mHealth regulations - Global efforts and readiness _White paper_DELL
1. mHealth Regulations:
Global Efforts and Readiness
As mobile device use becomes pervasive in healthcare, regulatory agencies address
patient safety, privacy and need for innovation.
March 2014
Balancing safety and innovation
mHealth, short for mobile health, has become a disruptive
force in healthcare, changing the way clinicians and patients
interact with technology.
With the development of a wide range of mobile medical
applications, regulatory agencies must rethink the very
definitions of medical devices. While patient safety and
privacy are paramount, many stakeholders are advocating for
regulations that do not stifle innovation.
The global response: advocacy, collaboration
As regulatory bodies formulate their response to mHealth, an
international collaboration is developing, seeking to provide
a global standard.
Through this paper, we will look at current regulations and
guidelines that address requirements for mobile health in
various regions. We will also take stock of efforts currently
underway to ensure that future regulations strike the right
balance between patient safety and encouraging innovations.
2. 2
“One key challenge
for application
developers and
other stakeholders
who seek to
promote adoption
of innovative apps
on a large scale is
the nascent and
unclear regulatory
environment.”
Almost half of all respondents in
the Epocrates survey are digital
omnivores — clinicians who utilize a
tablet, smartphone and laptop/desktop
computer routinely in a professional
capacity.
mHealth is largely enabled today by
mobile handsets, tablets, personal digital
assistants, patient monitoring devices
and other wireless devices. With the
overwhelming adoption of these devices
by the healthcare community, mHealth
can be applied:
• Across all aspects of health,
including wellness, prevention,
illness and recuperation
• Across all healthcare delivery
settings, including home health,
remote health, outpatient care, day
care, acute care, sub-acute care,
hospice and long-term care
• To different end uses, such
as remote health monitoring,
reminders and scheduling, research,
clinical decision support and
medical training
• To a wide variety of users such as:
–– Physicians, nurses and other
healthcare professionals
–– Patients
–– Healthcare payers
–– Governments
–– Medical device providers
–– Pharmaceutical entities
mHealth is expected to change the way
healthcare is conceived, monitored,
delivered and accessed in the years to
come. As with every disruption, mHealth
also has its own set of challenges. One
key challenge for application developers
and other stakeholders who seek to
promote adoption of innovative apps on
a large scale is the nascent and unclear
regulatory environment.
Unanswered questions concerning the
acceptance and viability of these mobile
apps have contributed to hesitation
and longer cycles of adoption. This is
especially the case for higher-end apps
(which generally are the most useful).
The recent issuance of guidelines by
the Food and Drug Administration (FDA)
in the USA on September 25, 2013,
is probably the most concrete step
toward addressing this pressing need for
regulatory clarity around mHealth.
The regulatory requirements available for
mHealth have so far been mostly linked
to those applicable to medical devices
or, in some cases, to those applicable to
drugs. The regulatory agencies meant
for regulating medical devices and/or
drugs have issued these guidelines and
are working on providing further clarity
on the regulations for mHealth. So far,
the Food and Drug Administration (FDA)
in the USA, the European Medicines
Agency (EMA) in the EU and the
Therapeutic Goods Administration (TGA)
in Australia have issued such mHealth
guidelines.
However, because mHealth merges the
interests of healthcare, manufacturers
of medical devices and drugs,
telecommunications players and
healthcare IT, a holistic approach to
mHealth is proving to be a disruptive technology in healthcare
by addressing many of the industry’s key concerns, including
affordability, availability, accessibility, accountability and
assurance. A 2013 Epocrates survey of mobile device use
by clinicians reported that by 2014 “9 in 10 healthcare
providers will use smartphones, and nearly as many will have
adopted tablets.”1
3. 3
regulate mHealth (going beyond the
boundaries of medical devices/drugs)
will become essential over time. Future
mHealth regulations and guidelines are
expected to address the following:
• Classification of mHealth
applications according to their need
for depth of regulatory oversight,
using multiple variables such as
safety, failure impact, nature of data
captured/carried/retrieved. Clear
definitions of these classifications
and the dispute handling
mechanism will be crucial.
• Definition of certification
requirements for each category
and applicable processes for
certifications. Safety, privacy and
security requirements are expected
to lead the list.
• Definition of interoperability
and other applicable technology
standards.
• Clarification of how existing
healthcare regulations, such as the
Health Insurance Portability and
Accountability Act (HIPAA) in the
U.S., will affect certification.
• Clarity on regulatory requirements
for mHealth data traffic that crosses
international boundaries.
There are current regulations and
guidelines in several regions that
address requirements for mobile health.
In addition, there are stakeholders
around the globe advocating for a
balance between patient safety and
encouraging innovations. These efforts
vary in effectiveness, and further work to
establish successful mHealth regulations
and guidelines is needed.
European Union and Australia:
guidelines with little clarity
The European Union was probably the
first to provide guidelines on mHealth
applications and mobile apps, in January
2012. They focused on the “qualification
and classification of standalone software
used in healthcare within the regulatory
framework of medical devices.”2
This
guideline also covered applications
on mobile devices. Since then, most
of the member states of the EU have
adopted these guidelines with necessary
customizations, including U.K.’s
Medicines and Healthcare Products
Regulatory Agency (MHRA).
Australia issued guidance on medical
software and mobile medical apps
through its regulatory agency TGA on
September 13, 2013.3
These guidelines
try to clarify how the existing rules
for medical devices and drugs apply
to software associated with medical
devices, including mobile health
applications.
While the EU and Australian guidelines
are a start, they are generic in nature
and apply to any software associated
with medical devices. mHealth apps are
not specifically covered. The guidelines
also lack depth and clarity and do not
define all of the diverse and complex
mobile health apps. The EU commission
is now working on a green paper which
will launch a public debate about using
mHealth to take control of one’s health.
They are also working on a guidance
document on the legal framework
applicable to health and wellness apps.
The EU has indicated that it will issue
the green paper and guidance
document in early 2014.
The USA: clearer guidelines, but further
work is needed
The FDA issued its final guidelines on
mobile medical applications (MMAs) on
September 25, 2013.5
These guidelines
are the most descriptive thus far for
mHealth apps. They are expected to
help other countries define their own
mHealth requirements and guidelines.
Key highlights include:
1. The FDA is taking a tailored, risk-
based approach that focuses on the
small subset of mobile apps that
meet the regulatory definition of
device, and that either:
–– Are intended to be used as an
accessory to a regulated medical
device, or
–– Transform a mobile platform into
a regulated medical device.
4. 4
2. The FDA will review only those
mobile apps that have potential
to harm the consumer.
3. The FDA will regulate both pure
software that is used for some
critical functions, as well as a
combination of accessories and
software that has the potential to
harm the consumer.
4. The following are the type of mobile
apps that the FDA considers to be
mobile medical apps subject to
regulatory oversight:
–– Mobile apps that are an extension
of one or more medical devices
by connecting to such device(s)
for purposes of controlling the
device(s), or displaying, storing,
analyzing or transmitting patient-
specific medical device data.
–– Mobile apps that transform
the mobile platform into
a regulated medical device
by using attachments, display
screens or sensors, or by
including functionalities similar
to those of currently regulated
medical devices.
–– Mobile apps that use attachments,
display screens, sensors or other
similar components to transform
a mobile platform into a regulated
medical device are required
to comply with the device
classification associated with the
transformed platform.
–– Mobile apps that become a
regulated medical device (using
software) by performing patient-
specific analysis and providing
patient-specific diagnosis or
treatment recommendations.
These types of mobile medical
apps are similar to or perform the
same function as those types of
software devices that have been
previously cleared or approved.
5. The FDA will apply the same risk-
based approach used to assure
safety and effectiveness for other
medical devices. This includes:
–– Regulating Class II (moderate-risk)
and Class III (high-risk) MMAs
–– Exercising enforcement discretion
on lower-risk MMAs
6. The FDA will consider the
applications on a case-by-case
basis and will not require expensive,
time-consuming clinical trials if the
app resembles a medical device
currently on the market.
7. The apps will be subject to the same
regulatory standards that apply to
the medical devices they resemble
and not to any new set of standards.
8. The following are not regulated by
the FDA:
–– Mobile apps that do not meet
the definition of device as defined
by FDA — section 201(h) of the
Federal Food, Drug, and
Cosmetic Act
–– Electronic medical record,
electronic health record and
personal health record apps
on mobile devices
–– Mobile devices
–– Mobile apps store
–– Mobile platform manufacturer
While these guidelines serve as good
starting points, there are still many
unanswered questions. The FDA has
said that it will submit a report to the U.S.
Congress in early 2014 that outlines a
broad framework for health IT regulation.
The FDA says this report will describe
how these mHealth guidelines will
work. This should help clarify the future
regulatory environment for mHealth.
5. 5
International group working
on recommendations
In addition to these attempts at defining
mHealth regulatory frameworks in the
USA, the EU and Australia, a global
group of device regulators is developing
a set of recommendations that would
establish international standards for
medical apps. The International Medical
Device Regulators Forum (IMDRF) is a
voluntary association of medical device
regulators from around the world —
including those from Australia, Brazil,
Canada, EU, Japan and USA.7
The IMDRF formed a dedicated working
group in March 2013, tasked with
developing and harmonizing approaches
to the regulation of standalone medical
device software, including MMAs. Once
the group’s recommendations are
available, the IMDRF expects that many
of the member agencies and others
will update their existing guidelines and
regulations to meet these standards or
adopt the IMDRF standards as their own.
Advocacy efforts focus on balance
between safety and innovation
While regulators are drafting standards,
industry forums, not-for-profit
organizations and policy makers are
advocating for regulations that create
an environment which protects patient
safety and privacy without setting up
barriers that will discourage innovation.
mHealth Regulatory Coalition
The mHealth Regulatory Coalition
(MRC) is a Washington-based advocacy
group established in 2010 with the
sole purpose of making sure the
regulatory environment around mHealth
technologies does not limit innovation.
MRC brings together a broad group
of stakeholders in mHealth, including
app developers, cellular handset
manufacturers, network operators,
healthcare providers, researchers,
and patient and disease-focused
advocacy groups.
MRC played a key role in moving the
FDA to publish its mHealth guidelines
ahead of the originally proposed
release date of January 2014. MRC is
now working on issues concerning the
published guidelines. Its activities include:
• Defining which agency should
regulate mHealth
• Clarifying the scope of the FDA’s
regulatory powers
• Improving the regulatory
environment for apps subject
to FDA oversight
MRC has now formed a European
equivalent of the American group,
called MRC EU. It expects to go country
by country to address the regulation of
standalone medical software and mobile
medical apps.
Other advocacy groups
The mHealth Alliance is a voluntary
organization hosted by the United
Nations Foundation. It was founded
in 2009 by the Rockefeller Foundation,
the Vodafone Foundation and the UN
Foundation with a mission “to harness
the power of wireless technologies to
improve health outcomes in low and
middle income countries.” It advocates
for establishing standardization and
interoperability of mHealth platforms.
In addition to its original founding
partners, it now lists HP, GSM
Association and the Norwegian Agency
for Development Cooperation (Norad)
as founding partners.
D4 is a voluntary organization in the U.K.
that promotes mobile health technology
adoption by healthcare professionals.
They also advocate for balanced
mHealth regulations.
U.S. legislative efforts to promote
predictability and limit FDA oversight
Representative Mike Honda,
(D-CA), has proposed establishing
an Office of Wireless Health in the
FDA through legislation called the
Healthcare Innovation and Marketplace
Technologies Act (HIMTA). Originally
introduced in 2012 and reintroduced
in June 2013, the act proposes
establishment of this new office. It aims
“to cultivate a predictable regulatory
framework on wireless health issues,
as well as develop a mHealth support
program at the Department of Health
and Human Services to help mobile
health app developers conform to
current privacy standards.”
Representative Marsha Blackburn (R-TN),
leading a group of bipartisan law makers,
introduced the Sensible Oversight for
Technology which Advances Regulatory
Efficiency (SOFTWARE) Act of 2013. Its
intent, according to Blackburn, is to
provide regulatory clarity on mobile
medical applications, clinical decision
support, electronic health records and
other health-related software. It also
seeks to ensure regulatory restraint and
limit the FDA’s powers.
The act defines three categories of
mHealth software: medical, clinical and
health. Under the proposed act, only
medical apps would need FDA approval.
The act defines medical apps as software
that directly changes the structure or
functioning of the body (or would do
so if its recommendations or diagnostic
findings were followed), or includes
the use of a regulated therapy without
physician involvement.
Emerging clarity on regulations fueling
innovation and uptake
Clearly, advocacy efforts are gaining
momentum across the globe, as are
efforts to define appropriate regulations
and guidelines for mHealth. Healthcare
providers, health IT vendors, regulators,
governments, non-governmental
organizations (like the UN and the
World Healthcare Organization), cellular
manufacturers, network operators,
researchers, patients and disease-specific
support groups have all been part of
this process. Thanks to their efforts, by
the end of 2014 or in early 2015, the
mHealth regulatory landscape is likely to
be much more defined and predictable,
at least in the developed world.
With this increased regulatory clarity,
developers will move forward on
6. 6
affordability, reach and availability issues.
The following are some of the key
developments we predict will occur in
the near future.
Demand for mHealth applications
will increase as healthcare providers,
payers and life sciences organizations
accelerate adoption of mobile tools.
Innovation will increase as regulatory
clarification creates the predictability
needed to encourage investors and
entrepreneurs.
Payers will reimburse for services
provided through mobile medical apps.
In fact, payers will encourage adoption
of telehealth as a means of increasing
access to care and lowering costs. For
example, Medicare, the government-
funded health insurance program for the
elderly and disabled in the U.S., has just
announced the expansion of coverage
for telehealth consults in 2014.
The Internet of Things will grow.
Regulatory clarity will encourage
developers, and there will be an
exponential increase in the number of
web-enabled medical devices in the
next few years. This will increase the
number of “things” communicating via
the internet. The Internet of Things and
machine to machine technologies are
catching up in a big way and mHealth is
the gateway to its adoption in healthcare.
New ancillary industries will grow.
This includes:
• Mobile-based personal health
monitoring will go beyond fitness
apps. Smart phones, phablets (hybrid
devices that are tablets with phone
capabilities) and tablets designed for
medical use will make their way into
the market. Accessories will become
available for wireless tracking of vital
signs that go beyond measuring
heart rate to include a wide range
of health metrics.
• Remote health monitoring and
interventions will increase. Home
monitoring systems will increase
due to hospitals seeking to prevent
unnecessary readmissions and
physicians seeking to improve
outcomes for patients with chronic
diseases and unstable or fragile
conditions. The need to serve
patients in medically underserved
areas of the globe will spur
development of a wide variety of
telehealth systems that use remote
monitoring devices.
• Non-traditional players will enter
the market to provide remote health
services. Telecommunications
players will invest in mHealth
initiatives leading to further
innovation and reach.
Let the preparations begin
Despite a wide variety of regulatory
environments and differences in health
systems, a kind of globalized regulation
is shaping up for mHealth, which is
quite an interesting phenomenon for a
globally diverse industry like healthcare.
This will allow mHealth applications to
function across national borders, while
remaining locally relevant and locally
regulated. To prepare for the coming
expansion of mHealth in the wake of
this new regulatory clarity, stakeholders
should take the following steps now:
• If you have mobile apps that
are already being used or under
development, consider a quick audit
using published FDA guidelines
and local regulatory compliance
(where available) — and take action
accordingly.
• Revisit your mobility strategy and
redefine goals and objectives to
make sure regulatory requirements
are incorporated appropriately
into your initiatives. Evaluate your
portfolio of mobility initiatives in
the pipeline using FDA and local
guidelines wherever available.
• Update telehealth and medical
home programs with mHealth
regulation audits built in.
• Keep an eye on local regulatory
bodies to make sure you know
about any new guidelines or
updates to existing regulations.
• If your organization is operating in
more than one country, audit your
apps and devices to ensure they
meet the regulatory requirements
for each country in which they will
be marketed. Make sure that your
apps also comply with country-
specific security and privacy laws,
since most of the regulations are
likely to refer to these.
• Work with your vendors and
mHealth app providers (IT/Devices/
Drugs) to ensure all devices and
apps they provide are approved
by the FDA as well as local
regulators. If the FDA model
becomes universal, having
FDA-approved devices and apps
will simplify the approval process.
• Ensure that your bring-your-own-
device (BYOD) strategies take
regulatory requirements
into consideration.