FDA Rapidly Updating its Policies to Regulate Medical Software to Match the Technological Realities

FDA is planning to publish a guidance document on “clinical decision support” (CDS) software, i.e., software that interfaces patient data and clinical decision making, by the end of this year. There is intense speculation about what FDA’s approach to regulate CDS software may be. In this month’s edition of Nature Biotechnology, Elenko et al. examined the emerging regulatory framework for CDS software applications as medical devices become increasingly connected to digital interfaces such as mobile platforms and the Internet of Things (IoT) where they exist in an ecosystem of data, software and other physical devices. The authors envisage that CDS software that performs potentially risky analysis will be regulated while software that automates mundane healthcare operations will remain exempt. This is in line with the recent trends in FDA regulation of medical software. Historically, medical software has been regulated by CDRH (FDA) across the standard classes (I, II and III) based upon risk classification of the product’s intended use and accumulated historical precedent. But the advent of mobile technology and explosion in the number and variety of healthcare apps has necessitated FDA to make rapid policy decisions to safeguard public health without stifling innovation. In a pair of guidance documents that were released earlier this year, FDA downgraded medical device data systems (MDDS), the hitherto default class III software, to class I and also took the position that most digital health software, including some apps that may historically have been class II, would not be regulated. The Agency also clarified that it would not regulate actual mobile devices themselves.  Through the Mobile Medical Apps Guidance, FDA clarified that while it would continue to regulate any app that claimed to diagnose or treat a disease or condition, software making general wellness claims would be exempt. This distinction is analogous to the one between drugs and dietary supplements, where dietary supplements are allowed free market so long as they don’t make specific medicinal claims. Further, for regulated software, the Agency elected to exercise “enforcement discretion” that would be dependent on the risk paused by software failure. Thus, an app whose failure could have fatal consequences will continue to be regulated whereas discretionary enforcement will be reserved for most low risk software such as behavioral therapeutic apps for psychiatric patients. To provide a level of certainty about what is, and what is not regulated by FDA, the Agency has set up a webpage dedicated to medical apps. It should be noted that the Federal Trade Commission (FTC) continues to take enforcement action against applications that make unsubstantiated or misleading claims. Ultimately, software developers will need to decide whether the burden of obtaining regulatory approval can be justified by the certainty of compliance, and potential economic benefits of the differentiation and credibility offered to physicians and patients by FDA market approval.