+972 54 8028817

 A Practical Guide to the FDA & mHealth Apps

It has been less than 10 years since smartphones first hit the market and revolutionized our daily lives. Some would say that our fondness for these mobile devices has had a negative impact on our social interaction skills. But there is no doubt that they have also provided a powerful platform for health-related applications, which are often referred to as mHealth apps. With their powerful computing power, always-on connection to the internet, built-in audio, optic, movement and location sensors, and touch-screen interface, it is not surprising that the availability of and demand for mHealth apps has been increasing dramatically year-over-year, with 3 billion downloads in 2015A Practical Guide to the FDA & mHealth Apps/

In February 2015 the US Federal Drug Authority (FDA) issued a Mobile Medical Applications Guidance which clarifies its regulatory oversight strategy for mHealth apps. More specifically, the guidance document aims “to clarify the subset of mobile apps to which the FDA intends to apply its authority.”

When is a Mobile App a Medical Device Subject to FDA Authority?

The FDA views mobile apps as falling into one of three broad categories:

  1. Mobile apps that are not medical devices as defined under section 201(h) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) and the FDA does not regulate them.
  2. Mobile apps that may meet the definition of a medical device but because they pose a lower risk to the public, the FDA will not enforce requirements under the FD&C Act.
  3. Mobile apps that are medical devices and whose functionality could pose a risk to a patient’s safety if the mobile app were to not function as intended.

The FDA acknowledges that the vast majority of mHealth apps fall under the first two categories. However, when the intended use[1] of a mobile app is “for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man”, then the mobile app is a medical device and falls under the definition of a mobile medical app (MMA) that is subject to FDA oversight.

 First Things First, Do You Fit the FDA’s Definition of an MMA “Manufacturer”?

Given the unique ecosystem in which mHealth apps operate, the FDA felt compelled to provide clear guidelines about who is -- and who is not -- an MMA “manufacturer” subject to FDA oversight. The following table summarizes the criteria:

“Manufacturer”Not “Manufacturer”
  • Creates, designs, develops, labels, re-labels, remanufactures, or modifies a mobile medical app software system from multiple components.
  • Initiates specifications or requirements for mobile medical apps or procures product development / manufacturing services from second parties for subsequent commercial distribution.
  • Creates a mobile medical app and hardware attachments for a mobile platform that are intended to be used as a medical device by any combination of the mobile medical app, hardware attachments and mobile platform.
  • Provides a mobile medical app as a subscription-based service.
  •  Mobile platform manufacturers or distributors, with no intention that it be used for medical device functions.
  • 3rd parties who solely provide market access to mobile medical apps.
  • Providers of tools, services or infrastructures used in the development, distribution or use of a MMA.
  • Licensed practitioners who develop or alter a MMA to be used solely in their own professional practice.
  • Persons who manufacture MMAs for use in research, teaching or analysis, not to be introduced into commercial distribution.

How Can You Know if Your mHealth Application is Subject to FDA Oversight?

The following table provides more detailed guidelines and examples as to which mHealth apps would be subject to oversight and which mHealth apps the FDA will forego enforcement. It should be noted that MMAs, like other devices, may be classified as class I (general controls), class II (special controls in addition to general controls), or class III (premarket approval):

Subject to Enforcement (MMA)FDA Will Not Exercise Enforcement
  • Mobile apps that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or for use in active patient monitoring or analyzing medical device data: Required to comply with the regulations applicable to the connected medical device in order to address any associated risks. For example: displaying images directly from a PACS server; remote display of data from bedside monitors; inflating/deflating blood pressure cuff, controlling insulin delivery via insulin pump.
  • Mobile apps that transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors or by including functionalities similar to those of currently regulated medical devices: Required to comply with the device classification associated with the transformed platform. For example: a blood glucose strip reader + mobile platform = glucose meter; ECG electrodes + mobile platform = ECG device.
  • Mobile apps that perform patient-specific analysis and provide patient-specific diagnosis, or treatment recommendations: These types of MMAs are similar to or perform the same function as those types of software devices that have been previously cleared or approved. For example: use patient-specific parameters to calculate dosage or create a dosage plan for radiation therapy.
  •  Mobile apps that provide or facilitate supplemental clinical care, by coaching or simple prompting, to help patients manage their health in their daily environment.
  • Mobile apps that provide patients with simple tools to organize and track their health information –without providing recommendations to alter or change a previously prescribed treatment or therapy. This includes mobile apps that allow users to share this information with their health care provider as part of a disease-management plan.
  • Mobile apps that provide easy access to contextually-relevant information (such as best practice guidelines or lookup tables) related to patients’ health conditions or treatments.
  • Mobile apps that are specifically marketed to help patients document, show, or communicate to providers potential medical conditions, e.g., medical videoconferencing portals, apps that use the built-in camera
  • Mobile apps that perform simple calculations routinely used in clinical practice, e.g., BMI calculator, NIH Stroke Scale, Delivery Date estimator
  • Mobile apps that enable individuals to interact with PHR or EHR systems, with view-only or download-only capabilities
  • Mobile apps that meet the definition of Medical Device Data Systems[2]

 The Importance of Implementing the Quality System Regulation for MMAs

The FDA Guidance strongly recommends that manufacturers of all mHealth apps that may at some point in the future meet the definition of a device should follow the Quality System (QS) regulation.

The QS regulation does not prescribe in detail how a manufacturer must produce a specific device, but provides a framework for all manufacturers to develop and follow to help ensure that their products consistently meet applicable requirements and specifications. As part of this framework, MMA manufacturers are required to develop requirements for their products that will result in devices that are safe and effective, and to establish methods and procedures to design, produce, and distribute their devices.

Furthermore, MMA manufacturers are required to:

  • Appropriately verify and validate their MMAs along with the mobile platform to ensure safe and effective operation
  • Ensure that adequate controls – including purchasing controls -- and processes are in place to ensure safe distribution, installation, and operation of the MMA.


Li-Med has accumulated considerable experience helping mHealth companies understand and meet their mHealth app’s regulatory and quality pathways. Should you have questions or concerns, please feel free to contact us.

Useful Links


[1] Intended use may be shown by labeling claims, advertising materials, or oral or written statements by manufacturers or their representatives
[2] On February 15, 2011, the FDA issued a regulation down-classifying certain computer- or software-based devices intended to be used for the electronic transfer, storage, display, and/or format conversion of medical device data – called Medical Device Data Systems (MDDSs) – from Class III (high-risk) to Class I (low-risk)[/accordion] [/agroup]