While the FDA has softened its approach to regulating mobile medical apps, developers should be aware of the fact that some apps will still require agency approval. To be prepared for that possibility, designers need to first understand the three-tiered approach that FDA uses to classify risk during the medical device approval process. Class I devices rarely require FDA authorization before they can be put on the market. These devices present minimal potential to do harm to the public and include items like elastic bandages and enema kits. Ninety five percent of these devices are exempt from the regulatory process according to the FDA.
Most medical devices fall into the class II category and typically must go through the 510(k) program, which requires the manufacturer to identify a legally marketed “predicate device” that is substantially equivalent to the device the company wishes to market, according to Keith Barritt, an attorney with Fish & Richardson.
Keith Barritt has a great article on how to build a 510(k) application for your mobile app.
Class III devices, on the other hand, usually require what’s referred to as a pre-market approval or PMA, which necessitates a more complicated regulatory process. To avoid these complexities and the associated expenses, manufacturers should become thoroughly familiar with several FDA guidance documents.
Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, for example, outlines the agency’s concerns about the risk that can occur when medical devices that are connected to a computer network experience a data leak, which in turn allows hackers to gain access to protected health information.
FDA has also published General Principles of Software Validation; Final Guidance for Industry and FDA Staff, which requires medical device software to conform to Quality System Regulation based on 21 CFR Part 820. And if your device uses off-the-shelf software rather than an operating system specifically designed for the device, you’ll want to review the FDA’s Off-The-Shelf Software Use in Medical Devices.
Lastly, if a mobile app makes use of radio frequency transmissions, you’ll need to understand the relevant federal regulations. As Barritt explains it, “manufacturers should be aware that having a product certified by the Federal Communications Commission (FCC) is not sufficient to guarantee it will be authorized by the FDA for marketing as a medical device.” Once again, the agency has a guidance document to help, entitled Radio-Frequency Wireless Technology in Medical Devices.