT & MRI images. The year long process until MIM Imaging finally obtained FDA approval in December 2010 was retold by Mark Cain, CTO of MIM Imaging, on this site, providing an insight into the challenges for both sofware developers and the FDA.

Another important recent event with regard to the FDA is the February 2011 publication of the final rule on Medical Device Data Systems (MDDS). This ruling, first offered in draft form in 2008, allows certain types of medical devices to seek approval as Class I devices, thus avoiding the more complicated involved processes required for Class II and Class III devices. Finally, on July 19, the FDA marked an important milestone by releasing a draft guidance on its intended pathway to regulation of mHealth apps.

These are important developments but what do they mean for the development of mobile medical apps ? In these three articles, we will aim to demystify the role of the FDA and seek to learn more about its past and possible future role in mobile health.

What does the FDA regulate ?

The Federal Food, Drug, and Cosmetic Act, initially passed in 1938 and amended many times since, authorizes the FDA to regulate an

instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is … intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals … intended to affect the structure or any function of the body of man or other animals
(fda.gov)

Notice that this clearly points to tangible objects. The FDA does not regulate medical research or the practice of medicine. Even more specifically, the FDA regulates commercial activity. If a device does not have commercial application or intention to be marketed, the FDA is unlikely to be involved. The part of the FDA involved in medical devices is called the Center for Devices and Radiological Health (CDRH).

How does FDA decide what to regulate ?

The fundamental goal of the FDA is to protect patient safety. The FDA is very aware of the potential of its regulatory hurdles to dampen the rate of innovation in medical device technology, for which there is always a slight undercurrent of dissatisfaction from industry and even Congress.

Consider though that if a consumer electronic device such as a music player were to fail, the “victim” can simply return the device to the seller. In internet technologies especially, some rate of errors is expected – servers fail, databases become corrupted. If one service is not satisfactory, customers will move to another. However, if a medical device fails, there might well be irreparable patient harm.

The FDA is simply not interested in allowing “beta” devices to be released.

When deciding to regulate, the FDA looks at “intent”. Not just what the device or software appears to do but what is the stated or implied function according to the manufacturer. Thus, how the device is portrayed in marketing materials and what are its indications for use become very important. Factors which will get the FDAs attention include:

  • device failure associated with risk of significant harm or death
  • large scale or volume
  • aggressive marketing

Who needs FDA approval ? (“components” vs “accessories”)

The final vendor is responsible for submitting the application to FDA for approval or clearance. This means that the individual component makers are not required to submit to the FDA, regardless of how expensive or complex the individual parts. However, if any of the components of the device can stand alone and be used, then they are no longer considered “components” but rather “accessories” and will be subject to FDA regulation.

This is especially relevant in the current mHealth boom where multiple commercial smartphone-coupled sensing devices are in various stages of development (e.g. IBG glucometer). In many of these cases, a smartphone is used to aggregate patient information and transmit it to a distant site. While the dedicated app for the device cannot function in isolation and thus reasonably can be considered a “component”, can the smartphone itself be considered an “accessory”, and thus come under FDA scrutiny ? How about the wireless carrier – should the vendor have to validate the reliability of the smartphone’s network ? These questions of scope are still emerging. Many of these types of scenarios were envisioned in a white paper by the mHealth Regulatory Coalition detailing the complex issues the FDA faces as it brings a regulatory regimen based on stand-alone devices into a networked and wireless world.

Class I, II & III devices

When submitting to the FDA, medical devices are classified as Class I, II or III devices according to potential risk. The difference in the approval process between the classes is very significant so manufacturers must plan carefully what pathway their device will require.

Class I devices are considered to be low risk. In fact, for Class I devices, there is no application to the FDA for clearance – the manufacturer just goes to market. These types of “devices” that would typically be considered Class I would include crutches, bed pans, etc. For these, the FDA requires that manufacturers use “general controls” for good manufacturing practice and adverse event reporting, quality, durability, etc. Although the risk associated with Class I devices is low, the FDA is still concerned that there be a large margin of safety before an adverse event occurs. When possible, the devices should signal to the uninitiated that they are about to leave the safety zone, so indications for use and appropriate warnings are important.

Class II devices are considered intermediate risk and require “special controls” to help provide reasonable assurance of that device’s safety and effectiveness, in addition to general manufacturing controls. Many medical devices fall under Class II, including many orthopedic implants. For these devices, the FDA grants “clearance” to market to the manufacturer. This type of application is referred to as a 510k application based on the section of the Food and Drug act that established that if a device is “substantially equivalent” to a device commercially available prior to May 28, 1976 (a “predicate device”), the manufacturer can market it without an exhaustive safety and efficacy review.

A typical 510k application is usually 50-100 pages long and can takes 6-12 months to finish. It has usually has many sections including

  • CDRH premarket review submission cover sheet
  • 510(k) cover letter
  • Indications for use statement
  • Truthful & accuracy statement
  • Financial certification or disclosure statement
  • Declarations of conformity and summary reports
  • Executive summary
  • Device description
  • Substantial equivalence discussion
  • Proposed labeling
  • Sterilization and shelf life
  • Software, if applicable

Class III devices are considered high-risk and require pre-market application (PMA) in which the vendor presents clinical data to the FDA. This type of application should be reserved for devices where failure can result in significant injury or death, such as pacemakers, and is somewhat analogous to a new drug application in that expensive clinical and engineering studies will likely be needed. If the application is accepted, then the device gets FDA “approval”, not just “clearance” as in Class II devices.

Class II vs Class III devices

Predictably, manufacturers have tried their best to avoid a designation of Class III device, whenever possible. Thus, the principle of “substantial equivalence” has been stretched greatly by creative vendors who have become expert in the clearance process. As a result, the validity of the 510k process as a whole has been questioned, even to the point of Congressional hearings on the subject with the device industry recruiting sympathetic ears in Congress to advocate for quicker device reviews.

Conversely, it is not logical that the absence of a predicate device by virtue of the rapidly changing nature of technology should automatically mean that any such new device be deemed a high risk Class III device. This was the predicament that the developers of MIM Viewer, an iPad app to view CT & MRI images, faced when they submitted their FDA application for clearance as a Class II device. The FDA had previously reviewed and cleared their desktop imaging viewing software. However, when they submitted a mobile iPad version, they were initially told that they would have to seek a PMA. The long and winding story of how they eventually were able to prevail and obtain Class II clearance encapsulates the challenges the FDA has faced in adapting its regulatory structure to the rapidly changing world of medical devices.

In the second part of this series, we will look at the recently (Feb 2011) promulgated FDA rule granting specific instances of mobile devices Class I status if they can be described as “Medical Device Data Systems” (MDDS).

Rene Quashie JD is a government relations director/regulatory attorney at Drinker Biddle who is focused on the role of federal regulation in health care delivery