chevron-down Created with Sketch Beta.


FDA Regulation of Mobile Medical Apps

Julie Davis


  • Healthcare practitioners are increasingly using mobile applications for medical activities, but without oversight, there are potential risks to patients.
  • The FDA defines a mobile medical app as a software application that can be executed on a mobile platform.
  • Apps can be considered “medical devices” and subject to FDA regulation if they are intended for use in the diagnosis or the cure, mitigation, or treatment of prevention of disease.
  • The FTC has also released guidance for health-app developers to ensure compliance with the FTC Act and HIPAA Privacy Rule.
FDA Regulation of Mobile Medical Apps
PeopleImages via Getty Images

Over the last few years, health-related mobile applications (apps) have become widely used by consumers for weight control, disease-related monitoring, smoking cessation, and other purposes. However, healthcare practitioners, including physicians, may use these types of apps for higher-level medical activities—for example, performing electrocardiograms (EKGs) or measuring blood glucose levels—in the process of diagnosis and treatment in a clinical setting. According to a 2015 survey of 500 healthcare professionals by Research Now, only 16 percent used mobile applications with their patients, but 46 percent planned to in the next five years. In addition, 86 percent of healthcare practitioners believed that apps would increase their knowledge of their patient’s conditions, with 46 percent claiming the apps would improve their relationships with their patients. Surveys have also shown that physicians believe there is value in connecting apps with electronic health records to share patient data. While the majority of physicians agree that there is great potential for new technologies to improve healthcare via apps, without any oversight there are obvious potential risks to patients. This has garnered a federal-level response by both the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC).

In February 2015, the FDA issued final guidance on the regulation of mobile medical apps. The FDA defines a mobile medical app as a software application that can be executed on a mobile platform, or a web-based software application that is tailored to a mobile platform but is executed on a server. The FDA’s definition of a “mobile platform,” is a handheld, off-the-shelf, commercial computing platform, with or without wireless connectivity, or a software application that is web-based and executed on a server but tailored to a mobile platform. iPhones, iPads, and other personal mobile devices fall under this definition.

According to the FDA, the targeted mobile medical apps are either “intended to be used as an accessory to a regulated medical device” or “intended to transform a mobile platform into a regulated medical device.” Apps can be considered “medical devices” and subject to FDA regulation if they are “intended for use in the diagnosis or the cure, mitigation, treatment of prevention of disease, or to affect the structure or any function of the body.” Specifically, appendix E of the guidance document provides an overview of compliance obligations applicable to medical devices, including mobile medical apps. Pertinent requirements include: establishing registration and medical device listing, premarket submission for approval or clearance, quality system regulation, product labeling, and adverse-event reporting.

The FDA site provides examples of medical mobile apps that are subject to enforcement discretion. The site also features a document entitled “Examples of Pre-Market Submissions that Include MMAs Cleared or Approved by FDA,” which lists specific approved apps dating back to 1997 and last updated January 9, 2017. Some examples of FDA-approved mobile medical apps include app/device combinations that transform a smartphone into an EKG rhythm strip recorder, ultrasonography machine, blood-pressure cuff, or pulse oximeter.

The FTC contemporaneously released its own guidance aimed at helping health-app developers comply with the FTC Act by incorporating security and privacy into their apps. The FTC Act prohibits companies from engaging in acts or practices that cause or could cause, substantial injury to consumers. Adherence to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule may also be required for apps that incorporate identifiable health information. The rule requires appropriate safeguards to protect patient privacy and sets conditions and limits on the disclosure of protected health information without consumer authorization.

Advising Developers of Health-Related Mobile Applications

How is a developer of mobile medical application to determine whether his or her app is subject to federal regulation? In April 2016, the FTC released a web-based tool for developers of health-related mobile apps. The tool will point the developer toward appropriate detailed information about federal laws that could apply, including HIPAA, the FTC’s Health Breach Notification Rule, and the FTC Act. To reach the appropriate guidance, the tool asks developers comprehensive questions about the data the app collects, the function of the app, and the provision of services.

Practice Points

  1. Examples of Pre-Market Submissions that Include MMAs Cleared or Approved by FDA
  2. For questions in determining whether your app is a medical device, email [email protected] or contact the FDA via Device Advice: Comprehensive Regulatory Assistance; CDRH Division of Small Manufacturers, International and Consumer Assistance (DSMICA).
  3. The FTC’s Mobile Health Apps Interactive Tool