People who use mobile devices to monitor their health may be surprised to hear that up until now, there has been little definitive guidance on what medical apps need regulatory approval. In some cases, this represents a real risk as mobile phone apps and devices attached to phones come onto the market that can measure everything from blood pressure to blood sugar as well as tell you what is in your urine.
Phone picture from Shutterstock
Unlike traditional dedicated medical devices, mobile apps have escaped general regulation up until now. However, in the United States and Australia at least, that is about to change. Almost in tandem, the agencies responsible for medical device regulation — the US Food and Drug Administration (FDA) and the Australian Therapeutic Goods Administration (TGA) — have released guidelines about what mobile health apps they consider need regulatory approval.
Both agencies have taken a similar approach in trying to distinguish between apps that simply provide information or are deemed "low risk" and those that are involved in "diagnosis, prevention, monitoring, treatment or alleviation of disease". So for example, they would classify an electronic health record application as not needing regulation but software that tells you what dose of a drug you need to take based on a measurement would, even if the measurements weren't made by the mobile app itself.
In principle, the guidelines should bring some clarity to the market and from a medical app developer perspective, this may serve to remove obstacles to obtaining potential investment. In the past, the possibility that an app would be subject to regulation from the FDA or TGA and then risk not getting approval has been considered as enough reason to scare off most potential investors.
The problem is that although it seems that this guidance is relatively clear, most medical software, whether mobile or not, falls in a grey area. Take the example of an electronic health record. Whilst electronic records are principally about saving clinical information about a patient, most software incorporates facilities to provide guidance and alerts based on decision support algorithms acting on data entered into the software. Technically, that would make TGA or FDA approval mandatory as it carries a potential risk to the patient if the guidance or decisions are wrong.
Even with apps that clearly act as a medical device, it may not always be clear what the actual risk is to a patient. Part of this is dependent on the context that the app is being used in. A heart rate monitor to measure physical exertion during exercise is not going to be considered a high-risk device. However if the heart rate monitor is being used to detect anomalies in the heart beat or manage exertion in cardiac patients, then that is a different matter.
Risk will vary depending on whether an app is being used by the consumer to diagnose potential problems themselves or by a health professional using it as an everyday diagnostic tool. Beyond diagnosis, the app could be used to manage the condition, alerting the patient to the need to increase or decrease the dose of a medication, for example. There is plenty of scope for things to go wrong in these scenarios.
Take the Spirometer app, which measures how well a person's lungs are working. The app can be used to diagnose potential problems such as asthma and chronic obstructive pulmonary disease. If the app alerts someone to a problem, it can be checked out and confirmed by other means. If the app reports that there is nothing wrong, this could potentially delay someone from seeking help and that delay may make things worse.
The challenge for regulatory agencies however is that there is simply an overwhelming number of apps that could potentially need scrutiny. There are about 900,000 medical apps on the Apple AppStore and 750,00 on Google's Google Play store. It would not be possible for regulatory authorities to review them all especially when you consider that the FDA reviews about 20 apps a year. Scaling this up would be enormously expensive and put the brakes on an active industry that has the potential to bring real benefits to consumers.
What would bring guidance to the medical software industry, consumers and regulators is a set of case studies that illustrate explicitly what needs to be regulated and what doesn't. This would also serve to highlight the risks inherent in consumers and health professionals using these types of app.
Until then, the consumer is, as always in these matters, on their own. If you're using a medical app, it's always worth getting professional advice if there is any doubt or concern about symptoms. Like the internet in general, treat everything that comes from a mobile phone with healthy dose of caution.
David Glance is the Director of the Centre for Software Practice at University of Western Australia. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.