News & Events
"Health Information Technologies: Administration Perspectives on Innovation and Regulation"
Christy L. Foreman
Food and Drug Administration
Department of Health and Human Services
Subcommittee on Oversight and Investigations
Committee on Energy and Commerce
U.S. House of Representatives
March 21, 2013
Chairman Murphy, Ranking Member DeGette, and Members of the Subcommittee, I am Christy Foreman, Director of the Office of Device Evaluation in the Center for Devices and Radiological Health (CDRH) at the Food and Drug Administration (FDA or the Agency). I am pleased to be here today to discuss issues related to health information technology (health IT), and to talk specifically about the actions FDA is taking to foster innovation in the field of mobile medical applications (mobile medical apps).
Health IT serves as the fundamental infrastructure that enables the management of health information across multiple electronic systems and devices, such as wireless medical devices, hospital information systems, communications infrastructures, and electronic health record (EHR) systems.
The widespread adoption and use of mobile technologies is opening new and innovative ways to improve health and health care delivery. Mobile applications (mobile apps)—software programs that run on smartphones and other mobile communications devices—can help consumers manage their own health and wellness, promote healthy living, and gain access to useful information when and where they need it. Not surprisingly, these tools are being adopted almost as quickly as they can be developed. In fact, industry estimates that 500 million smartphone users worldwide will be using a health care application by 2015 , and by 2018, 50 percent of the more than 3.4 billion smartphone and tablet users will have downloaded mobile health applications . These users include health care professionals, consumers and patients.
FDA believes it is important to adopt a balanced, approach to mobile medical apps that supports continued innovation, assuring appropriate patient protections. We also recognize that mobile health application developers and manufacturers need a clear, predictable, and reasonable understanding of the Agency’s expectations.
Mobile apps span a wide range of health functions. While many mobile apps carry minimal or no risk, others can pose significant risks to patients if they don’t operate correctly. And, as we will discuss, FDA’s proposed guidance takes this variation in risk into account.
Consumers use mobile apps to manage their own health and wellness, such as to monitor their caloric intake for healthy weight maintenance, or like the National Institutes of Health’s LactMed app, to provide nursing mothers with information about the effects of medicines on breast milk and nursing infants. Other apps are aimed at helping health care professionals to improve and facilitate patient care, such as the Radiation Emergency Medical Management (REMM) app, which gives health care providers guidance on diagnosing and treating radiation injuries. Some mobile apps can even diagnose cancer or heart rhythm abnormalities, or function as the “central command” for a glucose meter used by an insulin-dependent diabetic patient.
Consumers and health care professionals should be aware of the potential benefits and risks associated with technologies that incorporate mobile apps. In some cases those risks are similar or identical to the risks associated with an already-marketed medical device. As an example, mobile apps that affect the programming of a drug infusion pump or computed tomography (CT) scanner could lead to a drug or radiation overdose. An inaccurate or malfunctioning mobile medical app that uses a sensor to diagnose skin cancer or to measure critically low blood oxygen levels in chronic lung disease patients, could delay lifesaving diagnosis and treatment.
FDA’s 2011 Draft Guidance and Public Meeting
FDA has jurisdiction over those mobile apps that meet the definition of “device” in section 201(h) of the Federal, Food, Drug, and Cosmetic Act (FD&C Act) and the Agency intends to use this authority reasonably and judiciously. FDA issued draft guidance in July 2011  to announce its intention to exercise enforcement discretion for most mobile apps. The guidance also clarifies that the focus of FDA’s oversight will be the small subset of mobile apps, referred to as mobile medical apps, that meet the definition of “device” in section 201(h) of the FD&C Act and that are either intended to: (1) be used as an accessory to a regulated medical device , or (2) transform a mobile platform into a regulated medical device . This narrowly tailored approach would not require active FDA oversight of many apps that would otherwise meet the definition of “device.” Our draft guidance clarified that a currently regulated medical device would not become unregulated just because it was designed to work on a mobile platform.
For example, medical ultrasounds and electrocardiogram (EKG) machines are medical devices subject to FDA review whether or not they are on a mobile platform. We believe that focusing FDA oversight on a narrow subset of mobile apps will encourage the development of new products while providing appropriate patient protections.
Just as important as what the policy proposes is what the policy does not propose. FDA’s proposed mobile medical apps policy would not regulate the sale or general consumer use of smartphones or tablets. FDA’s proposed mobile medical apps policy would not consider entities that exclusively distribute mobile medical apps, such as the owners and operators of the “iTunes App store” or the “Android market,” to be medical device manufacturers. FDA’s proposed mobile medical apps policy would not consider mobile platform manufacturers to be medical device manufacturers just because their mobile platform could be used to run a mobile medical app regulated by FDA. FDA’s proposed mobile medical apps policy would not require mobile medical app developers to seek Agency re-evaluation for minor, iterative product changes. FDA’s proposed mobile medical app policy would not apply to mobile apps that perform the functionality of an electronic health record (EHR) system or personal health record system.
The draft guidance also states the Agency’s intent to exercise enforcement discretion for those mobile apps that do not meet the proposed definition of a mobile medical app, even if the mobile app meets the FD&C Act’s definition of a “device.”
Throughout the development of the mobile medical apps draft guidance and following its issuance in July 2011, FDA has actively encouraged public feedback on how the regulatory approach proposed in the draft guidance would affect the balance between promoting innovation and providing reasonable assurance of safety and effectiveness. In addition to opening the draft guidance for public comment, the Agency has interacted with the stakeholder community, including traditional medical device firms, software companies, health care professionals, patient advocacy groups, health care facilities, third-party payers, and the health IT community. FDA also hosted a widely attended public meeting to provide a forum for discussion and to encourage additional public comment from interested stakeholders on the issues raised in the draft guidance .
In total, FDA has received more than 130 submissions to the public docket on the July 2011 draft guidance. Respondents have overwhelmingly supported the narrowly tailored, risk-based approach described in the draft guidance, and we continue to receive many inquiries from industry stakeholders who are eager to see the guidance finalized. Some commenters have sought additional clarity on the types of mobile apps that would fall within the scope of enforcement discretion; the final guidance will provide such additional clarity and examples.
It is important to note that FDA has been regulating medical device software for decades and medical device software on mobile platforms for more than 10 years. The Agency has reviewed approximately 100 mobile medical apps, including remote blood pressure, heart rhythm, and patient monitors, and smartphone-based ultrasounds, EKG machines, and glucose monitors.
Some have questioned the implications of the medical device excise tax (device tax) enacted as part of the Health Care and Education Reconciliation Act of 2010 in conjunction with the Patient Protection and Affordable Care Act for mobile medical apps. The Internal Revenue Service (IRS) and the Department of the Treasury, not FDA, are responsible for the excise tax imposed on the sale of certain medical devices. The IRS’ final regulations  pertaining to the device tax define a taxable medical device as “a device that is listed as a device with the FDA under 510(j) of the FFDCA and 21 CFR Part 807” and provide a “retail exemption” for medical devices that are “generally purchased by the general public at retail for individual use.” Questions about the implementation of this policy should be directed at the IRS.
FDA developed the Agency’s draft mobile medical apps policy to protect public health and promote innovation. Because the draft guidance states that the Agency intends to exercise enforcement discretion for certain categories of mobile apps with respect to applicable device requirements, including listing, FDA does not expect such devices to list. FDA plans to provide additional clarity regarding the specific types of apps for which the Agency intends to exercise enforcement discretion in the final mobile medical apps guidance. The Agency intends to maintain a publicly available website with updated information listing those apps which have been cleared or approved by FDA and those for which FDA intends to exercise enforcement discretion, in order to provide continuing clarity on this issue for industry and other stakeholders.
Developing an Appropriate, Risk-based Regulatory Framework for Health IT
Mobile medical apps represent just one component in an increasingly connected health care environment. Three federal agencies—FDA, the Office of the National Coordinator for Health Information Technology (ONC), and the Federal Communications Commission (FCC)—each have unique and complementary responsibilities in the health IT arena. Section 618 of the Food and Drug Administration Safety and Innovation Act (FDASIA), enacted on July 9, 2012, requires the Secretary of Health and Human Services, acting through the Commissioner of Food and Drugs and in consultation with the National Coordinator for Health IT and the Chairman of FCC, to prepare a report by January 2014 containing “a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication.” 
FDA, ONC, and FCC have established a “FDASIA Workgroup” under ONC’s Health IT Policy Committee (HITPC) , which will provide expert input to ONC’s HITPC to inform the development of this report. Like ONC’s other workgroups, it will be comprised of a wide range of stakeholders and conducted in a transparent manner with ample opportunity for public comment.
FDA recognizes the importance of implementing a balanced, transparent approach that fosters the development of health IT solutions and innovative products like mobile medical apps, while ensuring appropriate patient protections. Like traditional medical devices, mobile medical apps may in some cases present significant health risks to patients. FDA seeks to strike the right balance by providing a risk-based, focused approach to the oversight of a small subset of mobile medical apps that present a potential risk to patients if they do not work as intended. Consistent with this balanced approach, FDA would not regulate the sale or general consumer use of smartphones or tablets.
In its regulation of medical devices, the Agency strives for transparency, interaction, collaboration, and the appropriate balancing of benefits and risks; ensuring predictable and consistent recommendations, decision-making, and application of the least-burdensome principle; and implementing efficient processes and use of resources. FDA’s ongoing actions with respect to the regulation of mobile medical apps, and the tri-Agency collaborative effort on health IT, reflect this regulatory approach.
Thank you for your commitment to the mission of FDA and the continued success of our medical device program, which helps to ensure that patients and health care professionals have access to safe and effective innovative medical technologies. Thank you for the opportunity to testify today about issues related to health IT, including mobile medical apps, and about the actions that FDA is taking to foster innovation. I am happy to answer questions you may have.
 Research2Guidance, “500m people will be using healthcare mobile applications in 2015” (Nov. 10, 2010), available at http://www.research2guidance.com/500m-people-will-be-using-healthcare-mobile-applications-in-2015/
 Research2Guidance, “Mobile Health Market Report 2013-2017: The Commercialization of mHealth Applications” (March 4, 2013), available at http://www.research2guidance.com/shop/index.php/downloadable/download/sample/sample_id/262/
 FDA, “Draft Guidance for Industry and Food and Drug Administration Staff - Mobile Medical Applications” (July 21, 2011), available at http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm263280.htm
 For example, an application that allows a health care professional to make a specific diagnosis by viewing a medical image from a picture archiving and communication system (PACS) on a smartphone or a mobile tablet.
 For example, an application that turns a smartphone into an electrocardiograph (ECG) machine to detect abnormal heart rhythms or to determine if a patient is experiencing a heart attack.
 FDA, “Public Workshop - Mobile Medical Applications Draft Guidance, September 12-13, 2011,” available at http://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm267821.htm
 IRS, “Taxable Medical Devices, (Final Regulations),” 77 Fed. Reg. 72924, 72934 (Dec. 7, 2012), available at http://www.gpo.gov/fdsys/pkg/FR-2012-12-07/pdf/2012-29628.pdf
 Food and Drug Administration Safety and Innovation Act, Public Law 112-144 (126 Stat. 993) (July 9, 2012), available at http://www.gpo.gov/fdsys/pkg/PLAW-112publ144/pdf/PLAW-112publ144.pdf
 See FCC, “Membership Applications Sought for FDA Safety Innovation Act Workgroup,” available at http://www.fcc.gov/membership-applications-sought-fda-safety-innovation-act-workgroup. The Workgroup is being formed under the ONC’s HITPC , a federal advisory committee established by the Health Information Technology for Economic and Clinical Health (HITECH) Act (Title XIII of the American Recovery and Reinvestment Act, Public Law 111-5 (123 Stat. 115) (Feb. 17, 2009), available at http://www.gpo.gov/fdsys/pkg/PLAW-111publ5/pdf/PLAW-111publ5.pdf