Supporters of legislation argue FDA will not cabin its regulatory power on its own.
Several House of Representatives Commerce Committee members recently introduced a bill to limit FDA regulation of certain medical software, in particular medical apps used on smartphones and tablets. The bill is the latest inflection point in an ongoing debate about how to appropriately regulate medical health IT generally, and so-called mHealth in particular. The questions posed are weighty and encompass the need to ensure patient safety while at the same time foster innovation in the rapidly evolving and high-growth mobile marketplace.
As previously reported in The Regulatory Review, reliable research estimates that 500 million smartphone users worldwide will be using healthcare apps by 2012, and by 2018, 50 percent of more than 3.4 billion smartphone and tablet users will have downloaded mobile health applications. Unsurprisingly, these apps span the healthcare waterfront, from apps that count calories to those that are more intrusive, such as apps that claim to use a sensor to diagnose skin cancer.
The FDA has authority to regulate medical devices pursuant to 21 USC § 301. In recent years, the agency has grappled with how to exercise this authority in the mobile health field. The agency issued draft guidance in 2011 announcing its intention to exercise enforcement discretion for most apps. The guidance also stated that the agency’s regulatory efforts would focus on apps that meet the definition of a medical device and were also intended for use as an accessory to a mobile device, or that transformed a mobile platform into a medical device. At a hearing before a House subcommittee earlier this year, the FDA further clarified and cabined this guidance by testifying that the agency did not intend to regulate the sale of mobile hardware such as smartphones, or the mobile app distribution channel writ large, explicitly referring to Apple’s iTunes store and Google’s Andriod marketplace. The FDA testimony also described its draft guidance as a “narrowly tailored, risk based approach” to regulation.
At the mHealth House hearings Republican lawmakers expressed skepticism that the FDA would successfully cabin its authority. Representative Joe Pitts, who chairs the Commerce Committee subcommittee on health, lauded the FDA’s attention to “the needs of patients” but expressed concern about the “negative impacts that FDA regulation – with its uncertainty, high costs, and long approval times – has had on the medical device industry.” He added that such issues in the mHealth space “could cripple a still evolving and promising industry, where the average developer is small and the cost of these apps are relatively inexpensive.”
This skepticism appears to permeate the recently circulated House bill, the long title of which is “Sensible Oversight for Technology which Advances Regulatory Efficiency Act of 2013” (otherwise known as the SOFTWARE Act). The bill adds to 21 USC § 301 three definitions of software: “medical software,” “clinical software,” and “health software.” Only medical software shall be subject to regulation by the FDA. Medical software is defined in the first instance as software designed to “change the structure or any function of the body.” According to the bill’s chief co-sponsor, Representative Blackburn, the definitions established in the SOFTWARE Act tailor the FDA’s authority “to the realities of the 21st century” by focusing the agency’s authority on “the products that pose a potential risk to human health.”
The bill does not tackle mHealth regulatory issues beyond the FDA, and mobile apps can fall within the jurisdiction of several regulatory agencies. For example, data collection by mobile apps with the functionality to provide an electronic health record (EHR) system could fall within the remit of Health Insurance Portability and Accountability Act (HIPPA) Privacy Rule and Security Rule.
The wider Health IT regulatory scheme – which encompasses mHealth – is currently the subject of an inter-agency review by three federal agencies – the FDA, the Office of the National Coordinator for Health Information Technology (ONC), and the FCC. This review was mandated by the Food and Drug Administration Safety and Innovation Act of 2012, which charged these agencies with preparing a report by January 2014 to contain “a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication.”