I have been running around a lot lately doing presentations on conferences about medical devices and software, so I though it would be useful to give you a round-up on that subject.

Medica and FDA guidance on mobile medical apps

To that end, I would like to share with you this presentation of today at the Medica 2011 in Düsseldorf, Europe's largest medical devices fair. I was invited to speak about the FDA's draft guidance on mobile medical apps, so I decided to – besides visit clients and my friends of the Continua Health Alliance to catch up – do that and also bridge the gap to the EU from that document. As I and others have argued before, this guidance works very well in the EU too. There are some novelties in this presentation: a summary of the comments to the FDA document and a timeline for the document.

The short version of the summary of the comments made to the FDA about the draft guidance:

  • Intended use approach leads to too broad scope and is not clear enough; FDA should specify positively the intended uses that trigger regulation
    • Define "health and wellness"
    • Impact of consumer use versus professional use in regulation
    • Low risk products should be exempted
  • Normal accessory rule problematic in mobile and electronic health scenarios, because risk profile of these accessories is not necessarily  the same as parent device
  • More guidance is needed for roles and responsibilities of other parties involved in the manufacturing (vendors), network services (ISPs) and distribution (app stores)
  • Provide for modularisation of software and software specific classification rules

 Modularisation

Although the FDA seems to be ahead of the EU in terms of software regulation, there is one area where the EU seems to be ahead of the US is on modularisation of software. This a major concern for the vendors of modular software, because having to also certify non-medical functionality (especially if that is the biggest part of a software package) poses a siginificant regulatory burden. The draft MEDDEV that I have referred to earlier actually contains a model for 'modularisation' of software that allows a manufacturer/vendor of a larger software system to slice it up in modules regulated as medical device and others that are not. As the text of the draft MEDDEV currently stands the manufacturer must then make the assessment that

"the whole combination, including the connection system must be safe and must not impair the specified performances of the devices. Any restrictions on use must be indicated on the label or in the instructions for use."

This, you will of course have guessed correctly, is identical to Annex I point 9.1 of the Medical Devices Directive and 3.1 of the IVD Directive, which the MEDDEV refers to explicitly. Old rules for new solutions, I am curious how this will turn out. I know that at least some of the EU member states have criticised this solution, so it may yet change in the final version, who knows.

 Roles and responsibilities

Since the EU review of medical devices will address post marketing surveillance much more seriously throughout the supply chain, it is my expectation that there will be some attention in the new regulation to the roles and responsibilities of other parties involved in the manufacturing (vendors), network services (ISPs) and distribution (app stores) that the market asks the FDA for.

General health and wellness apps

Although the FDA has now been asked to clarify how it will exercise its enforcement discretion with respect to software for low risk health and wellness intended purpose, the EU does not have that freedom to operate since its medical devices concept is binary and therefore the related enforcement capabilities cannot be exercised on a sliding scale. Of course national authorities may still use other safety related legislation such as the General Product Safety Directive and Unfair Business to Consumers Commercial Practices Directive for policing these apps. For example, that latter statute contains a pretty hard and fast absolute blacklist prohibition rule on "falsely claiming that a product is able to cure illnesses, dysfunction or malformations". Another nice one for mobile medical apps in general that do not comply with the rules is the blacklisted: "Claiming that a trader (including his commercial practices) or a product has been approved, endorsed or authorised by a public or private body when he/it has not or making such a claim without complying with the terms of the approval, endorsement or authorisation." That is fully applicable to the sale of medical apps to consumers in the EU.

What is next?

The FDA received a little over 90 submissions on the draft guidelines, some very substantial (100+ pages!), so it will take them some time to ruminate and digest all these comments. As far as I know they are expected to come out with a final guidance document somewhere in the first quarter of 2012. However, if you think that's it for medical software – think again. The FDA is already planning additional guidance on Clinical Decision Support Systems (CDS) once they have finalized the Mobile Medical Apps guidance. And these may overlap in certain cases of course. So all you manufacturers mobile medical apps and other software with decision support functionality: you are quite there yet for the moment.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.