Common Rule Infographic

by Jim Gearhart

Who’s Who in mHealth App Regulation

This past year has seen idea after idea coming from the intersection of health, research, and mobile device technology. Developers of both software and hardware have been rushing to explore the potential of mobile health (mHealth). To give just a few examples:

  • A bit over a year ago, Apple launched ResearchKit along with five app-based studies. You can find more than three times that now on the iTunes store.
  • In April, Apple introduced CareKit, a development platform for apps that will focus on treatment rather than research.
  • GoogleFit, a competing system for health-related apps, is building up its roster of available devices and programs.
  • Fitness band manufacturer Fitbit is hinting that it will expand into regulated medical devices.

As the collection of mHealth products expands, so do questions about oversight. Who, if anyone, should assess whether they work? A recent check of mental health apps showed inconsistent effectiveness, while a vision app made questionable claims about improving eyesight. Whose rules, if anyone’s, should apply? Regulators say they do not want to stifle creativity as they find ways to apply their rules to new products. How should we balance innovation and creativity against safety, privacy, and accuracy?

When ResearchKit launched, Apple deftly zigged and zagged through some initial regulatory questions. The platform’s initial documentation said it was not applicable to FDA-governed research; that Apple could not verify Part 11 compliance; and that HIPAA regulations were the responsibility of the researcher. While it’s getting harder to continue dodging those issues, regulators themselves are trying to help guide paths through the obstacle course.

At least four agencies—the Food and Drug Administration (FDA), the Office of the National Coordinator for Health Information Technology (ONC), the Office for Civil Rights (OCR), and the Federal Trade Commission (FTC)—have roles that apply to mHealth apps. But how can someone determine which agency’s responsibilities come into play for a particular app? Who, for instance, stepped in when that mobile app falsely claimed it can improve your eyesight? (Spoiler alert: it was the FTC.) In broad terms, the areas of these agencies’ interest break down this way:

  • The FDA approves and monitors medical devices;
  • The ONC oversees overall compliance with Health IT technology rules;
  • OCR watches over the privacy of medical information; and
  • The FTC is on the lookout for false advertising as well as possible breaches of personal health information outside of HIPAA.

In March these agencies released an interactive tool that aimed to clarify their oversight. The tool provides a useful introduction to the regulations and the regulators of questions over safety, efficacy, and privacy in the ever-increasing selection of mHealth apps. The online Q&A format provides a basic map for navigating a route detailing which regulator gets involved with what kind of mHealth app.

The use of new mHealth technologies offers great promise for clinical trials. For in-depth discussion and analysis of the ethics and regulation of mHealth, join federal regulators, investigators and IRB members at the Ethics and Regulation in the Digital Age conference on July 21 in Seattle, Washington.


Tags: , , , , , , , , ,