The trend towards increasing numbers of mobile medical apps is clear. A recent article in the Wall Street Journal unequivocally declared that “the medicalized smartphone is going to upend every aspect of health care.” Until recently, this trend also resulted in confusion: what regulatory requirements would these software-based medical apps be held to?
The FDA released an updated guidance on Mobile Medical Applications in February 2015, clarifying its approach to the burgeoning market. While the FDA will not claim oversight over many mobile medical apps, there are others that will be considered medical devices and be subject to 21 CFR Part 820. While the news is welcome to many in the industry, allowing for greater freedom in app development, it also reveals another problem: developers of potential apps need to be clear from the outset about the status of the app under consideration. An app that is not considered a device is subject only to questions of viability and marketability, while a medical device app is also subject to regulatory requirements, including design controls, risk management, and human factors engineering.
It is always harder to get things right in retrospect, and this is particularly true in software design. Something that is an automatic outcome of a good process--like design controls, documentation, risk analysis, design reviews, etc.—can be a nightmare to go back and recreate when software has been developed with no governing process. This once again underscores our adage that good software requires more than good programmers; it is good programmers PLUS solid software development process that is consistently followed.
With the increase in mobile medical apps, software teams must also be increasingly knowledgeable about how the prevailing FDA thought will affect a specific project. This begins with awareness and understanding of FDA guidances on the topic, but also involves the corollary regulatory requirements when applicable: 21 CFR 820, ISO 14971, IEC 62304, etc.
At Velentium, our experience with both mobile technologies and traditional software devices (embedded, test) ensures that we approach mobile medical app projects with the knowledge needed to navigate the question of FDA oversight. In the end, it’s about producing a system that works, but it has to be a system that is also acceptable on all levels.