Wireless Devices & Mobile Medical Apps
Are you familiar with the most recent regulatory "guidance" that may be applicable to your envisioned product?
We are witnessing an explosive growth in medical devices that employ wireless technologies, some of which are implanted and others that are attached or “worn” on the body. Collectively, these devices control bodily functions and/or measure an array of physiological parameters and often communicate with nearby receivers that are connected to landline networks, cellular systems or broadband facilities that access the Internet. And, smartphone software applications are ubiquitous.
Many societal benefits derive from these new capabilities, uppermost being the facilitation of decentralized delivery of higher quality health services. There are also new issues for regulatory agencies.
Wireless medical devices pose challenging questions for regulatory authorities:
- Are they compatible with other uses of the radio wave spectrum?
- Are they safe and effective for the patient?
The issues associated with these questions overlap the regulatory authority of two U.S. agencies, the Food & Drug Administration (FDA) and the Federal Communications Commission (FCC).
Recognition of the need for cooperation in regulating these new devices resulted in the July, 2010 issuance of a Joint Memorandum of Understanding regarding the intention of these two agencies to develop “…clear regulatory pathways, processes, and standards to bring broadband and wireless-enabled medical devices to market.”
The joint statement included a reference to the agencies’ intention to “…provide clarity regarding each agency’s scope of authority with respect to these devices, predictability regarding regulatory pathways, and streamlining the application process, as appropriate, to facilitate innovation while protecting patients.”
While it’s encouraging to see federal intentions to clarify regulatory pathways and standards involving these new technologies, you should assume layers of complexity will emerge …
To avoid surprises, become familiar now with agency “Guidance Documents.”
In FDA parlance, “guidance” is defined in the introductory paragraph of all such documents posted on their websites:
“This guidance document represents the Food and Drug Administration’s (FDA) current thinking on this topic. It does not create or confer any rights for or on any person and does not operate to bind FDA or the public. You may use an alternative approach if the approach satisfies the requirements of the applicable statutes and regulations. If you want to discuss an alternative approach, please contact the appropriate FDA staff.”
Later in this section, you will be provided links to several FDA Guidance Documents related to Wireless Medical Devices and Mobile Medical Apps.
What do university researchers actually need to know?
In general, if you expect to have future interactions with industry representatives regarding your proposed device…
You will be more comfortable in discussions and may develop additional credibility with a potential licensee by having some familiarity with the range of regulations that may govern company-sponsored development toward commercialization.
If you are involved in the development of a wireless device that (whether or not intended) has the potential for use in a medical application, you should investigate whether the FDA would likely consider such a product to be a “medical device”, as the agency defines it. For a review of this definition, go to Medical Device Classifications. Keep in mind that the FDA emphasizes the concept of “intended use” as a major determinant of whether or not the agency would claim jurisdiction in the classification and regulation of a medical-related device. Read more about this concept in the discussion below regarding “Mobile Medical Apps”.
Are you mainly interested in selecting the most appropriate wireless technology?
If your intention is not to market the wireless device you are developing, but rather to demonstrate its feasibility and license it to a company for product development, you may be most interested in that portion of FDA guidance relating to the selection and performance of wireless technology. This section details bandwidth restrictions, as well as issues related to quality of service, coexistence, security, and electromagnetic compatibility.
You can go here to review the final guidance FDA published in late 2013 that addresses specific considerations related to the incorporation and integration of Radio Frequency (RF) Wireless Technology in Medical Devices.
Among the array of new health-related smartphone apps and "wearable" sensor technologies, which will be regulated?
FDA Guidance on “Mobile Medical Apps”
In September, 2013, the U.S. Food and Drug Administration issued “final guidance” for developers of mobile medical applications, which are software programs that run on mobile communication devices and perform the same functions as traditional medical devices.
By FDA definition, a “Mobile Medical App” is a software application that meets the definition of a “Medical Device” and, which is:
1. Intended to be used as an accessory to a regulated medical device Example: An application that allows a health care professional to make a specific diagnosis by viewing a medical image from a picture archiving and communication system (PACS) on a smartphone or a mobile tablet, (or which)
2. Transforms a mobile platform into a regulated medical device
Example: An application that turns a smartphone into an electrocardiography (ECG) machine to detect abnormal heart rhythms or determine if a patient is experiencing a heart attack.
In early 2014, the FDA launched a “Road Show”, where agency representatives visited several U.S. universities who hosted public meetings for the purpose of more effectively disseminating FDA information to potential product developers and other interested parties regarding these recently-published guidelines.
Among the most important messages from the FDA Roadshow were the following:
- Guidance now being provided to application developers will help them determine in advance of FDA interactions whether or not a given device would likely be regulated under FDA authority.
- Focus is on functionality of the device, not the medium employed.
- Your intended “user” doesn’t change intended use of the device (e.g., if your product provides medical diagnostic information, it doesn’t matter who you intend to use it)
- Further guidance is forthcoming regarding apps in grey areas such as Clinical Decision Support tools (e.g., algorithm for patient-specific analysis).
How does the FDA judge “intended use” of a device?
The “Intended Use” of mobile applications is the primary determinant of their classification, and your intention would be judged by the FDA in their combined evaluation of …
• “Words” used in describing the intended use (e.g., label claims)
• “Actions” implying different intentions (e.g., investor presentations)
• “Circumstances” (Is there actually a legitimate non-medical use?)
The agency has indicated it intends to exercise “enforcement discretion” (meaning it will not enforce requirements under the Federal Drug & Cosmetic Act) for the majority of mobile apps, as they pose minimal risk to consumers.
FDA released in January 2015 a draft guidance document representing their “current thinking” about a category of products they would not consider to be under their jurisdiction. This document is entitled General Wellness: Policy for Low Risk Devices. Following a period of public comment, this link should contain continually updated information.
NOTE: The FDA intends to focus its regulatory oversight on a subset of mobile medical apps that present a greater risk to patients if they do not work as intended.
Mobile medical apps that undergo FDA review will be assessed using the same regulatory standards and risk-based approach that the agency applies to other medical devices.
Who is regulated…the app developer or the seller?
A related question: If you develop an app for a platform, who is responsible for compliance when platform software or hardware updates occur? The answers are related to determining responsibility for product claims and/or performance specifications.
For answers to the questions posed in this section and a thorough review of this emerging regulatory subject, see FDA final guidance regarding Medical Mobile Apps. Within this guidance document, you can also review examples of devices the FDA intends to regulate, and those they do not (Exhibits A,B,C). These documents are generally updated by the FDA.
Are you thinking about the “bad guys”?
In January 2016, the FDA updated its guidance regarding safeguards against cyber attacks on medical devices and hospital networks. The most recent guidance outlined the agency’s recommendations for ongoing monitoring, in order to identify and address cybersecurity vulnerabilities that may affect medical devices after they have entered the market.
Recent FDA Guidance Documents establish the position that cybersecurity isn’t just a design issue at the time the product is launched...
It’s a product life cycle issue, which requires a change in mindset.
Medical devices capable of connecting (wireless or hard-wired) to another device, to the internet, or to portable media are, of course, more vulnerable to cybersecurity threats than devices that are not connected. FDA says “…the extent to which security controls are needed will depend on the device’s intended use, the presence and intent of its electronic data interfaces, its intended environment of use, the type of cybersecurity vulnerabilities present, the likelihood the vulnerability will be exploited (either intentionally or unintentionally), and the probable risk of patient harm due to a cybersecurity breach.”
The FDA guidance entitled Content of Premarket Submissions for Management of Cybersecurity in Medical Devices , issued in October 2014, is more relevant to design engineers who are in the early stages of medical device development, and was produced to identify issues related to cybersecurity that should be considered at that time, and to guide subsequent preparation of FDA premarket submissions [510(k) or PMA] for those devices.
What is the FCC role in regulating Mobile Medical Devices?
Medical Body Area Networks (MBAN)
In May, 2014, FCC reserved 40 MHZ of wireless spectrum for MBAN, for transmitting information from and between mobile medical devices at home and in hospitals.
MBAN technology consists of small, low-powered sensors – placed on the body – that capture clinical information, such as temperature, respiratory function, or electrical activity of the brain (EEG). MBANs consist of two paired devices — one that is worn on the body (sensor) and another that is located either on the body or in close proximity to it (hub). This new spectrum allocation is expected to provide more reliable service and increased capacity for the use of MBANs in hospital waiting rooms, elevator lobbies, preparatory areas, and other high-density settings.
A good summary of the specifications, output power, frequency bands, and international use of several applicable RF wireless technologies can be found here in the ISO Health Informatics technical report TR 21730.