On August 1, 2014, the Food and Drug Administration (FDA) released draft guidance that would exempt from premarket 510(k) review many low-risk medical devices—including certain mobile applications that can convert a cell phone into a medical device, such as a thermometer or a stethoscope. Although the guidance is not yet legally enforceable, the FDA also announced its intention not to enforce compliance with premarket review requirements for these devices and noted that it did not expect manufacturers to submit 510(k)s for these devices prior to adoption of a final rule or order. The FDA’s recognition that these devices are sufficiently well understood and do not present risks that require premarket review to ensure their safety and effectiveness—and its corollary decision to exercise enforcement discretion as to these devices—eases the regulatory burden on medical application developers and expands opportunities for continued development and dissemination of important mobile tools for improving patient care and physician practice.
The FDA’s new guidance, however, may smooth the path to market for many medical mobile apps that the FDA’s 2013 guidance suggested would be subject to premarket approval requirements. By exempting certain additional categories of medical mobile apps from premarket approval, the new guidance allows faster innovation and incentivizes development of products that pose little risk to patients, while raising the quality and efficiency of the care patients receive. Nevertheless, regulatory challenges may be daunting for any app developer wishing to market a product that may be considered a medical device. For instance, certain FDA regulatory requirements apply to all medical devices, even those exempted from premarket review.
Further, all app developers should consider whether their products may face other government oversight or legal challenges. In particular, health information privacy and security is an important aspect of health technology and protection against cyber threats and attacks is crucial. A digitized medical environment, while improving care and access, can be readily exploited by opportunistic hackers. Players in the health IT space should be highly cognizant of this risk and take steps necessary to limit risks to patient safety and the company’s bottom line. Although the new guidance removes some regulatory obstacles to innovation, informed legal counsel remains central to success in this quickly evolving regulatory sphere.
Public comment on the FDA draft guidance will be solicited until September 30, 2014, as outlined in 79 Fed. Reg. 44804 (Aug. 1, 2014). The draft guidance is available for here for review.
Via Pharma Guy